- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] mtd: rawnand: qcom: Pass 18 bit offset from NANDc base to BAM" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ee000969f28bf579d3772bf7c0ae8aff86586e20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-hertz-swept-c418@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee000969f28bf579d3772bf7c0ae8aff86586e20 Mon Sep 17 00:00:00 2001 From: Md Sadre Alam <quic_mdalam(a)quicinc.com> Date: Thu, 10 Apr 2025 15:30:17 +0530 Subject: [PATCH] mtd: rawnand: qcom: Pass 18 bit offset from NANDc base to BAM base The BAM command descriptor provides only 18 bits to specify the BAM register offset. Additionally, in the BAM command descriptor, the BAM register offset is supposed to be specified as "(NANDc base - BAM base) + reg_off". Since, the BAM controller expecting the value in the form of "NANDc base - BAM base", so that added a new field 'bam_offset' in the NAND properties structure and use it while preparing the command descriptor. Previously, the driver was specifying the NANDc base address in the BAM command descriptor. Cc: stable(a)vger.kernel.org Fixes: 8d6b6d7e135e ("mtd: nand: qcom: support for command descriptor formation") Tested-by: Lakshmi Sowjanya D <quic_laksd(a)quicinc.com> Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> Acked-by: Mark Brown <broonie(a)kernel.org> Tested-by: Gabor Juhos <j4g8y7(a)gmail.com> # on IPQ9574 Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> diff --git a/drivers/mtd/nand/qpic_common.c b/drivers/mtd/nand/qpic_common.c index e0ed25b5afea..4dc4d65e7d32 100644 --- a/drivers/mtd/nand/qpic_common.c +++ b/drivers/mtd/nand/qpic_common.c @@ -236,21 +236,21 @@ int qcom_prep_bam_dma_desc_cmd(struct qcom_nand_controller *nandc, bool read, int i, ret; struct bam_cmd_element *bam_ce_buffer; struct bam_transaction *bam_txn = nandc->bam_txn; + u32 offset; bam_ce_buffer = &bam_txn->bam_ce[bam_txn->bam_ce_pos]; /* fill the command desc */ for (i = 0; i < size; i++) { + offset = nandc->props->bam_offset + reg_off + 4 * i; if (read) bam_prep_ce(&bam_ce_buffer[i], - nandc_reg_phys(nandc, reg_off + 4 * i), - BAM_READ_COMMAND, + offset, BAM_READ_COMMAND, reg_buf_dma_addr(nandc, (__le32 *)vaddr + i)); else bam_prep_ce_le32(&bam_ce_buffer[i], - nandc_reg_phys(nandc, reg_off + 4 * i), - BAM_WRITE_COMMAND, + offset, BAM_WRITE_COMMAND, *((__le32 *)vaddr + i)); } diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index 5eaa0be367cd..ef2dd158ca34 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -2360,6 +2360,7 @@ static const struct qcom_nandc_props ipq806x_nandc_props = { .supports_bam = false, .use_codeword_fixup = true, .dev_cmd_reg_start = 0x0, + .bam_offset = 0x30000, }; static const struct qcom_nandc_props ipq4019_nandc_props = { @@ -2367,6 +2368,7 @@ static const struct qcom_nandc_props ipq4019_nandc_props = { .supports_bam = true, .nandc_part_of_qpic = true, .dev_cmd_reg_start = 0x0, + .bam_offset = 0x30000, }; static const struct qcom_nandc_props ipq8074_nandc_props = { @@ -2374,6 +2376,7 @@ static const struct qcom_nandc_props ipq8074_nandc_props = { .supports_bam = true, .nandc_part_of_qpic = true, .dev_cmd_reg_start = 0x7000, + .bam_offset = 0x30000, }; static const struct qcom_nandc_props sdx55_nandc_props = { @@ -2382,6 +2385,7 @@ static const struct qcom_nandc_props sdx55_nandc_props = { .nandc_part_of_qpic = true, .qpic_version2 = true, .dev_cmd_reg_start = 0x7000, + .bam_offset = 0x30000, }; /* diff --git a/drivers/spi/spi-qpic-snand.c b/drivers/spi/spi-qpic-snand.c index 17eb67e19132..d9fb602160c7 100644 --- a/drivers/spi/spi-qpic-snand.c +++ b/drivers/spi/spi-qpic-snand.c @@ -1605,6 +1605,7 @@ static void qcom_spi_remove(struct platform_device *pdev) static const struct qcom_nandc_props ipq9574_snandc_props = { .dev_cmd_reg_start = 0x7000, + .bam_offset = 0x30000, .supports_bam = true, }; diff --git a/include/linux/mtd/nand-qpic-common.h b/include/linux/mtd/nand-qpic-common.h index cd7172e6c1bb..e8462deda6db 100644 --- a/include/linux/mtd/nand-qpic-common.h +++ b/include/linux/mtd/nand-qpic-common.h @@ -199,9 +199,6 @@ */ #define dev_cmd_reg_addr(nandc, reg) ((nandc)->props->dev_cmd_reg_start + (reg)) -/* Returns the NAND register physical address */ -#define nandc_reg_phys(chip, offset) ((chip)->base_phys + (offset)) - /* Returns the dma address for reg read buffer */ #define reg_buf_dma_addr(chip, vaddr) \ ((chip)->reg_read_dma + \ @@ -454,6 +451,7 @@ struct qcom_nand_controller { struct qcom_nandc_props { u32 ecc_modes; u32 dev_cmd_reg_start; + u32 bam_offset; bool supports_bam; bool nandc_part_of_qpic; bool qpic_version2;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: VMX: Flush shadow VMCS on emergency reboot" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a0ee1d5faff135e28810f29e0f06328c66f89852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-affected-disregard-01ae@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0ee1d5faff135e28810f29e0f06328c66f89852 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Mon, 24 Mar 2025 22:08:48 +0800 Subject: [PATCH] KVM: VMX: Flush shadow VMCS on emergency reboot Ensure the shadow VMCS cache is evicted during an emergency reboot to prevent potential memory corruption if the cache is evicted after reboot. This issue was identified through code inspection, as __loaded_vmcs_clear() flushes both the normal VMCS and the shadow VMCS. Avoid checking the "launched" state during an emergency reboot, unlike the behavior in __loaded_vmcs_clear(). This is important because reboot NMIs can interfere with operations like copy_shadow_to_vmcs12(), where shadow VMCSes are loaded directly using VMPTRLD. In such cases, if NMIs occur right after the VMCS load, the shadow VMCSes will be active but the "launched" state may not be set. Fixes: 16f5b9034b69 ("KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12") Cc: stable(a)vger.kernel.org Signed-off-by: Chao Gao <chao.gao(a)intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Link: https://lore.kernel.org/r/20250324140849.2099723-1-chao.gao@intel.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ef2d7208dd20..848c4963bdb8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -770,8 +770,11 @@ void vmx_emergency_disable_virtualization_cpu(void) return; list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu), - loaded_vmcss_on_cpu_link) + loaded_vmcss_on_cpu_link) { vmcs_clear(v->vmcs); + if (v->shadow_vmcs) + vmcs_clear(v->shadow_vmcs); + } kvm_cpu_vmxoff(); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: VMX: Flush shadow VMCS on emergency reboot" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a0ee1d5faff135e28810f29e0f06328c66f89852 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-probe-earthen-bc3c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a0ee1d5faff135e28810f29e0f06328c66f89852 Mon Sep 17 00:00:00 2001 From: Chao Gao <chao.gao(a)intel.com> Date: Mon, 24 Mar 2025 22:08:48 +0800 Subject: [PATCH] KVM: VMX: Flush shadow VMCS on emergency reboot Ensure the shadow VMCS cache is evicted during an emergency reboot to prevent potential memory corruption if the cache is evicted after reboot. This issue was identified through code inspection, as __loaded_vmcs_clear() flushes both the normal VMCS and the shadow VMCS. Avoid checking the "launched" state during an emergency reboot, unlike the behavior in __loaded_vmcs_clear(). This is important because reboot NMIs can interfere with operations like copy_shadow_to_vmcs12(), where shadow VMCSes are loaded directly using VMPTRLD. In such cases, if NMIs occur right after the VMCS load, the shadow VMCSes will be active but the "launched" state may not be set. Fixes: 16f5b9034b69 ("KVM: nVMX: Copy processor-specific shadow-vmcs to VMCS12") Cc: stable(a)vger.kernel.org Signed-off-by: Chao Gao <chao.gao(a)intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Link: https://lore.kernel.org/r/20250324140849.2099723-1-chao.gao@intel.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index ef2d7208dd20..848c4963bdb8 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -770,8 +770,11 @@ void vmx_emergency_disable_virtualization_cpu(void) return; list_for_each_entry(v, &per_cpu(loaded_vmcss_on_cpu, cpu), - loaded_vmcss_on_cpu_link) + loaded_vmcss_on_cpu_link) { vmcs_clear(v->vmcs); + if (v->shadow_vmcs) + vmcs_clear(v->shadow_vmcs); + } kvm_cpu_vmxoff(); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-recolor-tameness-9454@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosry.ahmed(a)linux.dev> Date: Tue, 29 Apr 2025 08:32:15 -0700 Subject: [PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs When freeing a vCPU and thus its VMCB, clear current_vmcb for all possible CPUs, not just online CPUs, as it's theoretically possible a CPU could go offline and come back online in conjunction with KVM reusing the page for a new VMCB. Link: https://lore.kernel.org/all/20250320013759.3965869-1-yosry.ahmed@linux.dev Fixes: fd65d3142f73 ("kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> [sean: split to separate patch, write changelog] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8eb482ca3359..e6802e33c54d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1496,7 +1496,7 @@ static void svm_clear_current_vmcb(struct vmcb *vmcb) { int i; - for_each_online_cpu(i) + for_each_possible_cpu(i) cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-hardly-earthlike-2158@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosry.ahmed(a)linux.dev> Date: Tue, 29 Apr 2025 08:32:15 -0700 Subject: [PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs When freeing a vCPU and thus its VMCB, clear current_vmcb for all possible CPUs, not just online CPUs, as it's theoretically possible a CPU could go offline and come back online in conjunction with KVM reusing the page for a new VMCB. Link: https://lore.kernel.org/all/20250320013759.3965869-1-yosry.ahmed@linux.dev Fixes: fd65d3142f73 ("kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> [sean: split to separate patch, write changelog] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8eb482ca3359..e6802e33c54d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1496,7 +1496,7 @@ static void svm_clear_current_vmcb(struct vmcb *vmcb) { int i; - for_each_online_cpu(i) + for_each_possible_cpu(i) cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062011-strained-factoid-f2fc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bee4838eb3a2c689f23c7170ea66ae87ea7d93a Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosry.ahmed(a)linux.dev> Date: Tue, 29 Apr 2025 08:32:15 -0700 Subject: [PATCH] KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs When freeing a vCPU and thus its VMCB, clear current_vmcb for all possible CPUs, not just online CPUs, as it's theoretically possible a CPU could go offline and come back online in conjunction with KVM reusing the page for a new VMCB. Link: https://lore.kernel.org/all/20250320013759.3965869-1-yosry.ahmed@linux.dev Fixes: fd65d3142f73 ("kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> [sean: split to separate patch, write changelog] Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8eb482ca3359..e6802e33c54d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1496,7 +1496,7 @@ static void svm_clear_current_vmcb(struct vmcb *vmcb) { int i; - for_each_online_cpu(i) + for_each_possible_cpu(i) cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/uv: Don't return 0 from make_hva_secure() if the" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 3ec8a8330a1aa846dffbf1d64479213366c55b54 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062033-retold-crinkly-e6e3@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3ec8a8330a1aa846dffbf1d64479213366c55b54 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Fri, 16 May 2025 14:39:44 +0200 Subject: [PATCH] s390/uv: Don't return 0 from make_hva_secure() if the operation was not successful If s390_wiggle_split_folio() returns 0 because splitting a large folio succeeded, we will return 0 from make_hva_secure() even though a retry is required. Return -EAGAIN in that case. Otherwise, we'll return 0 from gmap_make_secure(), and consequently from unpack_one(). In kvm_s390_pv_unpack(), we assume that unpacking succeeded and skip unpacking this page. Later on, we run into issues and fail booting the VM. So far, this issue was only observed with follow-up patches where we split large pagecache XFS folios. Maybe it can also be triggered with shmem? We'll cleanup s390_wiggle_split_folio() a bit next, to also return 0 if no split was required. Fixes: d8dfda5af0be ("KVM: s390: pv: fix race when making a page secure") Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Link: https://lore.kernel.org/r/20250516123946.1648026-2-david@redhat.com Message-ID: <20250516123946.1648026-2-david(a)redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Signed-off-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c index 9a5d5be8acf4..2cc3b599c7fe 100644 --- a/arch/s390/kernel/uv.c +++ b/arch/s390/kernel/uv.c @@ -393,8 +393,11 @@ int make_hva_secure(struct mm_struct *mm, unsigned long hva, struct uv_cb_header folio_walk_end(&fw, vma); mmap_read_unlock(mm); - if (rc == -E2BIG || rc == -EBUSY) + if (rc == -E2BIG || rc == -EBUSY) { rc = s390_wiggle_split_folio(mm, folio, rc == -E2BIG); + if (!rc) + rc = -EAGAIN; + } folio_put(folio); return rc;

5 months, 2 weeks

1
0
0 0

[PATCH] serial: imx: Restore original RXTL for console to fix data loss

by Fabio Estevam

Commit 7a637784d517 ("serial: imx: reduce RX interrupt frequency") introduced a regression on the i.MX6UL EVK board. The issue can be reproduced with the following steps: - Open vi on the board. - Paste a text file (~150 characters). - Save the file, then repeat the process. - Compare the sha256sum of the saved files. The checksums do not match due to missing characters or entire lines. Fix this by restoring the RXTL value to 1 when the UART is used as a console. This ensures timely RX interrupts and reliable data reception in console mode. With this change, pasted content is saved correctly, and checksums are always consistent. Cc: stable(a)vger.kernel.org Fixes: 7a637784d517 ("serial: imx: reduce RX interrupt frequency") Signed-off-by: Fabio Estevam <festevam(a)gmail.com> --- drivers/tty/serial/imx.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index bd02ee898f5d..500dfc009d03 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -235,6 +235,7 @@ struct imx_port { enum imx_tx_state tx_state; struct hrtimer trigger_start_tx; struct hrtimer trigger_stop_tx; + unsigned int rxtl; }; struct imx_port_ucrs { @@ -1339,6 +1340,7 @@ static void imx_uart_clear_rx_errors(struct imx_port *sport) #define TXTL_DEFAULT 8 #define RXTL_DEFAULT 8 /* 8 characters or aging timer */ +#define RXTL_CONSOLE_DEFAULT 1 #define TXTL_DMA 8 /* DMA burst setting */ #define RXTL_DMA 9 /* DMA burst setting */ @@ -1457,7 +1459,7 @@ static void imx_uart_disable_dma(struct imx_port *sport) ucr1 &= ~(UCR1_RXDMAEN | UCR1_TXDMAEN | UCR1_ATDMAEN); imx_uart_writel(sport, ucr1, UCR1); - imx_uart_setup_ufcr(sport, TXTL_DEFAULT, RXTL_DEFAULT); + imx_uart_setup_ufcr(sport, TXTL_DEFAULT, sport->rxtl); sport->dma_is_enabled = 0; } @@ -1482,7 +1484,12 @@ static int imx_uart_startup(struct uart_port *port) return retval; } - imx_uart_setup_ufcr(sport, TXTL_DEFAULT, RXTL_DEFAULT); + if (uart_console(&sport->port)) + sport->rxtl = RXTL_CONSOLE_DEFAULT; + else + sport->rxtl = RXTL_DEFAULT; + + imx_uart_setup_ufcr(sport, TXTL_DEFAULT, sport->rxtl); /* disable the DREN bit (Data Ready interrupt enable) before * requesting IRQs @@ -1948,7 +1955,7 @@ static int imx_uart_poll_init(struct uart_port *port) if (retval) clk_disable_unprepare(sport->clk_ipg); - imx_uart_setup_ufcr(sport, TXTL_DEFAULT, RXTL_DEFAULT); + imx_uart_setup_ufcr(sport, TXTL_DEFAULT, sport->rxtl); uart_port_lock_irqsave(&sport->port, &flags); @@ -2040,7 +2047,7 @@ static int imx_uart_rs485_config(struct uart_port *port, struct ktermios *termio /* If the receiver trigger is 0, set it to a default value */ ufcr = imx_uart_readl(sport, UFCR); if ((ufcr & UFCR_RXTL_MASK) == 0) - imx_uart_setup_ufcr(sport, TXTL_DEFAULT, RXTL_DEFAULT); + imx_uart_setup_ufcr(sport, TXTL_DEFAULT, sport->rxtl); imx_uart_start_rx(port); } @@ -2302,7 +2309,7 @@ imx_uart_console_setup(struct console *co, char *options) else imx_uart_console_get_options(sport, &baud, &parity, &bits); - imx_uart_setup_ufcr(sport, TXTL_DEFAULT, RXTL_DEFAULT); + imx_uart_setup_ufcr(sport, TXTL_DEFAULT, sport->rxtl); retval = uart_set_options(&sport->port, co, baud, parity, bits, flow); -- 2.34.1

5 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] ext4: ensure i_size is smaller than maxbytes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1a77a028a392fab66dd637cdfac3f888450d00af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062011-unaired-system-c935@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a77a028a392fab66dd637cdfac3f888450d00af Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:09 +0800 Subject: [PATCH] ext4: ensure i_size is smaller than maxbytes The inode i_size cannot be larger than maxbytes, check it while loading inode from the disk. Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-4-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 01038b4ecee0..ca1f7a0dd8f8 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4966,7 +4966,8 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino, ei->i_file_acl |= ((__u64)le16_to_cpu(raw_inode->i_file_acl_high)) << 32; inode->i_size = ext4_isize(sb, raw_inode); - if ((size = i_size_read(inode)) < 0) { + size = i_size_read(inode); + if (size < 0 || size > ext4_get_maxbytes(inode)) { ext4_error_inode(inode, function, line, 0, "iget: bad i_size value: %lld", size); ret = -EFSCORRUPTED;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] RDMA/iwcm: Fix use-after-free of work objects after cm_id" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6883b680e703c6b2efddb4e7a8d891ce1803d06b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062006-jeeringly-portside-e5b6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6883b680e703c6b2efddb4e7a8d891ce1803d06b Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Date: Sat, 10 May 2025 19:10:36 +0900 Subject: [PATCH] RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all references to the cm_id were removed. The references are removed either upon completion of iw_cm event handlers or when the application destroys the cm_id. This commit introduced the use-after-free condition where cm_id_private object could still be in use by event handler works during the destruction of cm_id. The commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs") addressed this use-after- free by flushing all pending works at the cm_id destruction. However, still another use-after-free possibility remained. It happens with the work objects allocated for each cm_id_priv within alloc_work_entries() during cm_id creation, and subsequently freed in dealloc_work_entries() once all references to the cm_id are removed. If the cm_id's last reference is decremented in the event handler work, the work object for the work itself gets removed, and causes the use- after-free BUG below: BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250 Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091 CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Workqueue: 0x0 (iw_cm_wq) Call Trace: <TASK> dump_stack_lvl+0x6a/0x90 print_report+0x174/0x554 ? __virt_addr_valid+0x208/0x430 ? __pwq_activate_work+0x1ff/0x250 kasan_report+0xae/0x170 ? __pwq_activate_work+0x1ff/0x250 __pwq_activate_work+0x1ff/0x250 pwq_dec_nr_in_flight+0x8c5/0xfb0 process_one_work+0xc11/0x1460 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5ef/0xfd0 ? __pfx_worker_thread+0x10/0x10 kthread+0x3b0/0x770 ? __pfx_kthread+0x10/0x10 ? rcu_is_watching+0x11/0xb0 ? _raw_spin_unlock_irq+0x24/0x50 ? rcu_is_watching+0x11/0xb0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 147416: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 alloc_work_entries+0xa9/0x260 [iw_cm] iw_cm_connect+0x23/0x4a0 [iw_cm] rdma_connect_locked+0xbfd/0x1920 [rdma_cm] nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma] cma_cm_event_handler+0xae/0x320 [rdma_cm] cma_work_handler+0x106/0x1b0 [rdma_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Freed by task 147091: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kfree+0x13a/0x4b0 dealloc_work_entries+0x125/0x1f0 [iw_cm] iwcm_deref_id+0x6f/0xa0 [iw_cm] cm_work_handler+0x136/0x1ba0 [iw_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x2c/0x50 kasan_record_aux_stack+0xa3/0xb0 __queue_work+0x2ff/0x1390 queue_work_on+0x67/0xc0 cm_event_handler+0x46a/0x820 [iw_cm] siw_cm_upcall+0x330/0x650 [siw] siw_cm_work_handler+0x6b9/0x2b20 [siw] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 This BUG is reproducible by repeating the blktests test case nvme/061 for the rdma transport and the siw driver. To avoid the use-after-free of cm_id_private work objects, ensure that the last reference to the cm_id is decremented not in the event handler works, but in the cm_id destruction context. For that purpose, move iwcm_deref_id() call from destroy_cm_id() to the callers of destroy_cm_id(). In iw_destroy_cm_id(), call iwcm_deref_id() after flushing the pending works. During the fix work, I noticed that iw_destroy_cm_id() is called from cm_work_handler() and process_event() context. However, the comment of iw_destroy_cm_id() notes that the function "cannot be called by the event thread". Drop the false comment. Closes: https://lore.kernel.org/linux-rdma/r5676e754sv35aq7cdsqrlnvyhiq5zktteaurl7v… Fixes: 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") Cc: stable(a)vger.kernel.org Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Link: https://patch.msgid.link/20250510101036.1756439-1-shinichiro.kawasaki@wdc.c… Reviewed-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c index f4486cbd8f45..62410578dec3 100644 --- a/drivers/infiniband/core/iwcm.c +++ b/drivers/infiniband/core/iwcm.c @@ -368,12 +368,9 @@ EXPORT_SYMBOL(iw_cm_disconnect); /* * CM_ID <-- DESTROYING * - * Clean up all resources associated with the connection and release - * the initial reference taken by iw_create_cm_id. - * - * Returns true if and only if the last cm_id_priv reference has been dropped. + * Clean up all resources associated with the connection. */ -static bool destroy_cm_id(struct iw_cm_id *cm_id) +static void destroy_cm_id(struct iw_cm_id *cm_id) { struct iwcm_id_private *cm_id_priv; struct ib_qp *qp; @@ -442,20 +439,22 @@ static bool destroy_cm_id(struct iw_cm_id *cm_id) iwpm_remove_mapinfo(&cm_id->local_addr, &cm_id->m_local_addr); iwpm_remove_mapping(&cm_id->local_addr, RDMA_NL_IWCM); } - - return iwcm_deref_id(cm_id_priv); } /* - * This function is only called by the application thread and cannot - * be called by the event thread. The function will wait for all - * references to be released on the cm_id and then kfree the cm_id - * object. + * Destroy cm_id. If the cm_id still has other references, wait for all + * references to be released on the cm_id and then release the initial + * reference taken by iw_create_cm_id. */ void iw_destroy_cm_id(struct iw_cm_id *cm_id) { - if (!destroy_cm_id(cm_id)) + struct iwcm_id_private *cm_id_priv; + + cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); + destroy_cm_id(cm_id); + if (refcount_read(&cm_id_priv->refcount) > 1) flush_workqueue(iwcm_wq); + iwcm_deref_id(cm_id_priv); } EXPORT_SYMBOL(iw_destroy_cm_id); @@ -1035,8 +1034,10 @@ static void cm_work_handler(struct work_struct *_work) if (!test_bit(IWCM_F_DROP_EVENTS, &cm_id_priv->flags)) { ret = process_event(cm_id_priv, &levent); - if (ret) - WARN_ON_ONCE(destroy_cm_id(&cm_id_priv->id)); + if (ret) { + destroy_cm_id(&cm_id_priv->id); + WARN_ON_ONCE(iwcm_deref_id(cm_id_priv)); + } } else pr_debug("dropping event %d\n", levent.event); if (iwcm_deref_id(cm_id_priv))

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] RDMA/iwcm: Fix use-after-free of work objects after cm_id" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6883b680e703c6b2efddb4e7a8d891ce1803d06b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062004-henchman-staging-7b05@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6883b680e703c6b2efddb4e7a8d891ce1803d06b Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Date: Sat, 10 May 2025 19:10:36 +0900 Subject: [PATCH] RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all references to the cm_id were removed. The references are removed either upon completion of iw_cm event handlers or when the application destroys the cm_id. This commit introduced the use-after-free condition where cm_id_private object could still be in use by event handler works during the destruction of cm_id. The commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs") addressed this use-after- free by flushing all pending works at the cm_id destruction. However, still another use-after-free possibility remained. It happens with the work objects allocated for each cm_id_priv within alloc_work_entries() during cm_id creation, and subsequently freed in dealloc_work_entries() once all references to the cm_id are removed. If the cm_id's last reference is decremented in the event handler work, the work object for the work itself gets removed, and causes the use- after-free BUG below: BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250 Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091 CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Workqueue: 0x0 (iw_cm_wq) Call Trace: <TASK> dump_stack_lvl+0x6a/0x90 print_report+0x174/0x554 ? __virt_addr_valid+0x208/0x430 ? __pwq_activate_work+0x1ff/0x250 kasan_report+0xae/0x170 ? __pwq_activate_work+0x1ff/0x250 __pwq_activate_work+0x1ff/0x250 pwq_dec_nr_in_flight+0x8c5/0xfb0 process_one_work+0xc11/0x1460 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5ef/0xfd0 ? __pfx_worker_thread+0x10/0x10 kthread+0x3b0/0x770 ? __pfx_kthread+0x10/0x10 ? rcu_is_watching+0x11/0xb0 ? _raw_spin_unlock_irq+0x24/0x50 ? rcu_is_watching+0x11/0xb0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 147416: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 alloc_work_entries+0xa9/0x260 [iw_cm] iw_cm_connect+0x23/0x4a0 [iw_cm] rdma_connect_locked+0xbfd/0x1920 [rdma_cm] nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma] cma_cm_event_handler+0xae/0x320 [rdma_cm] cma_work_handler+0x106/0x1b0 [rdma_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Freed by task 147091: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kfree+0x13a/0x4b0 dealloc_work_entries+0x125/0x1f0 [iw_cm] iwcm_deref_id+0x6f/0xa0 [iw_cm] cm_work_handler+0x136/0x1ba0 [iw_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x2c/0x50 kasan_record_aux_stack+0xa3/0xb0 __queue_work+0x2ff/0x1390 queue_work_on+0x67/0xc0 cm_event_handler+0x46a/0x820 [iw_cm] siw_cm_upcall+0x330/0x650 [siw] siw_cm_work_handler+0x6b9/0x2b20 [siw] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 This BUG is reproducible by repeating the blktests test case nvme/061 for the rdma transport and the siw driver. To avoid the use-after-free of cm_id_private work objects, ensure that the last reference to the cm_id is decremented not in the event handler works, but in the cm_id destruction context. For that purpose, move iwcm_deref_id() call from destroy_cm_id() to the callers of destroy_cm_id(). In iw_destroy_cm_id(), call iwcm_deref_id() after flushing the pending works. During the fix work, I noticed that iw_destroy_cm_id() is called from cm_work_handler() and process_event() context. However, the comment of iw_destroy_cm_id() notes that the function "cannot be called by the event thread". Drop the false comment. Closes: https://lore.kernel.org/linux-rdma/r5676e754sv35aq7cdsqrlnvyhiq5zktteaurl7v… Fixes: 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") Cc: stable(a)vger.kernel.org Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Link: https://patch.msgid.link/20250510101036.1756439-1-shinichiro.kawasaki@wdc.c… Reviewed-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c index f4486cbd8f45..62410578dec3 100644 --- a/drivers/infiniband/core/iwcm.c +++ b/drivers/infiniband/core/iwcm.c @@ -368,12 +368,9 @@ EXPORT_SYMBOL(iw_cm_disconnect); /* * CM_ID <-- DESTROYING * - * Clean up all resources associated with the connection and release - * the initial reference taken by iw_create_cm_id. - * - * Returns true if and only if the last cm_id_priv reference has been dropped. + * Clean up all resources associated with the connection. */ -static bool destroy_cm_id(struct iw_cm_id *cm_id) +static void destroy_cm_id(struct iw_cm_id *cm_id) { struct iwcm_id_private *cm_id_priv; struct ib_qp *qp; @@ -442,20 +439,22 @@ static bool destroy_cm_id(struct iw_cm_id *cm_id) iwpm_remove_mapinfo(&cm_id->local_addr, &cm_id->m_local_addr); iwpm_remove_mapping(&cm_id->local_addr, RDMA_NL_IWCM); } - - return iwcm_deref_id(cm_id_priv); } /* - * This function is only called by the application thread and cannot - * be called by the event thread. The function will wait for all - * references to be released on the cm_id and then kfree the cm_id - * object. + * Destroy cm_id. If the cm_id still has other references, wait for all + * references to be released on the cm_id and then release the initial + * reference taken by iw_create_cm_id. */ void iw_destroy_cm_id(struct iw_cm_id *cm_id) { - if (!destroy_cm_id(cm_id)) + struct iwcm_id_private *cm_id_priv; + + cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); + destroy_cm_id(cm_id); + if (refcount_read(&cm_id_priv->refcount) > 1) flush_workqueue(iwcm_wq); + iwcm_deref_id(cm_id_priv); } EXPORT_SYMBOL(iw_destroy_cm_id); @@ -1035,8 +1034,10 @@ static void cm_work_handler(struct work_struct *_work) if (!test_bit(IWCM_F_DROP_EVENTS, &cm_id_priv->flags)) { ret = process_event(cm_id_priv, &levent); - if (ret) - WARN_ON_ONCE(destroy_cm_id(&cm_id_priv->id)); + if (ret) { + destroy_cm_id(&cm_id_priv->id); + WARN_ON_ONCE(iwcm_deref_id(cm_id_priv)); + } } else pr_debug("dropping event %d\n", levent.event); if (iwcm_deref_id(cm_id_priv))

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: gpio-keys - fix possible concurrent access in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8f38219fa139623c29db2cb0f17d0a197a86e344 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062003-wizard-hamstring-172d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8f38219fa139623c29db2cb0f17d0a197a86e344 Mon Sep 17 00:00:00 2001 From: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Date: Fri, 30 May 2025 16:09:23 -0700 Subject: [PATCH] Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() gpio_keys_irq_isr() and gpio_keys_irq_timer() access the same resources. There could be a concurrent access if a GPIO interrupt occurs in parallel of a HR timer interrupt. Guard back those resources with a spinlock. Fixes: 019002f20cb5 ("Input: gpio-keys - use hrtimer for release timer") Signed-off-by: Gatien Chevallier <gatien.chevallier(a)foss.st.com> Link: https://lore.kernel.org/r/20250528-gpio_keys_preempt_rt-v2-2-3fc55a9c3619@f… Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c index d884538107c9..f9db86da0818 100644 --- a/drivers/input/keyboard/gpio_keys.c +++ b/drivers/input/keyboard/gpio_keys.c @@ -449,6 +449,8 @@ static enum hrtimer_restart gpio_keys_irq_timer(struct hrtimer *t) release_timer); struct input_dev *input = bdata->input; + guard(spinlock_irqsave)(&bdata->lock); + if (bdata->key_pressed) { input_report_key(input, *bdata->code, 0); input_sync(input);

5 months, 2 weeks

1
0
0 0

[PATCH net 1/2] net: txgbe: request MISC IRQ in ndo_open

by Jiawen Wu

Move the creating of irq_domain for MISC IRQ from .probe to .ndo_open, and free it in .ndo_stop, to maintain consistency with the queue IRQs. This it for subsequent adjustments to the IRQ vectors. Fixes: aefd013624a1 ("net: txgbe: use irq_domain for interrupt controller") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- .../net/ethernet/wangxun/txgbe/txgbe_main.c | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c index f3d2778b8e35..b4a864c97db3 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c @@ -458,10 +458,14 @@ static int txgbe_open(struct net_device *netdev) wx_configure(wx); - err = txgbe_request_queue_irqs(wx); + err = txgbe_setup_misc_irq(wx->priv); if (err) goto err_free_resources; + err = txgbe_request_queue_irqs(wx); + if (err) + goto err_free_misc_irq; + /* Notify the stack of the actual queue counts. */ err = netif_set_real_num_tx_queues(netdev, wx->num_tx_queues); if (err) @@ -479,6 +483,8 @@ static int txgbe_open(struct net_device *netdev) err_free_irq: wx_free_irq(wx); +err_free_misc_irq: + txgbe_free_misc_irq(wx->priv); err_free_resources: wx_free_resources(wx); err_reset: @@ -519,6 +525,7 @@ static int txgbe_close(struct net_device *netdev) wx_ptp_stop(wx); txgbe_down(wx); wx_free_irq(wx); + txgbe_free_misc_irq(wx->priv); wx_free_resources(wx); txgbe_fdir_filter_exit(wx); wx_control_hw(wx, false); @@ -564,7 +571,6 @@ static void txgbe_shutdown(struct pci_dev *pdev) int txgbe_setup_tc(struct net_device *dev, u8 tc) { struct wx *wx = netdev_priv(dev); - struct txgbe *txgbe = wx->priv; /* Hardware has to reinitialize queues and interrupts to * match packet buffer alignment. Unfortunately, the @@ -575,7 +581,6 @@ int txgbe_setup_tc(struct net_device *dev, u8 tc) else txgbe_reset(wx); - txgbe_free_misc_irq(txgbe); wx_clear_interrupt_scheme(wx); if (tc) @@ -584,7 +589,6 @@ int txgbe_setup_tc(struct net_device *dev, u8 tc) netdev_reset_tc(dev); wx_init_interrupt_scheme(wx); - txgbe_setup_misc_irq(txgbe); if (netif_running(dev)) txgbe_open(dev); @@ -882,13 +886,9 @@ static int txgbe_probe(struct pci_dev *pdev, txgbe_init_fdir(txgbe); - err = txgbe_setup_misc_irq(txgbe); - if (err) - goto err_release_hw; - err = txgbe_init_phy(txgbe); if (err) - goto err_free_misc_irq; + goto err_release_hw; err = register_netdev(netdev); if (err) @@ -916,8 +916,6 @@ static int txgbe_probe(struct pci_dev *pdev, err_remove_phy: txgbe_remove_phy(txgbe); -err_free_misc_irq: - txgbe_free_misc_irq(txgbe); err_release_hw: wx_clear_interrupt_scheme(wx); wx_control_hw(wx, false); @@ -957,7 +955,6 @@ static void txgbe_remove(struct pci_dev *pdev) unregister_netdev(netdev); txgbe_remove_phy(txgbe); - txgbe_free_misc_irq(txgbe); wx_free_isb_resources(wx); pci_release_selected_regions(pdev, -- 2.48.1

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu: Allow attaching static domains in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6f7340120a0aa8b2eb29c826a4434e8b5c4e11d3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062051-rage-declared-354d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f7340120a0aa8b2eb29c826a4434e8b5c4e11d3 Mon Sep 17 00:00:00 2001 From: Lu Baolu <baolu.lu(a)linux.intel.com> Date: Thu, 24 Apr 2025 11:41:23 +0800 Subject: [PATCH] iommu: Allow attaching static domains in iommu_attach_device_pasid() The idxd driver attaches the default domain to a PASID of the device to perform kernel DMA using that PASID. The domain is attached to the device's PASID through iommu_attach_device_pasid(), which checks if the domain->owner matches the iommu_ops retrieved from the device. If they do not match, it returns a failure. if (ops != domain->owner || pasid == IOMMU_NO_PASID) return -EINVAL; The static identity domain implemented by the intel iommu driver doesn't specify the domain owner. Therefore, kernel DMA with PASID doesn't work for the idxd driver if the device translation mode is set to passthrough. Generally the owner field of static domains are not set because they are already part of iommu ops. Add a helper domain_iommu_ops_compatible() that checks if a domain is compatible with the device's iommu ops. This helper explicitly allows the static blocked and identity domains associated with the device's iommu_ops to be considered compatible. Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031 Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/ Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Vasant Hegde <vasant.hegde(a)amd.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Link: https://lore.kernel.org/r/20250424034123.2311362-1-baolu.lu@linux.intel.com Signed-off-by: Joerg Roedel <jroedel(a)suse.de> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 3e4a9fe867f5..f257ca30ed48 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -2206,6 +2206,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain, return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN); } +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops, + struct iommu_domain *domain) +{ + if (domain->owner == ops) + return true; + + /* For static domains, owner isn't set. */ + if (domain == ops->blocked_domain || domain == ops->identity_domain) + return true; + + return false; +} + static int __iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) { @@ -2216,7 +2229,8 @@ static int __iommu_attach_group(struct iommu_domain *domain, return -EBUSY; dev = iommu_group_first_dev(group); - if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) + if (!dev_has_iommu(dev) || + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain)) return -EINVAL; return __iommu_group_set_domain(group, domain); @@ -3405,7 +3419,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, !ops->blocked_domain->ops->set_dev_pasid) return -EOPNOTSUPP; - if (ops != domain->owner || pasid == IOMMU_NO_PASID) + if (!domain_iommu_ops_compatible(ops, domain) || + pasid == IOMMU_NO_PASID) return -EINVAL; mutex_lock(&group->mutex); @@ -3481,7 +3496,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain, if (!domain->ops->set_dev_pasid) return -EOPNOTSUPP; - if (dev_iommu_ops(dev) != domain->owner || + if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) || pasid == IOMMU_NO_PASID || !handle) return -EINVAL;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5090ac9191a19c61beeade60d3d839e509fab640 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-daybreak-aspirin-4458@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5090ac9191a19c61beeade60d3d839e509fab640 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Mon, 24 Mar 2025 14:24:48 +0100 Subject: [PATCH] soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events The PMIC GLINK driver is currently generating DisplayPort hotplug notifications whenever something is connected to (or disconnected from) a port regardless of the type of notification sent by the firmware. These notifications are forwarded to user space by the DRM subsystem as connector "change" uevents: KERNEL[1556.223776] change /devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 (drm) ACTION=change DEVPATH=/devices/platform/soc(a)0/ae00000.display-subsystem/ae01000.display-controller/drm/card0 SUBSYSTEM=drm HOTPLUG=1 CONNECTOR=36 DEVNAME=/dev/dri/card0 DEVTYPE=drm_minor SEQNUM=4176 MAJOR=226 MINOR=0 On the Lenovo ThinkPad X13s and T14s, the PMIC GLINK firmware sends two identical notifications with orientation information when connecting a charger, each generating a bogus DRM hotplug event. On the X13s, two such notification are also sent every 90 seconds while a charger remains connected, which again are forwarded to user space: port = 1, svid = ff00, mode = 255, hpd_state = 0 payload = 01 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 Note that the firmware only sends on of these when connecting an ethernet adapter. Fix the spurious hotplug events by only forwarding hotplug notifications for the Type-C DisplayPort service id. This also reduces the number of uevents from four to two when an actual DisplayPort altmode device is connected: port = 0, svid = ff01, mode = 2, hpd_state = 0 payload = 00 01 02 00 f2 0c 01 ff 03 00 00 00 00 00 00 00 port = 0, svid = ff01, mode = 2, hpd_state = 1 payload = 00 01 02 00 f2 0c 01 ff 43 00 00 00 00 00 00 00 Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bjorn Andersson <andersson(a)kernel.org> Reported-by: Clayton Craft <clayton(a)craftyguy.net> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Acked-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://lore.kernel.org/r/20250324132448.6134-1-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/soc/qcom/pmic_glink_altmode.c b/drivers/soc/qcom/pmic_glink_altmode.c index bd06ce161804..7f11acd33323 100644 --- a/drivers/soc/qcom/pmic_glink_altmode.c +++ b/drivers/soc/qcom/pmic_glink_altmode.c @@ -218,21 +218,29 @@ static void pmic_glink_altmode_worker(struct work_struct *work) { struct pmic_glink_altmode_port *alt_port = work_to_altmode_port(work); struct pmic_glink_altmode *altmode = alt_port->altmode; + enum drm_connector_status conn_status; typec_switch_set(alt_port->typec_switch, alt_port->orientation); - if (alt_port->svid == USB_TYPEC_DP_SID && alt_port->mode == 0xff) - pmic_glink_altmode_safe(altmode, alt_port); - else if (alt_port->svid == USB_TYPEC_DP_SID) - pmic_glink_altmode_enable_dp(altmode, alt_port, alt_port->mode, - alt_port->hpd_state, alt_port->hpd_irq); - else - pmic_glink_altmode_enable_usb(altmode, alt_port); + if (alt_port->svid == USB_TYPEC_DP_SID) { + if (alt_port->mode == 0xff) { + pmic_glink_altmode_safe(altmode, alt_port); + } else { + pmic_glink_altmode_enable_dp(altmode, alt_port, + alt_port->mode, + alt_port->hpd_state, + alt_port->hpd_irq); + } - drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, - alt_port->hpd_state ? - connector_status_connected : - connector_status_disconnected); + if (alt_port->hpd_state) + conn_status = connector_status_connected; + else + conn_status = connector_status_disconnected; + + drm_aux_hpd_bridge_notify(&alt_port->bridge->dev, conn_status); + } else { + pmic_glink_altmode_enable_usb(altmode, alt_port); + } pmic_glink_altmode_request(altmode, ALTMODE_PAN_ACK, alt_port->index); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 17186f1f90d34fa701e4f14e6818305151637b9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062004-unwed-cure-9269@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17186f1f90d34fa701e4f14e6818305151637b9e Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 28 Apr 2025 18:34:06 +0300 Subject: [PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ Even though fbcon_init() checks beforehand if fb_match_mode() in var_to_display() fails, it can not prevent the panic because fbcon_init() does not return error code. Considering this and the comment in the code about fb_match_mode() returning NULL - "This should not happen" - it is better to prevent registering the fb_info if its mode was not set successfully. Also move fb_add_videomode() closer to the beginning of do_register_framebuffer() to avoid having to do the cleanup on fail. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 3c568cff2913..e1557d80768f 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -388,7 +388,7 @@ static int fb_check_foreignness(struct fb_info *fi) static int do_register_framebuffer(struct fb_info *fb_info) { - int i; + int i, err = 0; struct fb_videomode mode; if (fb_check_foreignness(fb_info)) @@ -397,10 +397,18 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (num_registered_fb == FB_MAX) return -ENXIO; - num_registered_fb++; for (i = 0 ; i < FB_MAX; i++) if (!registered_fb[i]) break; + + if (!fb_info->modelist.prev || !fb_info->modelist.next) + INIT_LIST_HEAD(&fb_info->modelist); + + fb_var_to_videomode(&mode, &fb_info->var); + err = fb_add_videomode(&mode, &fb_info->modelist); + if (err < 0) + return err; + fb_info->node = i; refcount_set(&fb_info->count, 1); mutex_init(&fb_info->lock); @@ -426,16 +434,12 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (bitmap_empty(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT)) bitmap_fill(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT); - if (!fb_info->modelist.prev || !fb_info->modelist.next) - INIT_LIST_HEAD(&fb_info->modelist); - if (fb_info->skip_vt_switch) pm_vt_switch_required(fb_info->device, false); else pm_vt_switch_required(fb_info->device, true); - fb_var_to_videomode(&mode, &fb_info->var); - fb_add_videomode(&mode, &fb_info->modelist); + num_registered_fb++; registered_fb[i] = fb_info; #ifdef CONFIG_GUMSTIX_AM200EPD

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 17186f1f90d34fa701e4f14e6818305151637b9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062003-shortness-almighty-153b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17186f1f90d34fa701e4f14e6818305151637b9e Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 28 Apr 2025 18:34:06 +0300 Subject: [PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ Even though fbcon_init() checks beforehand if fb_match_mode() in var_to_display() fails, it can not prevent the panic because fbcon_init() does not return error code. Considering this and the comment in the code about fb_match_mode() returning NULL - "This should not happen" - it is better to prevent registering the fb_info if its mode was not set successfully. Also move fb_add_videomode() closer to the beginning of do_register_framebuffer() to avoid having to do the cleanup on fail. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 3c568cff2913..e1557d80768f 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -388,7 +388,7 @@ static int fb_check_foreignness(struct fb_info *fi) static int do_register_framebuffer(struct fb_info *fb_info) { - int i; + int i, err = 0; struct fb_videomode mode; if (fb_check_foreignness(fb_info)) @@ -397,10 +397,18 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (num_registered_fb == FB_MAX) return -ENXIO; - num_registered_fb++; for (i = 0 ; i < FB_MAX; i++) if (!registered_fb[i]) break; + + if (!fb_info->modelist.prev || !fb_info->modelist.next) + INIT_LIST_HEAD(&fb_info->modelist); + + fb_var_to_videomode(&mode, &fb_info->var); + err = fb_add_videomode(&mode, &fb_info->modelist); + if (err < 0) + return err; + fb_info->node = i; refcount_set(&fb_info->count, 1); mutex_init(&fb_info->lock); @@ -426,16 +434,12 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (bitmap_empty(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT)) bitmap_fill(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT); - if (!fb_info->modelist.prev || !fb_info->modelist.next) - INIT_LIST_HEAD(&fb_info->modelist); - if (fb_info->skip_vt_switch) pm_vt_switch_required(fb_info->device, false); else pm_vt_switch_required(fb_info->device, true); - fb_var_to_videomode(&mode, &fb_info->var); - fb_add_videomode(&mode, &fb_info->modelist); + num_registered_fb++; registered_fb[i] = fb_info; #ifdef CONFIG_GUMSTIX_AM200EPD

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 17186f1f90d34fa701e4f14e6818305151637b9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062002-haven-boil-c0ad@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17186f1f90d34fa701e4f14e6818305151637b9e Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 28 Apr 2025 18:34:06 +0300 Subject: [PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ Even though fbcon_init() checks beforehand if fb_match_mode() in var_to_display() fails, it can not prevent the panic because fbcon_init() does not return error code. Considering this and the comment in the code about fb_match_mode() returning NULL - "This should not happen" - it is better to prevent registering the fb_info if its mode was not set successfully. Also move fb_add_videomode() closer to the beginning of do_register_framebuffer() to avoid having to do the cleanup on fail. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 3c568cff2913..e1557d80768f 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -388,7 +388,7 @@ static int fb_check_foreignness(struct fb_info *fi) static int do_register_framebuffer(struct fb_info *fb_info) { - int i; + int i, err = 0; struct fb_videomode mode; if (fb_check_foreignness(fb_info)) @@ -397,10 +397,18 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (num_registered_fb == FB_MAX) return -ENXIO; - num_registered_fb++; for (i = 0 ; i < FB_MAX; i++) if (!registered_fb[i]) break; + + if (!fb_info->modelist.prev || !fb_info->modelist.next) + INIT_LIST_HEAD(&fb_info->modelist); + + fb_var_to_videomode(&mode, &fb_info->var); + err = fb_add_videomode(&mode, &fb_info->modelist); + if (err < 0) + return err; + fb_info->node = i; refcount_set(&fb_info->count, 1); mutex_init(&fb_info->lock); @@ -426,16 +434,12 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (bitmap_empty(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT)) bitmap_fill(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT); - if (!fb_info->modelist.prev || !fb_info->modelist.next) - INIT_LIST_HEAD(&fb_info->modelist); - if (fb_info->skip_vt_switch) pm_vt_switch_required(fb_info->device, false); else pm_vt_switch_required(fb_info->device, true); - fb_var_to_videomode(&mode, &fb_info->var); - fb_add_videomode(&mode, &fb_info->modelist); + num_registered_fb++; registered_fb[i] = fb_info; #ifdef CONFIG_GUMSTIX_AM200EPD

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 17186f1f90d34fa701e4f14e6818305151637b9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062001-system-wrongly-4caf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17186f1f90d34fa701e4f14e6818305151637b9e Mon Sep 17 00:00:00 2001 From: Murad Masimov <m.masimov(a)mt-integration.ru> Date: Mon, 28 Apr 2025 18:34:06 +0300 Subject: [PATCH] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ Even though fbcon_init() checks beforehand if fb_match_mode() in var_to_display() fails, it can not prevent the panic because fbcon_init() does not return error code. Considering this and the comment in the code about fb_match_mode() returning NULL - "This should not happen" - it is better to prevent registering the fb_info if its mode was not set successfully. Also move fb_add_videomode() closer to the beginning of do_register_framebuffer() to avoid having to do the cleanup on fail. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 3c568cff2913..e1557d80768f 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -388,7 +388,7 @@ static int fb_check_foreignness(struct fb_info *fi) static int do_register_framebuffer(struct fb_info *fb_info) { - int i; + int i, err = 0; struct fb_videomode mode; if (fb_check_foreignness(fb_info)) @@ -397,10 +397,18 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (num_registered_fb == FB_MAX) return -ENXIO; - num_registered_fb++; for (i = 0 ; i < FB_MAX; i++) if (!registered_fb[i]) break; + + if (!fb_info->modelist.prev || !fb_info->modelist.next) + INIT_LIST_HEAD(&fb_info->modelist); + + fb_var_to_videomode(&mode, &fb_info->var); + err = fb_add_videomode(&mode, &fb_info->modelist); + if (err < 0) + return err; + fb_info->node = i; refcount_set(&fb_info->count, 1); mutex_init(&fb_info->lock); @@ -426,16 +434,12 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (bitmap_empty(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT)) bitmap_fill(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT); - if (!fb_info->modelist.prev || !fb_info->modelist.next) - INIT_LIST_HEAD(&fb_info->modelist); - if (fb_info->skip_vt_switch) pm_vt_switch_required(fb_info->device, false); else pm_vt_switch_required(fb_info->device, true); - fb_var_to_videomode(&mode, &fb_info->var); - fb_add_videomode(&mode, &fb_info->modelist); + num_registered_fb++; registered_fb[i] = fb_info; #ifdef CONFIG_GUMSTIX_AM200EPD

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-frenzy-grill-65e2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-outpost-creasing-1ef3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-clamp-tried-33e9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062050-moistness-depletion-5e57@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062051-overhang-enzyme-6989@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062051-wrecker-sarcasm-5e84@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't over-report free space or inodes in statvfs" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x a9201960623287927bf5776de3f70fb2fbde7e02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062050-massager-elastic-cea0@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9201960623287927bf5776de3f70fb2fbde7e02 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Tue, 13 May 2025 19:25:38 +0800 Subject: [PATCH] f2fs: don't over-report free space or inodes in statvfs This fixes an analogus bug that was fixed in modern filesystems: a) xfs in commit 4b8d867ca6e2 ("xfs: don't over-report free space or inodes in statvfs") b) ext4 in commit f87d3af74193 ("ext4: don't over-report free space or inodes in statvfs") where statfs can report misleading / incorrect information where project quota is enabled, and the free space is less than the remaining quota. This commit will resolve a test failure in generic/762 which tests for this bug. generic/762 - output mismatch (see /share/git/fstests/results//generic/762.out.bad) --- tests/generic/762.out 2025-04-15 10:21:53.371067071 +0800 +++ /share/git/fstests/results//generic/762.out.bad 2025-05-13 16:13:37.000000000 +0800 @@ -6,8 +6,10 @@ root blocks2 is in range dir blocks2 is in range root bavail2 is in range -dir bavail2 is in range +dir bavail2 has value of 1539066 +dir bavail2 is NOT in range 304734.87 .. 310891.13 root blocks3 is in range ... (Run 'diff -u /share/git/fstests/tests/generic/762.out /share/git/fstests/results//generic/762.out.bad' to see the entire diff) HINT: You _MAY_ be missing kernel fix: XXXXXXXXXXXXXX xfs: don't over-report free space or inodes in statvfs Cc: stable(a)kernel.org Fixes: ddc34e328d06 ("f2fs: introduce f2fs_statfs_project") Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index b65d24a39d03..6744b8c65bc8 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1808,26 +1808,32 @@ static int f2fs_statfs_project(struct super_block *sb, limit = min_not_zero(dquot->dq_dqb.dqb_bsoftlimit, dquot->dq_dqb.dqb_bhardlimit); - if (limit) - limit >>= sb->s_blocksize_bits; + limit >>= sb->s_blocksize_bits; + + if (limit) { + uint64_t remaining = 0; - if (limit && buf->f_blocks > limit) { curblock = (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace) >> sb->s_blocksize_bits; - buf->f_blocks = limit; - buf->f_bfree = buf->f_bavail = - (buf->f_blocks > curblock) ? - (buf->f_blocks - curblock) : 0; + if (limit > curblock) + remaining = limit - curblock; + + buf->f_blocks = min(buf->f_blocks, limit); + buf->f_bfree = min(buf->f_bfree, remaining); + buf->f_bavail = min(buf->f_bavail, remaining); } limit = min_not_zero(dquot->dq_dqb.dqb_isoftlimit, dquot->dq_dqb.dqb_ihardlimit); - if (limit && buf->f_files > limit) { - buf->f_files = limit; - buf->f_ffree = - (buf->f_files > dquot->dq_dqb.dqb_curinodes) ? - (buf->f_files - dquot->dq_dqb.dqb_curinodes) : 0; + if (limit) { + uint64_t remaining = 0; + + if (limit > dquot->dq_dqb.dqb_curinodes) + remaining = limit - dquot->dq_dqb.dqb_curinodes; + + buf->f_files = min(buf->f_files, limit); + buf->f_ffree = min(buf->f_ffree, remaining); } spin_unlock(&dquot->dq_dqb_lock);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062011-sector-hungrily-7bc4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062011-amigo-cable-8646@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062010-direction-exemption-5700@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062010-lagoon-anatomy-8cbc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix incorrect punch max_end" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 29ec9bed2395061350249ae356fb300dd82a78e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-circle-bulginess-3a5e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 29ec9bed2395061350249ae356fb300dd82a78e7 Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Tue, 6 May 2025 09:20:07 +0800 Subject: [PATCH] ext4: fix incorrect punch max_end For the extents based inodes, the maxbytes should be sb->s_maxbytes instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of max_end, the -sb->s_blocksize operation is necessary only for indirect-block based inodes. Correct the maxbytes and max_end value to correct the behavior of punch hole. Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Baokun Li <libaokun1(a)huawei.com> Link: https://patch.msgid.link/20250506012009.3896990-2-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 99f30b9cfe17..01038b4ecee0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4051,7 +4051,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4060,14 +4060,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] can: tcan4x5x: fix power regulator retrieval during probe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x db22720545207f734aaa9d9f71637bfc8b0155e0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062010-scarf-shopper-8220@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db22720545207f734aaa9d9f71637bfc8b0155e0 Mon Sep 17 00:00:00 2001 From: Brett Werling <brett.werling(a)garmin.com> Date: Thu, 12 Jun 2025 14:18:25 -0500 Subject: [PATCH] can: tcan4x5x: fix power regulator retrieval during probe Fixes the power regulator retrieval in tcan4x5x_can_probe() by ensuring the regulator pointer is not set to NULL in the successful return from devm_regulator_get_optional(). Fixes: 3814ca3a10be ("can: tcan4x5x: tcan4x5x_can_probe(): turn on the power before parsing the config") Signed-off-by: Brett Werling <brett.werling(a)garmin.com> Link: https://patch.msgid.link/20250612191825.3646364-1-brett.werling@garmin.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/m_can/tcan4x5x-core.c b/drivers/net/can/m_can/tcan4x5x-core.c index e5c162f8c589..8edaa339d590 100644 --- a/drivers/net/can/m_can/tcan4x5x-core.c +++ b/drivers/net/can/m_can/tcan4x5x-core.c @@ -411,10 +411,11 @@ static int tcan4x5x_can_probe(struct spi_device *spi) priv = cdev_to_priv(mcan_class); priv->power = devm_regulator_get_optional(&spi->dev, "vsup"); - if (PTR_ERR(priv->power) == -EPROBE_DEFER) { - ret = -EPROBE_DEFER; - goto out_m_can_class_free_dev; - } else { + if (IS_ERR(priv->power)) { + if (PTR_ERR(priv->power) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto out_m_can_class_free_dev; + } priv->power = NULL; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] bus: mhi: ep: Update read pointer only after buffer is" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6f18d174b73d0ceeaa341f46c0986436b3aefc9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-browbeat-unusable-6825@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f18d174b73d0ceeaa341f46c0986436b3aefc9a Mon Sep 17 00:00:00 2001 From: Sumit Kumar <quic_sumk(a)quicinc.com> Date: Wed, 9 Apr 2025 16:17:43 +0530 Subject: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rd_offset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption. Invoke the buffer write before updating rd_offset to ensure the element is fully written before signaling its availability. Fixes: bbdcba57a1a2 ("bus: mhi: ep: Add support for ring management") cc: stable(a)vger.kernel.org Co-developed-by: Youssef Samir <quic_yabdulra(a)quicinc.com> Signed-off-by: Youssef Samir <quic_yabdulra(a)quicinc.com> Signed-off-by: Sumit Kumar <quic_sumk(a)quicinc.com> Reviewed-by: Jeff Hugo <jeff.hugo(a)oss.qualcomm.com> Reviewed-by: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Link: https://patch.msgid.link/20250409-rp_fix-v1-1-8cf1fa22ed28@quicinc.com Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> diff --git a/drivers/bus/mhi/ep/ring.c b/drivers/bus/mhi/ep/ring.c index aeb53b2c34a8..26357ee68dee 100644 --- a/drivers/bus/mhi/ep/ring.c +++ b/drivers/bus/mhi/ep/ring.c @@ -131,19 +131,23 @@ int mhi_ep_ring_add_element(struct mhi_ep_ring *ring, struct mhi_ring_element *e } old_offset = ring->rd_offset; - mhi_ep_ring_inc_index(ring); dev_dbg(dev, "Adding an element to ring at offset (%zu)\n", ring->rd_offset); + buf_info.host_addr = ring->rbase + (old_offset * sizeof(*el)); + buf_info.dev_addr = el; + buf_info.size = sizeof(*el); + + ret = mhi_cntrl->write_sync(mhi_cntrl, &buf_info); + if (ret) + return ret; + + mhi_ep_ring_inc_index(ring); /* Update rp in ring context */ rp = cpu_to_le64(ring->rd_offset * sizeof(*el) + ring->rbase); memcpy_toio((void __iomem *) &ring->ring_ctx->generic.rp, &rp, sizeof(u64)); - buf_info.host_addr = ring->rbase + (old_offset * sizeof(*el)); - buf_info.dev_addr = el; - buf_info.size = sizeof(*el); - - return mhi_cntrl->write_sync(mhi_cntrl, &buf_info); + return ret; } void mhi_ep_ring_init(struct mhi_ep_ring *ring, enum mhi_ep_ring_type type, u32 id)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-unwilling-smilingly-1077@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-giblet-startling-04da@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-cavity-cornbread-70f7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062007-distaste-suffix-3de3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-snowiness-ditch-cae7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062006-ocean-hypertext-39fb@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 9079db287fc3e38e040b0edeb0a25770bb679c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062007-dial-defacing-0031@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9079db287fc3e38e040b0edeb0a25770bb679c8e Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Mon, 26 May 2025 11:47:01 +0200 Subject: [PATCH] ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked memory and unbalanced regulator enable count during probe errors or unbind. Fix this by converting entire code into devm_regulator_bulk_get_enable() which also greatly simplifies the code. Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250526-b4-b4-asoc-wcd9395-vdd-px-fixes-v1-1-0b8a… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c index 8ee4360aff92..5e19e813748d 100644 --- a/sound/soc/codecs/wcd9335.c +++ b/sound/soc/codecs/wcd9335.c @@ -332,7 +332,6 @@ struct wcd9335_codec { int intr1; struct gpio_desc *reset_gpio; - struct regulator_bulk_data supplies[WCD9335_MAX_SUPPLY]; unsigned int rx_port_value[WCD9335_RX_MAX]; unsigned int tx_port_value[WCD9335_TX_MAX]; @@ -355,6 +354,10 @@ struct wcd9335_irq { char *name; }; +static const char * const wcd9335_supplies[] = { + "vdd-buck", "vdd-buck-sido", "vdd-tx", "vdd-rx", "vdd-io", +}; + static const struct wcd9335_slim_ch wcd9335_tx_chs[WCD9335_TX_MAX] = { WCD9335_SLIM_TX_CH(0), WCD9335_SLIM_TX_CH(1), @@ -4989,30 +4992,16 @@ static int wcd9335_parse_dt(struct wcd9335_codec *wcd) if (IS_ERR(wcd->native_clk)) return dev_err_probe(dev, PTR_ERR(wcd->native_clk), "slimbus clock not found\n"); - wcd->supplies[0].supply = "vdd-buck"; - wcd->supplies[1].supply = "vdd-buck-sido"; - wcd->supplies[2].supply = "vdd-tx"; - wcd->supplies[3].supply = "vdd-rx"; - wcd->supplies[4].supply = "vdd-io"; - - ret = regulator_bulk_get(dev, WCD9335_MAX_SUPPLY, wcd->supplies); + ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(wcd9335_supplies), + wcd9335_supplies); if (ret) - return dev_err_probe(dev, ret, "Failed to get supplies\n"); + return dev_err_probe(dev, ret, "Failed to get and enable supplies\n"); return 0; } static int wcd9335_power_on_reset(struct wcd9335_codec *wcd) { - struct device *dev = wcd->dev; - int ret; - - ret = regulator_bulk_enable(WCD9335_MAX_SUPPLY, wcd->supplies); - if (ret) { - dev_err(dev, "Failed to get supplies: err = %d\n", ret); - return ret; - } - /* * For WCD9335, it takes about 600us for the Vout_A and * Vout_D to be ready after BUCK_SIDO is powered up.

5 months, 2 weeks

1
0
0 0

RE: Patch "EDAC/igen6: Skip absent memory controllers" has been added to the 6.15-stable tree

by Zhuo, Qiuxu

Hi Sasha, > From: Sasha Levin <sashal(a)kernel.org> > [...] > Subject: Patch "EDAC/igen6: Skip absent memory controllers" has been added > to the 6.15-stable tree > This patch fixes the issue of the igen6_edac driver mistakenly enumerating the absent memory controllers, but it may also trigger a panic. So, please either do not backport this patch or backport it together with the patch [1], which has been queued in the RAS edac-drivers branch. [1] https://lore.kernel.org/all/20250618162307.1523736-1-qiuxu.zhuo@intel.com/ Thanks! -Qiuxu

5 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] media: uvcvideo: Send control events for partial succeeds" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5c791467aea6277430da5f089b9b6c2a9d8a4af7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062050-overpower-democrat-9d5e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5c791467aea6277430da5f089b9b6c2a9d8a4af7 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 24 Feb 2025 10:34:54 +0000 Subject: [PATCH] media: uvcvideo: Send control events for partial succeeds Today, when we are applying a change to entities A, B. If A succeeds and B fails the events for A are not sent. This change changes the code so the events for A are send right after they happen. Cc: stable(a)kernel.org Fixes: b4012002f3a3 ("[media] uvcvideo: Add support for control events") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Message-ID: <20250224-uvc-data-backup-v2-2-de993ed9823b(a)chromium.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0c4d84eab42a..636ce1eb2a6b 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1954,7 +1954,9 @@ static bool uvc_ctrl_xctrls_has_control(const struct v4l2_ext_control *xctrls, } static void uvc_ctrl_send_events(struct uvc_fh *handle, - const struct v4l2_ext_control *xctrls, unsigned int xctrls_count) + struct uvc_entity *entity, + const struct v4l2_ext_control *xctrls, + unsigned int xctrls_count) { struct uvc_control_mapping *mapping; struct uvc_control *ctrl; @@ -1966,6 +1968,9 @@ static void uvc_ctrl_send_events(struct uvc_fh *handle, s32 value; ctrl = uvc_find_control(handle->chain, xctrls[i].id, &mapping); + if (ctrl->entity != entity) + continue; + if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) /* Notification will be sent from an Interrupt event. */ continue; @@ -2209,11 +2214,12 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, uvc_ctrl_find_ctrl_idx(entity, ctrls, err_ctrl); goto done; + } else if (ret > 0 && !rollback) { + uvc_ctrl_send_events(handle, entity, + ctrls->controls, ctrls->count); } } - if (!rollback) - uvc_ctrl_send_events(handle, ctrls->controls, ctrls->count); ret = 0; done: mutex_unlock(&chain->ctrl_mutex);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: uvcvideo: Send control events for partial succeeds" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5c791467aea6277430da5f089b9b6c2a9d8a4af7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062050-dispute-striving-f062@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5c791467aea6277430da5f089b9b6c2a9d8a4af7 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 24 Feb 2025 10:34:54 +0000 Subject: [PATCH] media: uvcvideo: Send control events for partial succeeds Today, when we are applying a change to entities A, B. If A succeeds and B fails the events for A are not sent. This change changes the code so the events for A are send right after they happen. Cc: stable(a)kernel.org Fixes: b4012002f3a3 ("[media] uvcvideo: Add support for control events") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Message-ID: <20250224-uvc-data-backup-v2-2-de993ed9823b(a)chromium.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0c4d84eab42a..636ce1eb2a6b 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1954,7 +1954,9 @@ static bool uvc_ctrl_xctrls_has_control(const struct v4l2_ext_control *xctrls, } static void uvc_ctrl_send_events(struct uvc_fh *handle, - const struct v4l2_ext_control *xctrls, unsigned int xctrls_count) + struct uvc_entity *entity, + const struct v4l2_ext_control *xctrls, + unsigned int xctrls_count) { struct uvc_control_mapping *mapping; struct uvc_control *ctrl; @@ -1966,6 +1968,9 @@ static void uvc_ctrl_send_events(struct uvc_fh *handle, s32 value; ctrl = uvc_find_control(handle->chain, xctrls[i].id, &mapping); + if (ctrl->entity != entity) + continue; + if (ctrl->info.flags & UVC_CTRL_FLAG_ASYNCHRONOUS) /* Notification will be sent from an Interrupt event. */ continue; @@ -2209,11 +2214,12 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, uvc_ctrl_find_ctrl_idx(entity, ctrls, err_ctrl); goto done; + } else if (ret > 0 && !rollback) { + uvc_ctrl_send_events(handle, entity, + ctrls->controls, ctrls->count); } } - if (!rollback) - uvc_ctrl_send_events(handle, ctrls->controls, ctrls->count); ret = 0; done: mutex_unlock(&chain->ctrl_mutex);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: uvcvideo: Return the number of processed controls" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ba4fafb02ad6a4eb2e00f861893b5db42ba54369 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062032-omnivore-overcook-a17c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ba4fafb02ad6a4eb2e00f861893b5db42ba54369 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 24 Feb 2025 10:34:53 +0000 Subject: [PATCH] media: uvcvideo: Return the number of processed controls If we let know our callers that we have not done anything, they will be able to optimize their decisions. Cc: stable(a)kernel.org Fixes: b4012002f3a3 ("[media] uvcvideo: Add support for control events") Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Message-ID: <20250224-uvc-data-backup-v2-1-de993ed9823b(a)chromium.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index e2052130f4c9..0c4d84eab42a 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2101,12 +2101,17 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) return mutex_lock_interruptible(&chain->ctrl_mutex) ? -ERESTARTSYS : 0; } +/* + * Returns the number of uvc controls that have been correctly set, or a + * negative number if there has been an error. + */ static int uvc_ctrl_commit_entity(struct uvc_device *dev, struct uvc_fh *handle, struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) { + unsigned int processed_ctrls = 0; struct uvc_control *ctrl; unsigned int i; int ret; @@ -2141,6 +2146,9 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, else ret = 0; + if (!ret) + processed_ctrls++; + if (rollback || ret < 0) memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT), uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP), @@ -2159,7 +2167,7 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, } } - return 0; + return processed_ctrls; } static int uvc_ctrl_find_ctrl_idx(struct uvc_entity *entity, @@ -2206,6 +2214,7 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, if (!rollback) uvc_ctrl_send_events(handle, ctrls->controls, ctrls->count); + ret = 0; done: mutex_unlock(&chain->ctrl_mutex); return ret;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: uvcvideo: Return the number of processed controls" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ba4fafb02ad6a4eb2e00f861893b5db42ba54369 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062031-resubmit-subsector-759f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ba4fafb02ad6a4eb2e00f861893b5db42ba54369 Mon Sep 17 00:00:00 2001 From: Ricardo Ribalda <ribalda(a)chromium.org> Date: Mon, 24 Feb 2025 10:34:53 +0000 Subject: [PATCH] media: uvcvideo: Return the number of processed controls If we let know our callers that we have not done anything, they will be able to optimize their decisions. Cc: stable(a)kernel.org Fixes: b4012002f3a3 ("[media] uvcvideo: Add support for control events") Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Message-ID: <20250224-uvc-data-backup-v2-1-de993ed9823b(a)chromium.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index e2052130f4c9..0c4d84eab42a 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2101,12 +2101,17 @@ int uvc_ctrl_begin(struct uvc_video_chain *chain) return mutex_lock_interruptible(&chain->ctrl_mutex) ? -ERESTARTSYS : 0; } +/* + * Returns the number of uvc controls that have been correctly set, or a + * negative number if there has been an error. + */ static int uvc_ctrl_commit_entity(struct uvc_device *dev, struct uvc_fh *handle, struct uvc_entity *entity, int rollback, struct uvc_control **err_ctrl) { + unsigned int processed_ctrls = 0; struct uvc_control *ctrl; unsigned int i; int ret; @@ -2141,6 +2146,9 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, else ret = 0; + if (!ret) + processed_ctrls++; + if (rollback || ret < 0) memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT), uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP), @@ -2159,7 +2167,7 @@ static int uvc_ctrl_commit_entity(struct uvc_device *dev, } } - return 0; + return processed_ctrls; } static int uvc_ctrl_find_ctrl_idx(struct uvc_entity *entity, @@ -2206,6 +2214,7 @@ int __uvc_ctrl_commit(struct uvc_fh *handle, int rollback, if (!rollback) uvc_ctrl_send_events(handle, ctrls->controls, ctrls->count); + ret = 0; done: mutex_unlock(&chain->ctrl_mutex); return ret;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Cleanup after an allocation error" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7500bb9cf164edbb2c8117d57620227b1a4a8369 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-spinach-irritably-ba2b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7500bb9cf164edbb2c8117d57620227b1a4a8369 Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:54 +0800 Subject: [PATCH] media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized and cause NULL pointer dereferences. Ensure proper cleanup of failed allocations to prevent these issues. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 29d3d4b08dd1..8a25ea8905ae 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -820,6 +820,7 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return true; err: dev_err(jpeg->dev, "Could not allocate descriptors for slot %d", jpeg->slot_data.slot); + mxc_jpeg_free_slot_data(jpeg); return false; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Cleanup after an allocation error" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7500bb9cf164edbb2c8117d57620227b1a4a8369 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062007-screen-jurist-5d6d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7500bb9cf164edbb2c8117d57620227b1a4a8369 Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:54 +0800 Subject: [PATCH] media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized and cause NULL pointer dereferences. Ensure proper cleanup of failed allocations to prevent these issues. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 29d3d4b08dd1..8a25ea8905ae 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -820,6 +820,7 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return true; err: dev_err(jpeg->dev, "Could not allocate descriptors for slot %d", jpeg->slot_data.slot); + mxc_jpeg_free_slot_data(jpeg); return false; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Reset slot data pointers when freed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x faa8051b128f4b34277ea8a026d02d83826f8122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062057-sift-mulled-7ea9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From faa8051b128f4b34277ea8a026d02d83826f8122 Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:53 +0800 Subject: [PATCH] media: imx-jpeg: Reset slot data pointers when freed Ensure that the slot data pointers are reset to NULL and handles are set to 0 after freeing the coherent memory. This makes he function mxc_jpeg_alloc_slot_data() and mxc_jpeg_free_slot_data() safe to be called multiple times. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index ad2284e87985..29d3d4b08dd1 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -758,16 +758,22 @@ static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.desc, jpeg->slot_data.desc_handle); + jpeg->slot_data.desc = NULL; + jpeg->slot_data.desc_handle = 0; /* free descriptor for encoder configuration phase / decoder DHT */ dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.cfg_desc, jpeg->slot_data.cfg_desc_handle); + jpeg->slot_data.cfg_desc_handle = 0; + jpeg->slot_data.cfg_desc = NULL; /* free configuration stream */ dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, jpeg->slot_data.cfg_stream_vaddr, jpeg->slot_data.cfg_stream_handle); + jpeg->slot_data.cfg_stream_vaddr = NULL; + jpeg->slot_data.cfg_stream_handle = 0; jpeg->slot_data.used = false; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Reset slot data pointers when freed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x faa8051b128f4b34277ea8a026d02d83826f8122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062056-upcoming-numerator-2955@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From faa8051b128f4b34277ea8a026d02d83826f8122 Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:53 +0800 Subject: [PATCH] media: imx-jpeg: Reset slot data pointers when freed Ensure that the slot data pointers are reset to NULL and handles are set to 0 after freeing the coherent memory. This makes he function mxc_jpeg_alloc_slot_data() and mxc_jpeg_free_slot_data() safe to be called multiple times. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index ad2284e87985..29d3d4b08dd1 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -758,16 +758,22 @@ static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.desc, jpeg->slot_data.desc_handle); + jpeg->slot_data.desc = NULL; + jpeg->slot_data.desc_handle = 0; /* free descriptor for encoder configuration phase / decoder DHT */ dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.cfg_desc, jpeg->slot_data.cfg_desc_handle); + jpeg->slot_data.cfg_desc_handle = 0; + jpeg->slot_data.cfg_desc = NULL; /* free configuration stream */ dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, jpeg->slot_data.cfg_stream_vaddr, jpeg->slot_data.cfg_stream_handle); + jpeg->slot_data.cfg_stream_vaddr = NULL; + jpeg->slot_data.cfg_stream_handle = 0; jpeg->slot_data.used = false; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46e9c092f850bd7b4d06de92d3d21877f49a3fcb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-diabetic-antiquity-da83@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46e9c092f850bd7b4d06de92d3d21877f49a3fcb Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:52 +0800 Subject: [PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Move function mxc_jpeg_free_slot_data() above mxc_jpeg_alloc_slot_data() allowing to call that function during allocation failures. No functional changes are made. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 840dd62c2531..ad2284e87985 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -752,6 +752,26 @@ static int mxc_get_free_slot(struct mxc_jpeg_slot_data *slot_data) return -1; } +static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) +{ + /* free descriptor for decoding/encoding phase */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.desc, + jpeg->slot_data.desc_handle); + + /* free descriptor for encoder configuration phase / decoder DHT */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.cfg_desc, + jpeg->slot_data.cfg_desc_handle); + + /* free configuration stream */ + dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, + jpeg->slot_data.cfg_stream_vaddr, + jpeg->slot_data.cfg_stream_handle); + + jpeg->slot_data.used = false; +} + static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) { struct mxc_jpeg_desc *desc; @@ -798,26 +818,6 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return false; } -static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) -{ - /* free descriptor for decoding/encoding phase */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.desc, - jpeg->slot_data.desc_handle); - - /* free descriptor for encoder configuration phase / decoder DHT */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.cfg_desc, - jpeg->slot_data.cfg_desc_handle); - - /* free configuration stream */ - dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, - jpeg->slot_data.cfg_stream_vaddr, - jpeg->slot_data.cfg_stream_handle); - - jpeg->slot_data.used = false; -} - static void mxc_jpeg_check_and_set_last_buffer(struct mxc_jpeg_ctx *ctx, struct vb2_v4l2_buffer *src_buf, struct vb2_v4l2_buffer *dst_buf)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 46e9c092f850bd7b4d06de92d3d21877f49a3fcb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-reemerge-pastel-e344@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46e9c092f850bd7b4d06de92d3d21877f49a3fcb Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:52 +0800 Subject: [PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Move function mxc_jpeg_free_slot_data() above mxc_jpeg_alloc_slot_data() allowing to call that function during allocation failures. No functional changes are made. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 840dd62c2531..ad2284e87985 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -752,6 +752,26 @@ static int mxc_get_free_slot(struct mxc_jpeg_slot_data *slot_data) return -1; } +static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) +{ + /* free descriptor for decoding/encoding phase */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.desc, + jpeg->slot_data.desc_handle); + + /* free descriptor for encoder configuration phase / decoder DHT */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.cfg_desc, + jpeg->slot_data.cfg_desc_handle); + + /* free configuration stream */ + dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, + jpeg->slot_data.cfg_stream_vaddr, + jpeg->slot_data.cfg_stream_handle); + + jpeg->slot_data.used = false; +} + static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) { struct mxc_jpeg_desc *desc; @@ -798,26 +818,6 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return false; } -static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) -{ - /* free descriptor for decoding/encoding phase */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.desc, - jpeg->slot_data.desc_handle); - - /* free descriptor for encoder configuration phase / decoder DHT */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.cfg_desc, - jpeg->slot_data.cfg_desc_handle); - - /* free configuration stream */ - dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, - jpeg->slot_data.cfg_stream_vaddr, - jpeg->slot_data.cfg_stream_handle); - - jpeg->slot_data.used = false; -} - static void mxc_jpeg_check_and_set_last_buffer(struct mxc_jpeg_ctx *ctx, struct vb2_v4l2_buffer *src_buf, struct vb2_v4l2_buffer *dst_buf)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Drop the first error frames" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d52b9b7e2f10d22a49468128540533e8d76910cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-nylon-scoff-dcd4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d52b9b7e2f10d22a49468128540533e8d76910cd Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 15:06:12 +0800 Subject: [PATCH] media: imx-jpeg: Drop the first error frames When an output buffer contains error frame header, v4l2_jpeg_parse_header() will return error, then driver will mark this buffer and a capture buffer done with error flag in device_run(). But if the error occurs in the first frames, before setup the capture queue, there is no chance to schedule device_run(), and there may be no capture to mark error. So we need to drop this buffer with error flag, and make the decoding can continue. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 1221b309a916..840dd62c2531 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -1918,9 +1918,19 @@ static void mxc_jpeg_buf_queue(struct vb2_buffer *vb) jpeg_src_buf = vb2_to_mxc_buf(vb); jpeg_src_buf->jpeg_parse_error = false; ret = mxc_jpeg_parse(ctx, vb); - if (ret) + if (ret) { jpeg_src_buf->jpeg_parse_error = true; + /* + * if the capture queue is not setup, the device_run() won't be scheduled, + * need to drop the error buffer, so that the decoding can continue + */ + if (!vb2_is_streaming(v4l2_m2m_get_dst_vq(ctx->fh.m2m_ctx))) { + v4l2_m2m_buf_done(vbuf, VB2_BUF_STATE_ERROR); + return; + } + } + end: v4l2_m2m_buf_queue(ctx->fh.m2m_ctx, vbuf); }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: vivid: Change the siize of the composing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f83ac8d30c43fd902af7c84c480f216157b60ef0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-parabola-bacteria-dd6b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f83ac8d30c43fd902af7c84c480f216157b60ef0 Mon Sep 17 00:00:00 2001 From: Denis Arefev <arefev(a)swemel.ru> Date: Tue, 15 Apr 2025 11:27:21 +0300 Subject: [PATCH] media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline] vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629 vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The composition size cannot be larger than the size of fmt_cap_rect. So execute v4l2_rect_map_inside() even if has_compose_cap == 0. Fixes: 94a7ad928346 ("media: vivid: fix compose size exceed boundary") Cc: stable(a)vger.kernel.org Reported-by: syzbot+365005005522b70a36f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=8ed8e8cc30cbe0d86c9a25bd1d6a5775129b8e… Signed-off-by: Denis Arefev <arefev(a)swemel.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index df726961222b..84e9155b5815 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -948,8 +948,8 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection if (dev->has_compose_cap) { v4l2_rect_set_min_size(compose, &min_rect); v4l2_rect_set_max_size(compose, &max_rect); - v4l2_rect_map_inside(compose, &fmt); } + v4l2_rect_map_inside(compose, &fmt); dev->fmt_cap_rect = fmt; tpg_s_buf_height(&dev->tpg, fmt.height); } else if (dev->has_compose_cap) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062044-outlast-galley-2623@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-unaltered-handwoven-3d41@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-penny-clanking-183f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: davinci: vpif: Fix memory leak in probe error path" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 024bf40edf1155e7a587f0ec46294049777d9b02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062033-navigator-observant-8f41@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 024bf40edf1155e7a587f0ec46294049777d9b02 Mon Sep 17 00:00:00 2001 From: Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> Date: Wed, 16 Apr 2025 23:51:19 +0300 Subject: [PATCH] media: davinci: vpif: Fix memory leak in probe error path If an error occurs during the initialization of `pdev_display`, the allocated platform device `pdev_capture` is not released properly, leading to a memory leak. Adjust error path handling to fix the leak. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 43acb728bbc4 ("media: davinci: vpif: fix use-after-free on driver unbind") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> Reviewed-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/davinci/vpif.c b/drivers/media/platform/ti/davinci/vpif.c index a81719702a22..969d623fc842 100644 --- a/drivers/media/platform/ti/davinci/vpif.c +++ b/drivers/media/platform/ti/davinci/vpif.c @@ -504,7 +504,7 @@ static int vpif_probe(struct platform_device *pdev) pdev_display = kzalloc(sizeof(*pdev_display), GFP_KERNEL); if (!pdev_display) { ret = -ENOMEM; - goto err_put_pdev_capture; + goto err_del_pdev_capture; } pdev_display->name = "vpif_display"; @@ -527,6 +527,8 @@ static int vpif_probe(struct platform_device *pdev) err_put_pdev_display: platform_device_put(pdev_display); +err_del_pdev_capture: + platform_device_del(pdev_capture); err_put_pdev_capture: platform_device_put(pdev_capture); err_put_rpm:

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: cxusb: no longer judge rbuf when the write fails" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 73fb3b92da84637e3817580fa205d48065924e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-fleshed-wildcard-a434@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73fb3b92da84637e3817580fa205d48065924e15 Mon Sep 17 00:00:00 2001 From: Edward Adam Davis <eadavis(a)qq.com> Date: Sat, 5 Apr 2025 19:56:41 +0800 Subject: [PATCH] media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not being executed, and ultimately variable i was not initialized. [1] BUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] BUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1 i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315 i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343 i2c_master_send include/linux/i2c.h:109 [inline] i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183 do_loop_readv_writev fs/read_write.c:848 [inline] vfs_writev+0x963/0x14e0 fs/read_write.c:1057 do_writev+0x247/0x5c0 fs/read_write.c:1101 __do_sys_writev fs/read_write.c:1169 [inline] __se_sys_writev fs/read_write.c:1166 [inline] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166 x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Reported-by: syzbot+526bd95c0ec629993bf3(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=526bd95c0ec629993bf3 Tested-by: syzbot+526bd95c0ec629993bf3(a)syzkaller.appspotmail.com Fixes: 22c6d93a7310 ("[PATCH] dvb: usb: support Medion hybrid USB2.0 DVB-T/analogue box") Cc: stable(a)vger.kernel.org Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c index f44529b40989..d0501c1e81d6 100644 --- a/drivers/media/usb/dvb-usb/cxusb.c +++ b/drivers/media/usb/dvb-usb/cxusb.c @@ -119,9 +119,8 @@ static void cxusb_gpio_tuner(struct dvb_usb_device *d, int onoff) o[0] = GPIO_TUNER; o[1] = onoff; - cxusb_ctrl_msg(d, CMD_GPIO_WRITE, o, 2, &i, 1); - if (i != 0x01) + if (!cxusb_ctrl_msg(d, CMD_GPIO_WRITE, o, 2, &i, 1) && i != 0x01) dev_info(&d->udev->dev, "gpio_write failed.\n"); st->gpio_write_state[GPIO_TUNER] = onoff;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-trace-goggles-c401@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062019-wrinkly-unblended-0fce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062018-desktop-childhood-1515@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062017-flashily-tidings-7e64@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062017-dolphin-qualify-c051@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062016-hardener-favoring-2b01@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-unmanned-whinny-0ada@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-reattach-unroasted-deb0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062021-jump-puppet-aa00@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix ring-buffer corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6d037a372f817e9fcb56482f37917545596bd776 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062014-matriarch-atrocious-4abd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d037a372f817e9fcb56482f37917545596bd776 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 10:49:16 +0100 Subject: [PATCH] wifi: ath11k: fix ring-buffer corruption Users of the Lenovo ThinkPad X13s have reported that Wi-Fi sometimes breaks and the log fills up with errors like: ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1484, expected 1492 ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1460, expected 1484 which based on a quick look at the driver seemed to indicate some kind of ring-buffer corruption. Miaoqing Pan tracked it down to the host seeing the updated destination ring head pointer before the updated descriptor, and the error handling for that in turn leaves the ring buffer in an inconsistent state. Add the missing memory barrier to make sure that the descriptor is read after the head pointer to address the root cause of the corruption while fixing up the error handling in case there are ever any (ordering) bugs on the device side. Note that the READ_ONCE() are only needed to avoid compiler mischief in case the ring-buffer helpers are ever inlined. Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218623 Link: https://lore.kernel.org/20250310010217.3845141-3-quic_miaoqing@quicinc.com Cc: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321094916.19098-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..9d8efec46508 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -393,11 +393,10 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + *nbytes = ath11k_hal_ce_dst_status_get_length(desc); - if (*nbytes == 0) { - ret = -EIO; - goto err; - } *skb = pipe->dest_ring->skb[sw_index]; pipe->dest_ring->skb[sw_index] = NULL; @@ -430,8 +429,8 @@ static void ath11k_ce_recv_process_cb(struct ath11k_ce_pipe *pipe) dma_unmap_single(ab->dev, ATH11K_SKB_RXCB(skb)->paddr, max_nbytes, DMA_FROM_DEVICE); - if (unlikely(max_nbytes < nbytes)) { - ath11k_warn(ab, "rxed more than expected (nbytes %d, max %d)", + if (unlikely(max_nbytes < nbytes || nbytes == 0)) { + ath11k_warn(ab, "unexpected rx length (nbytes %d, max %d)", nbytes, max_nbytes); dev_kfree_skb_any(skb); continue; diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 61f4b6dd5380..8cb1505a5a0c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -599,7 +599,7 @@ u32 ath11k_hal_ce_dst_status_get_length(void *buf) struct hal_ce_srng_dst_status_desc *desc = buf; u32 len; - len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, desc->flags); + len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, READ_ONCE(desc->flags)); desc->flags &= ~HAL_CE_DST_STATUS_DESC_FLAGS_LEN; return len; @@ -829,7 +829,7 @@ void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = *srng->u.dst_ring.hp_addr; + srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix ring-buffer corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6d037a372f817e9fcb56482f37917545596bd776 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-defender-designing-8c76@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d037a372f817e9fcb56482f37917545596bd776 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 10:49:16 +0100 Subject: [PATCH] wifi: ath11k: fix ring-buffer corruption Users of the Lenovo ThinkPad X13s have reported that Wi-Fi sometimes breaks and the log fills up with errors like: ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1484, expected 1492 ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1460, expected 1484 which based on a quick look at the driver seemed to indicate some kind of ring-buffer corruption. Miaoqing Pan tracked it down to the host seeing the updated destination ring head pointer before the updated descriptor, and the error handling for that in turn leaves the ring buffer in an inconsistent state. Add the missing memory barrier to make sure that the descriptor is read after the head pointer to address the root cause of the corruption while fixing up the error handling in case there are ever any (ordering) bugs on the device side. Note that the READ_ONCE() are only needed to avoid compiler mischief in case the ring-buffer helpers are ever inlined. Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218623 Link: https://lore.kernel.org/20250310010217.3845141-3-quic_miaoqing@quicinc.com Cc: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321094916.19098-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..9d8efec46508 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -393,11 +393,10 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + *nbytes = ath11k_hal_ce_dst_status_get_length(desc); - if (*nbytes == 0) { - ret = -EIO; - goto err; - } *skb = pipe->dest_ring->skb[sw_index]; pipe->dest_ring->skb[sw_index] = NULL; @@ -430,8 +429,8 @@ static void ath11k_ce_recv_process_cb(struct ath11k_ce_pipe *pipe) dma_unmap_single(ab->dev, ATH11K_SKB_RXCB(skb)->paddr, max_nbytes, DMA_FROM_DEVICE); - if (unlikely(max_nbytes < nbytes)) { - ath11k_warn(ab, "rxed more than expected (nbytes %d, max %d)", + if (unlikely(max_nbytes < nbytes || nbytes == 0)) { + ath11k_warn(ab, "unexpected rx length (nbytes %d, max %d)", nbytes, max_nbytes); dev_kfree_skb_any(skb); continue; diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 61f4b6dd5380..8cb1505a5a0c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -599,7 +599,7 @@ u32 ath11k_hal_ce_dst_status_get_length(void *buf) struct hal_ce_srng_dst_status_desc *desc = buf; u32 len; - len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, desc->flags); + len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, READ_ONCE(desc->flags)); desc->flags &= ~HAL_CE_DST_STATUS_DESC_FLAGS_LEN; return len; @@ -829,7 +829,7 @@ void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = *srng->u.dst_ring.hp_addr; + srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix rx completion meta data corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ab52e3e44fe9b666281752e2481d11e25b0e3fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062045-defrost-explode-6eec@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab52e3e44fe9b666281752e2481d11e25b0e3fdd Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 15:53:02 +0100 Subject: [PATCH] wifi: ath11k: fix rx completion meta data corruption Add the missing memory barrier to make sure that the REO dest ring descriptor is read after the head pointer to avoid using stale data on weakly ordered architectures like aarch64. This may fix the ring-buffer corruption worked around by commit f9fff67d2d7c ("wifi: ath11k: Fix SKB corruption in REO destination ring") by silently discarding data, and may possibly also address user reported errors like: ath11k_pci 0006:01:00.0: msdu_done bit in attention is not set Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218005 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321145302.4775-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 218ab41c0f3c..ea2959305dec 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2637,7 +2637,7 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, struct ath11k *ar; struct hal_reo_dest_ring *desc; enum hal_reo_dest_ring_push_reason push_reason; - u32 cookie; + u32 cookie, info0, rx_msdu_info0, rx_mpdu_info0; int i; for (i = 0; i < MAX_RADIOS; i++) @@ -2650,11 +2650,14 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { cookie = FIELD_GET(BUFFER_ADDR_INFO1_SW_COOKIE, - desc->buf_addr_info.info1); + READ_ONCE(desc->buf_addr_info.info1)); buf_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, cookie); mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie); @@ -2683,8 +2686,9 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, num_buffs_reaped[mac_id]++; + info0 = READ_ONCE(desc->info0); push_reason = FIELD_GET(HAL_REO_DEST_RING_INFO0_PUSH_REASON, - desc->info0); + info0); if (unlikely(push_reason != HAL_REO_DEST_RING_PUSH_REASON_ROUTING_INSTRUCTION)) { dev_kfree_skb_any(msdu); @@ -2692,18 +2696,21 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, continue; } - rxcb->is_first_msdu = !!(desc->rx_msdu_info.info0 & + rx_msdu_info0 = READ_ONCE(desc->rx_msdu_info.info0); + rx_mpdu_info0 = READ_ONCE(desc->rx_mpdu_info.info0); + + rxcb->is_first_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU); - rxcb->is_last_msdu = !!(desc->rx_msdu_info.info0 & + rxcb->is_last_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU); - rxcb->is_continuation = !!(desc->rx_msdu_info.info0 & + rxcb->is_continuation = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_MSDU_CONTINUATION); rxcb->peer_id = FIELD_GET(RX_MPDU_DESC_META_DATA_PEER_ID, - desc->rx_mpdu_info.meta_data); + READ_ONCE(desc->rx_mpdu_info.meta_data)); rxcb->seq_no = FIELD_GET(RX_MPDU_DESC_INFO0_SEQ_NUM, - desc->rx_mpdu_info.info0); + rx_mpdu_info0); rxcb->tid = FIELD_GET(HAL_REO_DEST_RING_INFO0_RX_QUEUE_NUM, - desc->info0); + info0); rxcb->mac_id = mac_id; __skb_queue_tail(&msdu_list[mac_id], msdu);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix rx completion meta data corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ab52e3e44fe9b666281752e2481d11e25b0e3fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062044-setback-catchable-ac30@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab52e3e44fe9b666281752e2481d11e25b0e3fdd Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 15:53:02 +0100 Subject: [PATCH] wifi: ath11k: fix rx completion meta data corruption Add the missing memory barrier to make sure that the REO dest ring descriptor is read after the head pointer to avoid using stale data on weakly ordered architectures like aarch64. This may fix the ring-buffer corruption worked around by commit f9fff67d2d7c ("wifi: ath11k: Fix SKB corruption in REO destination ring") by silently discarding data, and may possibly also address user reported errors like: ath11k_pci 0006:01:00.0: msdu_done bit in attention is not set Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218005 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321145302.4775-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 218ab41c0f3c..ea2959305dec 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2637,7 +2637,7 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, struct ath11k *ar; struct hal_reo_dest_ring *desc; enum hal_reo_dest_ring_push_reason push_reason; - u32 cookie; + u32 cookie, info0, rx_msdu_info0, rx_mpdu_info0; int i; for (i = 0; i < MAX_RADIOS; i++) @@ -2650,11 +2650,14 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { cookie = FIELD_GET(BUFFER_ADDR_INFO1_SW_COOKIE, - desc->buf_addr_info.info1); + READ_ONCE(desc->buf_addr_info.info1)); buf_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, cookie); mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie); @@ -2683,8 +2686,9 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, num_buffs_reaped[mac_id]++; + info0 = READ_ONCE(desc->info0); push_reason = FIELD_GET(HAL_REO_DEST_RING_INFO0_PUSH_REASON, - desc->info0); + info0); if (unlikely(push_reason != HAL_REO_DEST_RING_PUSH_REASON_ROUTING_INSTRUCTION)) { dev_kfree_skb_any(msdu); @@ -2692,18 +2696,21 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, continue; } - rxcb->is_first_msdu = !!(desc->rx_msdu_info.info0 & + rx_msdu_info0 = READ_ONCE(desc->rx_msdu_info.info0); + rx_mpdu_info0 = READ_ONCE(desc->rx_mpdu_info.info0); + + rxcb->is_first_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU); - rxcb->is_last_msdu = !!(desc->rx_msdu_info.info0 & + rxcb->is_last_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU); - rxcb->is_continuation = !!(desc->rx_msdu_info.info0 & + rxcb->is_continuation = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_MSDU_CONTINUATION); rxcb->peer_id = FIELD_GET(RX_MPDU_DESC_META_DATA_PEER_ID, - desc->rx_mpdu_info.meta_data); + READ_ONCE(desc->rx_mpdu_info.meta_data)); rxcb->seq_no = FIELD_GET(RX_MPDU_DESC_INFO0_SEQ_NUM, - desc->rx_mpdu_info.info0); + rx_mpdu_info0); rxcb->tid = FIELD_GET(HAL_REO_DEST_RING_INFO0_RX_QUEUE_NUM, - desc->info0); + info0); rxcb->mac_id = mac_id; __skb_queue_tail(&msdu_list[mac_id], msdu);

5 months, 2 weeks

1
0
0 0

[PATCH] HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting

by Qasim Ijaz

During appletb_kbd_probe, probe attempts to get the backlight device by name. When this happens backlight_device_get_by_name looks for a device in the backlight class which has name "appletb_backlight" and upon finding a match it increments the reference count for the device and returns it to the caller. However this reference is never released leading to a reference leak. Fix this by decrementing the backlight device reference count on removal via put_device and on probe failure. Fixes: 93a0fc489481 ("HID: hid-appletb-kbd: add support for automatic brightness control while using the touchbar") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-appletb-kbd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/hid/hid-appletb-kbd.c b/drivers/hid/hid-appletb-kbd.c index ef51b2c06872..e06567886e50 100644 --- a/drivers/hid/hid-appletb-kbd.c +++ b/drivers/hid/hid-appletb-kbd.c @@ -438,6 +438,8 @@ static int appletb_kbd_probe(struct hid_device *hdev, const struct hid_device_id return 0; close_hw: + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); hid_hw_close(hdev); stop_hw: hid_hw_stop(hdev); @@ -453,6 +455,9 @@ static void appletb_kbd_remove(struct hid_device *hdev) input_unregister_handler(&kbd->inp_handler); timer_delete_sync(&kbd->inactivity_timer); + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); + hid_hw_close(hdev); hid_hw_stop(hdev); } -- 2.39.5

5 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-antiques-mangy-118b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062041-tarnish-puma-e164@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062029-banister-throng-eb24@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: meson: meson-card-utils: use of_property_present() for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 171eb6f71e9e3ba6a7410a1d93f3ac213f39dae2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062024-swimming-dawdler-bce4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 171eb6f71e9e3ba6a7410a1d93f3ac213f39dae2 Mon Sep 17 00:00:00 2001 From: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Date: Sat, 19 Apr 2025 23:34:48 +0200 Subject: [PATCH] ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Commit c141ecc3cecd ("of: Warn when of_property_read_bool() is used on non-boolean properties") added a warning when trying to parse a property with a value (boolean properties are defined as: absent = false, present without any value = true). This causes a warning from meson-card-utils. meson-card-utils needs to know about the existence of the "audio-routing" and/or "audio-widgets" properties in order to properly parse them. Switch to of_property_present() in order to silence the following warning messages during boot: OF: /sound: Read of boolean property 'audio-routing' with a value. OF: /sound: Read of boolean property 'audio-widgets' with a value. Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Tested-by: Christian Hewitt <christianshewitt(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Link: https://patch.msgid.link/20250419213448.59647-1-martin.blumenstingl@googlem… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/meson/meson-card-utils.c b/sound/soc/meson/meson-card-utils.c index cfc7f6e41ab5..68531183fb60 100644 --- a/sound/soc/meson/meson-card-utils.c +++ b/sound/soc/meson/meson-card-utils.c @@ -231,7 +231,7 @@ static int meson_card_parse_of_optional(struct snd_soc_card *card, const char *p)) { /* If property is not provided, don't fail ... */ - if (!of_property_read_bool(card->dev->of_node, propname)) + if (!of_property_present(card->dev->of_node, propname)) return 0; /* ... but do fail if it is provided and the parsing fails */

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062055-rejoice-overcook-b18f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-stopping-boil-ca87@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-yearning-gains-f4ef@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-huff-down-519c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-chair-rancidity-cf1d@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net/mlx5: Add error handling in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c6bb8a21cdad8c975a3a646b9e5c8df01ad29783 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-sassy-perm-01be@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6bb8a21cdad8c975a3a646b9e5c8df01ad29783 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Sun, 25 May 2025 00:34:25 +0800 Subject: [PATCH] net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Tariq Toukan <tariqt(a)nvidia.com> Link: https://patch.msgid.link/20250524163425.1695-1-vulab@iscas.ac.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index a3c57bb8b521..da5c24fc7b30 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + err = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net/mlx5_core: Add error handling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f0b50730bdd8f2734e548de541e845c0d40dceb6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062056-duct-nurture-9a3b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0b50730bdd8f2734e548de541e845c0d40dceb6 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Wed, 21 May 2025 21:36:20 +0800 Subject: [PATCH] net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Tariq Toukan <tariqt(a)nvidia.com> Link: https://patch.msgid.link/20250521133620.912-1-vulab@iscas.ac.cn Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index d10d4c396040..a3c57bb8b521 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + err = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-powdered-flint-7c7b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062021-uneasily-garbage-7a12@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-cornhusk-copy-3cd0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-oxygen-print-635f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-sublease-shivering-12da@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062010-easter-choosing-e03b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-passover-legibly-3a57@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-fading-headphone-4c02@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062055-throttle-abide-0845@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-emotion-defiling-38ce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-bubble-plausible-db18@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-deviate-fetal-1fef@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-width-famished-433f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-ligament-subtract-d8af@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-unnerving-tasting-63f1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-popcorn-lure-f2f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062041-mutiny-civil-2bce@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-preaching-lance-8408@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-twentieth-uniformed-032e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-stinging-clad-50a8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062030-rely-movable-fb97@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062029-crayfish-robotics-60e2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-rumble-ebony-e250@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-pegboard-reaffirm-313f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-ferris-purr-2823@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-oversight-paced-887b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-depress-slit-c249@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-setback-bulgur-2550@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-crier-richly-f55f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-unsavory-overrun-ecbc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-slinging-salvaging-1638@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] crypto: marvell/cesa - Do not chain submitted requests" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0413bcf0fc460a68a2a7a8354aee833293d7d693 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062023-fidgety-landslide-5061@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0413bcf0fc460a68a2a7a8354aee833293d7d693 Mon Sep 17 00:00:00 2001 From: Herbert Xu <herbert(a)gondor.apana.org.au> Date: Thu, 8 May 2025 13:22:16 +0800 Subject: [PATCH] crypto: marvell/cesa - Do not chain submitted requests This driver tries to chain requests together before submitting them to hardware in order to reduce completion interrupts. However, it even extends chains that have already been submitted to hardware. This is dangerous because there is no way of knowing whether the hardware has already read the DMA memory in question or not. Fix this by splitting the chain list into two. One for submitted requests and one for requests that have not yet been submitted. Only extend the latter. Reported-by: Klaus Kudielka <klaus.kudielka(a)gmail.com> Fixes: 85030c5168f1 ("crypto: marvell - Add support for chaining crypto requests in TDMA mode") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/marvell/cesa/cesa.c b/drivers/crypto/marvell/cesa/cesa.c index fa08f10e6f3f..9c21f5d835d2 100644 --- a/drivers/crypto/marvell/cesa/cesa.c +++ b/drivers/crypto/marvell/cesa/cesa.c @@ -94,7 +94,7 @@ static int mv_cesa_std_process(struct mv_cesa_engine *engine, u32 status) static int mv_cesa_int_process(struct mv_cesa_engine *engine, u32 status) { - if (engine->chain.first && engine->chain.last) + if (engine->chain_hw.first && engine->chain_hw.last) return mv_cesa_tdma_process(engine, status); return mv_cesa_std_process(engine, status); diff --git a/drivers/crypto/marvell/cesa/cesa.h b/drivers/crypto/marvell/cesa/cesa.h index d215a6bed6bc..50ca1039fdaa 100644 --- a/drivers/crypto/marvell/cesa/cesa.h +++ b/drivers/crypto/marvell/cesa/cesa.h @@ -440,8 +440,10 @@ struct mv_cesa_dev { * SRAM * @queue: fifo of the pending crypto requests * @load: engine load counter, useful for load balancing - * @chain: list of the current tdma descriptors being processed - * by this engine. + * @chain_hw: list of the current tdma descriptors being processed + * by the hardware. + * @chain_sw: list of the current tdma descriptors that will be + * submitted to the hardware. * @complete_queue: fifo of the processed requests by the engine * * Structure storing CESA engine information. @@ -463,7 +465,8 @@ struct mv_cesa_engine { struct gen_pool *pool; struct crypto_queue queue; atomic_t load; - struct mv_cesa_tdma_chain chain; + struct mv_cesa_tdma_chain chain_hw; + struct mv_cesa_tdma_chain chain_sw; struct list_head complete_queue; int irq; }; diff --git a/drivers/crypto/marvell/cesa/tdma.c b/drivers/crypto/marvell/cesa/tdma.c index 388a06e180d6..243305354420 100644 --- a/drivers/crypto/marvell/cesa/tdma.c +++ b/drivers/crypto/marvell/cesa/tdma.c @@ -38,6 +38,15 @@ void mv_cesa_dma_step(struct mv_cesa_req *dreq) { struct mv_cesa_engine *engine = dreq->engine; + spin_lock_bh(&engine->lock); + if (engine->chain_sw.first == dreq->chain.first) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; + } + engine->chain_hw.first = dreq->chain.first; + engine->chain_hw.last = dreq->chain.last; + spin_unlock_bh(&engine->lock); + writel_relaxed(0, engine->regs + CESA_SA_CFG); mv_cesa_set_int_mask(engine, CESA_SA_INT_ACC0_IDMA_DONE); @@ -96,25 +105,27 @@ void mv_cesa_dma_prepare(struct mv_cesa_req *dreq, void mv_cesa_tdma_chain(struct mv_cesa_engine *engine, struct mv_cesa_req *dreq) { - if (engine->chain.first == NULL && engine->chain.last == NULL) { - engine->chain.first = dreq->chain.first; - engine->chain.last = dreq->chain.last; - } else { - struct mv_cesa_tdma_desc *last; + struct mv_cesa_tdma_desc *last = engine->chain_sw.last; - last = engine->chain.last; + /* + * Break the DMA chain if the request being queued needs the IV + * regs to be set before lauching the request. + */ + if (!last || dreq->chain.first->flags & CESA_TDMA_SET_STATE) + engine->chain_sw.first = dreq->chain.first; + else { last->next = dreq->chain.first; - engine->chain.last = dreq->chain.last; - - /* - * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on - * the last element of the current chain, or if the request - * being queued needs the IV regs to be set before lauching - * the request. - */ - if (!(last->flags & CESA_TDMA_BREAK_CHAIN) && - !(dreq->chain.first->flags & CESA_TDMA_SET_STATE)) - last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + } + last = dreq->chain.last; + engine->chain_sw.last = last; + /* + * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on + * the last element of the current chain. + */ + if (last->flags & CESA_TDMA_BREAK_CHAIN) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; } } @@ -127,7 +138,7 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) tdma_cur = readl(engine->regs + CESA_TDMA_CUR); - for (tdma = engine->chain.first; tdma; tdma = next) { + for (tdma = engine->chain_hw.first; tdma; tdma = next) { spin_lock_bh(&engine->lock); next = tdma->next; spin_unlock_bh(&engine->lock); @@ -149,12 +160,12 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) &backlog); /* Re-chaining to the next request */ - engine->chain.first = tdma->next; + engine->chain_hw.first = tdma->next; tdma->next = NULL; /* If this is the last request, clear the chain */ - if (engine->chain.first == NULL) - engine->chain.last = NULL; + if (engine->chain_hw.first == NULL) + engine->chain_hw.last = NULL; spin_unlock_bh(&engine->lock); ctx = crypto_tfm_ctx(req->tfm);

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() has been removed from the -mm tree. Its filename was maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Date: Mon, 16 Jun 2025 14:45:20 -0400 Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate +++ a/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; } _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are tools-testing-radix-tree-test-maple-tree-chaining-mas_preallocate-calls.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] bcache-remove-unnecessary-select-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bcache: remove unnecessary select MIN_HEAP has been removed from the -mm tree. Its filename was bcache-remove-unnecessary-select-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: bcache: remove unnecessary select MIN_HEAP Date: Sun, 15 Jun 2025 04:23:53 +0800 After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-4-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/md/bcache/Kconfig~bcache-remove-unnecessary-select-min_heap +++ a/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" has been removed from the -mm tree. Its filename was revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" Date: Sun, 15 Jun 2025 04:23:52 +0800 This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-3-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 64 ++++------------ drivers/md/bcache/bcache.h | 2 drivers/md/bcache/bset.c | 124 +++++++++++--------------------- drivers/md/bcache/bset.h | 42 ++++++---- drivers/md/bcache/btree.c | 69 +++++++---------- drivers/md/bcache/extents.c | 51 ++++--------- drivers/md/bcache/movinggc.c | 41 ++-------- drivers/md/bcache/super.c | 3 drivers/md/bcache/sysfs.c | 4 - drivers/md/bcache/util.h | 67 ++++++++++++++++- drivers/md/bcache/writeback.c | 13 +-- 11 files changed, 217 insertions(+), 263 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(st * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struc wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } --- a/drivers/md/bcache/bcache.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate --- a/drivers/md/bcache/bset.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys * int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ bug: static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct bt /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_ke struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); --- a/drivers/md/bcache/bset.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter( void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_sear return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) - -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) + +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ --- a/drivers/md/bcache/btree.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btr { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btr if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btr if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btr bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct bt uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struc { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struc bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void * struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void * cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void * skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(s if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct bt { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, --- a/drivers/md/bcache/extents.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_i i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(s } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_ke * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixu if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixu else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixu bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btre } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, --- a/drivers/md/bcache/movinggc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); --- a/drivers/md/bcache/super.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(st INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); --- a/drivers/md/bcache/sysfs.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struc unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; --- a/drivers/md/bcache/util.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ --- a/drivers/md/bcache/writeback.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *a struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *a skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcach int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" has been removed from the -mm tree. Its filename was revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" Date: Sun, 15 Jun 2025 04:23:51 +0800 Patch series "bcache: Revert min_heap migration due to performance regression". This patch series reverts the migration of bcache from its original heap implementation to the generic min_heap library. While the original change aimed to simplify the code and improve maintainability, it introduced a severe performance regression in real-world scenarios. As reported by Robert, systems using bcache now suffer from periodic latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. This degrades bcache's value as a low-latency caching layer, and leads to frequent timeouts and application stalls in production environments. The primary cause of this regression is the behavior of the generic min_heap implementation's bottom-up sift_down, which performs up to 2 * log2(n) comparisons when many elements are equal. The original top-down variant used by bcache only required O(1) comparisons in such cases. The issue was further exacerbated by commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), which introduced non-inlined versions of the min_heap API, adding function call overhead to a performance-critical hot path. This patch (of 3): This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lkml.kernel.org/r/20250614202353.1632957-1-visitorckw@gmail.com Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-2-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(co return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; --- a/drivers/md/bcache/bset.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(co return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_it { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ --- a/drivers/md/bcache/extents.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(cons return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; --- a/drivers/md/bcache/movinggc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache Date: Wed, 4 Jun 2025 23:10:38 +0800 This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Link: https://lkml.kernel.org/r/20250604151038.21968-1-ryncsn@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Kairui Song <kasong(a)tencent.com> Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chris Li <chrisl(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache +++ a/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struc pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struc if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ retry: } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out: _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" has been removed from the -mm tree. Its filename was mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Date: Wed, 11 Jun 2025 15:13:14 +0200 After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Link: https://lkml.kernel.org/r/20250611131314.594529-1-david@redhat.com Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Signed-off-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/mm/gup.c~mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked +++ a/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_f /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_ if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_ NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); _ Patches currently in -mm which might be from david(a)redhat.com are fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

5 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem, swap: fix softlockup with mTHP swapin has been removed from the -mm tree. Its filename was mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: fix softlockup with mTHP swapin Date: Tue, 10 Jun 2025 01:17:51 +0800 Following softlockup can be easily reproduced on my test machine with: echo always > /sys/kernel/mm/transparent_hugepage/hugepages-64kB/enabled swapon /dev/zram0 # zram0 is a 48G swap device mkdir -p /sys/fs/cgroup/memory/test echo 1G > /sys/fs/cgroup/test/memory.max echo $BASHPID > /sys/fs/cgroup/test/cgroup.procs while true; do dd if=/dev/zero of=/tmp/test.img bs=1M count=5120 cat /tmp/test.img > /dev/null rm /tmp/test.img done Then after a while: watchdog: BUG: soft lockup - CPU#0 stuck for 763s! [cat:5787] Modules linked in: zram virtiofs CPU: 0 UID: 0 PID: 5787 Comm: cat Kdump: loaded Tainted: G L 6.15.0.orig-gf3021d9246bc-dirty #118 PREEMPT(voluntary)�� Tainted: [L]=SOFTLOCKUP Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 RIP: 0010:mpol_shared_policy_lookup+0xd/0x70 Code: e9 b8 b4 ff ff 31 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 41 54 55 53 <48> 8b 1f 48 85 db 74 41 4c 8d 67 08 48 89 fb 48 89 f5 4c 89 e7 e8 RSP: 0018:ffffc90002b1fc28 EFLAGS: 00000202 RAX: 00000000001c20ca RBX: 0000000000724e1e RCX: 0000000000000001 RDX: ffff888118e214c8 RSI: 0000000000057d42 RDI: ffff888118e21518 RBP: 000000000002bec8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000bf4 R11: 0000000000000000 R12: 0000000000000001 R13: 00000000001c20ca R14: 00000000001c20ca R15: 0000000000000000 FS: 00007f03f995c740(0000) GS:ffff88a07ad9a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f03f98f1000 CR3: 0000000144626004 CR4: 0000000000770eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> shmem_alloc_folio+0x31/0xc0 shmem_swapin_folio+0x309/0xcf0 ? filemap_get_entry+0x117/0x1e0 ? xas_load+0xd/0xb0 ? filemap_get_entry+0x101/0x1e0 shmem_get_folio_gfp+0x2ed/0x5b0 shmem_file_read_iter+0x7f/0x2e0 vfs_read+0x252/0x330 ksys_read+0x68/0xf0 do_syscall_64+0x4c/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f03f9a46991 Code: 00 48 8b 15 81 14 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d 35 97 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007fff3c52bd28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f03f9a46991 RDX: 0000000000040000 RSI: 00007f03f98ba000 RDI: 0000000000000003 RBP: 00007fff3c52bd50 R08: 0000000000000000 R09: 00007f03f9b9a380 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000 R13: 00007f03f98ba000 R14: 0000000000000003 R15: 0000000000000000 </TASK> The reason is simple, readahead brought some order 0 folio in swap cache, and the swapin mTHP folio being allocated is in conflict with it, so swapcache_prepare fails and causes shmem_swap_alloc_folio to return -EEXIST, and shmem simply retries again and again causing this loop. Fix it by applying a similar fix for anon mTHP swapin. The performance change is very slight, time of swapin 10g zero folios with shmem (test for 12 times): Before: 2.47s After: 2.48s [kasong(a)tencent.com: add comment] Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250609171751.36305-1-ryncsn@gmail.com Fixes: 1dd44c0af4fa ("mm: shmem: skip swapcache for swapin of synchronous swap device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Usama Arif <usamaarif642(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 20 -------------------- mm/shmem.c | 6 +++++- mm/swap.h | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 21 deletions(-) --- a/mm/memory.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/memory.c @@ -4315,26 +4315,6 @@ static struct folio *__alloc_swap_folio( } #ifdef CONFIG_TRANSPARENT_HUGEPAGE -static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) -{ - struct swap_info_struct *si = swp_swap_info(entry); - pgoff_t offset = swp_offset(entry); - int i; - - /* - * While allocating a large folio and doing swap_read_folio, which is - * the case the being faulted pte doesn't have swapcache. We need to - * ensure all PTEs have no cache as well, otherwise, we might go to - * swap devices while the content is in swapcache. - */ - for (i = 0; i < max_nr; i++) { - if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) - return i; - } - - return i; -} - /* * Check if the PTEs within a range are contiguous swap entries * and have consistent swapcache, zeromap. --- a/mm/shmem.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/shmem.c @@ -2259,6 +2259,7 @@ static int shmem_swapin_folio(struct ino folio = swap_cache_get_folio(swap, NULL, 0); order = xa_get_order(&mapping->i_pages, index); if (!folio) { + int nr_pages = 1 << order; bool fallback_order0 = false; /* Or update major stats only when swapin succeeds?? */ @@ -2272,9 +2273,12 @@ static int shmem_swapin_folio(struct ino * If uffd is active for the vma, we need per-page fault * fidelity to maintain the uffd semantics, then fallback * to swapin order-0 folio, as well as for zswap case. + * Any existing sub folio in the swap cache also blocks + * mTHP swapin. */ if (order > 0 && ((vma && unlikely(userfaultfd_armed(vma))) || - !zswap_never_enabled())) + !zswap_never_enabled() || + non_swapcache_batch(swap, nr_pages) != nr_pages)) fallback_order0 = true; /* Skip swapcache for synchronous device. */ --- a/mm/swap.h~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/swap.h @@ -106,6 +106,25 @@ static inline int swap_zeromap_batch(swp return find_next_bit(sis->zeromap, end, start) - start; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + struct swap_info_struct *si = swp_swap_info(entry); + pgoff_t offset = swp_offset(entry); + int i; + + /* + * While allocating a large folio and doing mTHP swapin, we need to + * ensure all entries are not cached, otherwise, the mTHP folio will + * be in conflict with the folio in swap cache. + */ + for (i = 0; i < max_nr; i++) { + if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) + return i; + } + + return i; +} + #else /* CONFIG_SWAP */ struct swap_iocb; static inline void swap_read_folio(struct folio *folio, struct swap_iocb **plug) @@ -199,6 +218,10 @@ static inline int swap_zeromap_batch(swp return 0; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + return 0; +} #endif /* CONFIG_SWAP */ /** _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

5 months, 2 weeks

1
0
0 0

[PATCH v6 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v5 and v6: - Incorporate review comments from John: - Rebase patches on 6.17/scsi-queue Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index f8ab69c51dab..36b498ad55b4 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2245,6 +2267,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = timer_container_of(fabric, t, @@ -2291,14 +2328,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3716,11 +3746,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3730,10 +3781,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

5 months, 2 weeks

4
5
0 0

[PATCH] scsi: mpt3sas: drop unused variable in mpt3sas_send_mctp_passthru_req()

by André Draszik

With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Fixes: c72be4b5bb7c ("scsi: mpt3sas: Add support for MCTP Passthrough commands") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index 02fc204b9bf7b276115bf6db52746155381799fd..3b951589feeb6c13094ea44b494ca3050a309b15 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c +++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c @@ -2914,7 +2914,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) { struct MPT3SAS_ADAPTER *ioc; MPI2RequestHeader_t *mpi_request = NULL, *request; - MPI2DefaultReply_t *mpi_reply; Mpi26MctpPassthroughRequest_t *mctp_passthru_req; u16 smid; unsigned long timeout; @@ -3022,8 +3021,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) goto issue_host_reset; } - mpi_reply = ioc->ctl_cmds.reply; - /* copy out xdata to user */ if (data_in_sz) memcpy(command->data_in_buf_ptr, data_in, data_in_sz); --- base-commit: a0bea9e39035edc56a994630e6048c8a191a99d8 change-id: 20250606-mpt3sas-15563809f705 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

5 months, 2 weeks

2
2
0 0

[PATCH] ARM: Use an absolute path to unified.h in KBUILD_AFLAGS

by Nathan Chancellor

After commit d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target"), which updated as-instr to use the 'assembler-with-cpp' language option, the Kbuild version of as-instr always fails internally for arch/arm with <command-line>: fatal error: asm/unified.h: No such file or directory compilation terminated. because '-include' flags are now taken into account by the compiler driver and as-instr does not have '$(LINUXINCLUDE)', so unified.h is not found. This went unnoticed at the time of the Kbuild change because the last use of as-instr in Kbuild that arch/arm could reach was removed in 5.7 by commit 541ad0150ca4 ("arm: Remove 32bit KVM host support") but a stable backport of the Kbuild change to before that point exposed this potential issue if one were to be reintroduced. Follow the general pattern of '-include' paths throughout the tree and make unified.h absolute using '$(srctree)' to ensure KBUILD_AFLAGS can be used independently. Cc: stable(a)vger.kernel.org Fixes: d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target") Reported-by: KernelCI bot <bot(a)kernelci.org> Closes: https://lore.kernel.org/CACo-S-1qbCX4WAVFA63dWfHtrRHZBTyyr2js8Lx=Az03XHTTHg… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 4808d3ed98e4..e31e95ffd33f 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -149,7 +149,7 @@ endif # Need -Uarm for gcc < 3.x KBUILD_CPPFLAGS +=$(cpp-y) KBUILD_CFLAGS +=$(CFLAGS_ABI) $(CFLAGS_ISA) $(arch-y) $(tune-y) $(call cc-option,-mshort-load-bytes,$(call cc-option,-malignment-traps,)) -msoft-float -Uarm -KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include asm/unified.h -msoft-float +KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include $(srctree)/arch/arm/include/asm/unified.h -msoft-float KBUILD_RUSTFLAGS += --target=arm-unknown-linux-gnueabi CHECKFLAGS += -D__arm__ --- base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e change-id: 20250618-arm-expand-include-unified-h-path-60e65adcda1e Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

5 months, 2 weeks

2
1
0 0

[PATCH 6.1/6.6] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys

by WangYuli

From: Renato Caldas <renato(a)calgera.com> [ Upstream commit 36e66be874a7ea9d28fb9757629899a8449b8748 ] The scancodes for the Mic Mute and Airplane keys on the Ideapad Pro 5 (14AHP9 at least, probably the other variants too) are different and were not being picked up by the driver. This adds them to the keymap. Apart from what is already supported, the remaining fn keys are unfortunately producing windows-specific key-combos. Signed-off-by: Renato Caldas <renato(a)calgera.com> Link: https://lore.kernel.org/r/20241102183116.30142-1-renato@calgera.com Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/platform/x86/ideapad-laptop.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c index 88eefccb6ed2..50013af0537c 100644 --- a/drivers/platform/x86/ideapad-laptop.c +++ b/drivers/platform/x86/ideapad-laptop.c @@ -1101,6 +1101,9 @@ static const struct key_entry ideapad_keymap[] = { { KE_KEY, 0x27 | IDEAPAD_WMI_KEY, { KEY_HELP } }, /* Refresh Rate Toggle */ { KE_KEY, 0x0a | IDEAPAD_WMI_KEY, { KEY_DISPLAYTOGGLE } }, + /* Specific to some newer models */ + { KE_KEY, 0x3e | IDEAPAD_WMI_KEY, { KEY_MICMUTE } }, + { KE_KEY, 0x3f | IDEAPAD_WMI_KEY, { KEY_RFKILL } }, { KE_END }, }; -- 2.50.0

5 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061738-circus-skipping-ed0c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

5 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-tiger-fritter-acf8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

5 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-jersey-sneak-9ecf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

5 months, 2 weeks

3
2
0 0

[PATCH 5.4~6.12] Input: sparcspkr - avoid unannotated fall-through

by WangYuli

[ Upstream commit 8b1d858cbd4e1800e9336404ba7892b5a721230d ] Fix follow warnings with clang-21i (and reformat for clarity): drivers/input/misc/sparcspkr.c:78:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 78 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:78:3: note: insert 'break;' to avoid fall-through 78 | case SND_TONE: break; | ^ | break; drivers/input/misc/sparcspkr.c:113:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 113 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:113:3: note: insert 'break;' to avoid fall-through 113 | case SND_TONE: break; | ^ | break; 2 warnings generated. Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Link: https://lore.kernel.org/r/6730E40353C76908+20250415052439.155051-1-wangyuli… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> --- drivers/input/misc/sparcspkr.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c index 20020cbc0752..a94699f2bbc6 100644 --- a/drivers/input/misc/sparcspkr.c +++ b/drivers/input/misc/sparcspkr.c @@ -75,9 +75,14 @@ static int bbc_spkr_event(struct input_dev *dev, unsigned int type, unsigned int return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) @@ -113,9 +118,14 @@ static int grover_spkr_event(struct input_dev *dev, unsigned int type, unsigned return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) -- 2.50.0

5 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051203-thrift-spool-ebc8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

5 months, 2 weeks

4
4
0 0

[PATCH 6.6 000/356] 6.6.94-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.94 release. There are 356 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.94-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.94-rc1 I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "io_uring: ensure deferred completions are posted for multishot" Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jens Axboe <axboe(a)kernel.dk> io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT Jens Axboe <axboe(a)kernel.dk> io_uring: add io_file_can_poll() helper Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Easwar Hariharan <eahariha(a)linux.microsoft.com> wifi: ath11k: convert timeouts to secs_to_jiffies() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: fix soc_dp_stats debugfs file permission Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Dr. David Alan Gilbert <linux(a)treblig.org> Bluetooth: MGMT: Remove unused mgmt_pending_find_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Fix sdhci node properties Andrey Konovalov <andreyknvl(a)gmail.com> kasan: use unchecked __memset internally Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Jakob Unterwurzacher <jakobunt(a)gmail.com> net: dsa: microchip: linearize skb for tail-tagging switches Pieter Van Trappen <pieter.van.trappen(a)cern.ch> net: dsa: microchip: update tag_ksz masks for KSZ9477 family Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Do not discard modified SVE state Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 +- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 ++--- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 -- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 -- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- .../r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 ++++++++++++++- arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/include/asm/fpsimd.h | 3 + arch/arm64/kernel/entry-common.c | 46 ++++- arch/arm64/kernel/fpsimd.c | 21 +- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/net/bpf_jit_comp.c | 12 +- arch/x86/include/asm/mwait.h | 9 +- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/process.c | 15 +- crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 3 +- drivers/bluetooth/hci_qca.c | 14 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 ++ drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + drivers/cpufreq/acpi-cpufreq.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 +-- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/i10nm_base.c | 35 ++-- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 ++- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +-- drivers/gpu/drm/meson/meson_vclk.c | 226 +++++++++++--------- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 ++-- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 +++ drivers/hid/hid-hyperv.c | 4 +- drivers/hid/usbhid/hid-core.c | 25 ++- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 49 +++-- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/filter/admv8818.c | 230 ++++++++++++++++----- drivers/infiniband/core/cm.c | 16 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 ++- drivers/input/rmi4/rmi_f34.c | 133 ++++++------ drivers/iommu/Kconfig | 1 - drivers/iommu/iommu.c | 4 +- drivers/md/dm-flakey.c | 70 ++++--- drivers/md/dm.c | 30 +-- drivers/mfd/exynos-lpass.c | 1 - drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 25 ++- drivers/net/dsa/b53/b53_common.c | 23 +-- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_main.c | 47 +++-- drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++++++++++++--- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 4 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +++-- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/macsec.c | 40 +++- drivers/net/phy/mdio_bus.c | 12 ++ drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 +++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 ++-- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 62 +++--- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 2 +- drivers/net/wireless/ath/ath12k/core.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 9 + drivers/net/wireless/ath/ath12k/wmi.c | 3 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/target/fcloop.c | 31 +-- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 1 + drivers/pci/pcie/dpc.c | 2 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/power/reset/at91-reset.c | 5 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 - drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 ++- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +-- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +-- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thunderbolt/ctl.c | 5 + drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 81 ++++++-- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 21 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/renesas_usbhs/common.c | 50 +++-- drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 +++++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/xen/balloon.c | 13 +- fs/btrfs/scrub.c | 34 ++- fs/f2fs/data.c | 4 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/namei.c | 10 +- fs/f2fs/super.c | 4 +- fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 +- fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/namespace.c | 25 ++- fs/nfs/super.c | 19 ++ fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ocfs2/quota_local.c | 2 +- fs/smb/client/cifssmb.c | 20 +- fs/squashfs/super.c | 5 + include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bvec.h | 7 +- include/linux/hid.h | 3 +- include/linux/io_uring_types.h | 3 + include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/phy.h | 5 +- include/net/bluetooth/hci_core.h | 2 +- include/net/checksum.h | 2 +- include/net/sock.h | 7 +- io_uring/io_uring.c | 10 +- io_uring/io_uring.h | 12 ++ io_uring/kbuf.c | 3 +- io_uring/poll.c | 2 +- io_uring/rw.c | 26 ++- kernel/bpf/core.c | 29 +-- kernel/events/core.c | 50 +++-- kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 2 +- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 +++++++++-- kernel/trace/trace_events_trigger.c | 20 +- lib/kunit/static_stub.c | 2 +- mm/kasan/report.c | 4 +- mm/kasan/shadow.c | 2 +- net/bluetooth/eir.c | 10 +- net/bluetooth/hci_core.c | 16 +- net/bluetooth/hci_sync.c | 20 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 140 ++++++------- net/bluetooth/mgmt_util.c | 51 ++--- net/bluetooth/mgmt_util.h | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/filter.c | 2 +- net/core/skmsg.c | 53 +++-- net/core/utils.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_ksz.c | 22 +- net/ipv4/udp_offload.c | 5 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 13 +- net/ipv6/seg6_local.c | 6 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +-- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/xfrm/xfrm_device.c | 2 - net/xfrm/xfrm_state.c | 2 - scripts/Makefile.extrawarn | 12 ++ scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 ++-- sound/soc/apple/mca.c | 23 +++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 2 +- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + tools/arch/x86/kcpuid/kcpuid.c | 47 +++-- tools/bpf/resolve_btfids/Makefile | 2 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 5 +- tools/lib/bpf/linker.c | 4 +- tools/lib/bpf/nlattr.c | 15 +- tools/perf/Makefile.config | 2 + tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 5 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 +++++++++++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +- 347 files changed, 3285 insertions(+), 1551 deletions(-)

5 months, 2 weeks

17
377
0 0

+ scripts-gdb-fix-dentry_name-lookup.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix dentry_name() lookup has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-gdb-fix-dentry_name-lookup.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix dentry_name() lookup Date: Thu, 19 Jun 2025 15:51:05 -0700 The "d_iname" member was replaced with "d_shortname.string" in the commit referenced in the Fixes tag. This prevented the GDB script "lx-mount" command to properly function: (gdb) lx-mounts mount super_block devname pathname fstype options 0xff11000002d21180 0xff11000002d24800 rootfs / rootfs rw 0 0 0xff11000002e18a80 0xff11000003713000 /dev/root / ext4 rw,relatime 0 0 Python Exception <class 'gdb.error'>: There is no member named d_iname. Error occurred in Python: There is no member named d_iname. Link: https://lkml.kernel.org/r/20250619225105.320729-1-florian.fainelli@broadcom… Fixes: 58cf9c383c5c ("dcache: back inline names with a struct-wrapped array of unsigned long") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-fix-dentry_name-lookup +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_iname'].string() + return p + d['d_shortname']['string'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are scripts-gdb-fix-dentry_name-lookup.patch

5 months, 2 weeks

1
0
0 0

+ mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Date: Thu, 19 Jun 2025 11:36:07 -0700 memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer. Link: https://lkml.kernel.org/r/20250619183608.6647-2-sj@kernel.org Fixes: 7ee161f18b5d ("mm/damon/sysfs-schemes: implement filter directory") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write +++ a/mm/damon/sysfs-schemes.c @@ -472,6 +472,7 @@ static ssize_t memcg_path_store(struct k return -ENOMEM; strscpy(path, buf, count + 1); + kfree(filter->memcg_path); filter->memcg_path = path; return count; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch

5 months, 2 weeks

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Fri, 20 Jun 2025 01:55:35 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v2. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250619175538.15799-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250619175538.15799-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

5 months, 2 weeks

1
0
0 0

+ lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Kuai <yukuai3(a)huawei.com> Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() Date: Thu, 19 Jun 2025 21:26:55 +0800 While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__bitmap_or+0x48/0x70 Call Trace: <TASK> __group_cpus_evenly+0x822/0x8c0 group_cpus_evenly+0x2d9/0x490 blk_mq_map_queues+0x1e/0x110 null_map_queues+0xc9/0x170 [null_blk] blk_mq_update_queue_map+0xdb/0x160 blk_mq_update_nr_hw_queues+0x22b/0x560 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_poll_queues_store+0xa4/0x130 [null_blk] configfs_write_iter+0x109/0x1d0 vfs_write+0x26e/0x6f0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x45c4/0x45f0 do_syscall_64+0xa5/0x240 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from kcalloc(), then __group_cpus_evenly() will deference the ZERO_SIZE_PTR. Fix the problem by checking numgrps first in group_cpus_evenly(), and return NULL directly if numgrps is zero. Link: https://lkml.kernel.org/r/20250619132655.3318883-1-yukuai1@huaweicloud.com Fixes: 6a6dcae8f486 ("blk-mq: Build default queue map via group_cpus_evenly()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Reviewed-by: Jens Axboe <axboe(a)kernel.dk> Cc: ErKun Yang <yangerkun(a)huawei.com> Cc: John Garry <john.g.garry(a)oracle.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: "zhangyi (F)" <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/group_cpus.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/group_cpus.c~lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly +++ a/lib/group_cpus.c @@ -352,6 +352,9 @@ struct cpumask *group_cpus_evenly(unsign int ret = -ENOMEM; struct cpumask *masks = NULL; + if (numgrps == 0) + return NULL; + if (!zalloc_cpumask_var(&nmsk, GFP_KERNEL)) return NULL; _ Patches currently in -mm which might be from yukuai3(a)huawei.com are lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch

5 months, 2 weeks

1
0
0 0

[PATCH v2] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Fix kdoc issue reported by lkp robot --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..d46d9434933c4 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -403,10 +403,11 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * usb4_switch_set_wake() - Enabled/disable wake * @sw: USB4 router * @flags: Wakeup flags (%0 to disable) + * @runtime: Wake is being programmed during system runtime * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +439,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

5 months, 2 weeks

2
1
0 0

[PATCH 0/2] mm/damon: fix memory leak in memcg_path sysfs file

by SeongJae Park

Users can leak memory by repeatedly writing a string to DAMOS sysfs memcg_path file. Fix it (patch 1) and add a selftest (patch 2) to avoid reoccurrance of the bug. SeongJae Park (2): mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write selftets/damon: add a test for memcg_path leak mm/damon/sysfs-schemes.c | 1 + tools/testing/selftests/damon/Makefile | 1 + .../selftests/damon/sysfs_memcg_path_leak.sh | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100755 tools/testing/selftests/damon/sysfs_memcg_path_leak.sh base-commit: 05b89e828eb4f791f721cbdc65f36e1a8287a9d3 -- 2.39.5

5 months, 2 weeks

1
1
0 0

[PATCH] NFC: nci: uart: Set tty->disc_data only in success path

by Krzysztof Kozlowski

Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded (broken hardware?). Close the window by exposing tty->disc_data only on the success path, when opening of the NCI device and try_module_get() succeeds. The code differs in error path in one aspect: tty->disc_data won't be ever assigned thus NULL-ified. This however should not be relevant difference, because of "tty->disc_data=NULL" in nci_uart_tty_open(). Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Fixes: 9961127d4bce ("NFC: nci: add generic uart support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- net/nfc/nci/uart.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/nfc/nci/uart.c b/net/nfc/nci/uart.c index ed1508a9e093..aab107727f18 100644 --- a/net/nfc/nci/uart.c +++ b/net/nfc/nci/uart.c @@ -119,22 +119,22 @@ static int nci_uart_set_driver(struct tty_struct *tty, unsigned int driver) memcpy(nu, nci_uart_drivers[driver], sizeof(struct nci_uart)); nu->tty = tty; - tty->disc_data = nu; skb_queue_head_init(&nu->tx_q); INIT_WORK(&nu->write_work, nci_uart_write_work); spin_lock_init(&nu->rx_lock); ret = nu->ops.open(nu); if (ret) { - tty->disc_data = NULL; kfree(nu); + return ret; } else if (!try_module_get(nu->owner)) { nu->ops.close(nu); - tty->disc_data = NULL; kfree(nu); return -ENOENT; } - return ret; + tty->disc_data = nu; + + return 0; } /* ------ LDISC part ------ */ -- 2.45.2

5 months, 2 weeks

3
2
0 0

Google's 1st page*%$!

by James Charles

Hi, I have checked your website and I feel that you need to make some improvements in your website. We can place your website on the 1st page of Google, Yahoo and a better presence on Facebook, LinkedIn, YouTube, Instagram, Pinterest etc. which you can charge me some amount. Thanks and regards

5 months, 2 weeks

1
0
0 0

[REGRESSION] e1000e heavy packet loss on Meteor Lake - 6.14.2

by Marek Marczykowski-Górecki

Hi, After updating to 6.14.2, the ethernet adapter is almost unusable, I get over 30% packet loss. Bisect says it's this commit: commit 85f6414167da39e0da30bf370f1ecda5a58c6f7b Author: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu Mar 13 16:05:56 2025 +0200 e1000e: change k1 configuration on MTP and later platforms [ Upstream commit efaaf344bc2917cbfa5997633bc18a05d3aed27f ] Starting from Meteor Lake, the Kumeran interface between the integrated MAC and the I219 PHY works at a different frequency. This causes sporadic MDI errors when accessing the PHY, and in rare circumstances could lead to packet corruption. To overcome this, introduce minor changes to the Kumeran idle state (K1) parameters during device initialization. Hardware reset reverts this configuration, therefore it needs to be applied in a few places. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Avigail Dahan <avigailx.dahan(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> drivers/net/ethernet/intel/e1000e/defines.h | 3 ++ drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++++++++++++++++++++++-- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 ++ 3 files changed, 82 insertions(+), 5 deletions(-) My system is Novacustom V540TU laptop with Intel Core Ultra 5 125H. And the e1000e driver is running in a Xen HVM (with PCI passthrough). Interestingly, I have also another one with Intel Core Ultra 7 155H where the issue does not happen. I don't see what is different about network adapter there, they look identical on lspci (but there are differences about other devices)... I see the commit above was already backported to other stable branches too... #regzbot introduced: 85f6414167da39e0da30bf370f1ecda5a58c6f7b -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

5 months, 2 weeks

4
19
0 0

Linux 6.15.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.3 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Documentation/misc-devices/lis3lv02d.rst | 6 Documentation/netlink/specs/rt_link.yaml | 68 + Documentation/networking/xfrm_device.rst | 10 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/allwinner/sun50i-a100.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/mediatek/mt8390-genio-common.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/ipq9574.dtsi | 16 arch/arm64/boot/dts/qcom/msm8998.dtsi | 19 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/qcs615.dtsi | 17 arch/arm64/boot/dts/qcom/qcs8300.dtsi | 12 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 11 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8550.dtsi | 391 ++++++---- arch/arm64/boot/dts/qcom/sm8650.dtsi | 82 +- arch/arm64/boot/dts/qcom/sm8750.dtsi | 26 arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 44 + arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 arch/arm64/boot/dts/renesas/white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 8 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3528.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/kernel/uv.c | 85 +- arch/s390/net/bpf_jit_comp.c | 12 arch/um/os-Linux/sigio.c | 3 arch/x86/events/amd/uncore.c | 36 arch/x86/hyperv/hv_init.c | 33 arch/x86/hyperv/hv_vtl.c | 44 - arch/x86/hyperv/ivm.c | 22 arch/x86/include/asm/mshyperv.h | 6 arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-integrity.c | 7 block/blk-throttle.c | 22 block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/asymmetric_keys/public_key.c | 13 crypto/ecdsa-p1363.c | 6 crypto/ecdsa-x962.c | 5 crypto/ecdsa.c | 2 crypto/ecrdsa.c | 2 crypto/krb5/rfc3961_simplified.c | 1 crypto/lrw.c | 4 crypto/rsassa-pkcs1.c | 2 crypto/sig.c | 9 crypto/xts.c | 4 drivers/accel/amdxdna/aie2_message.c | 6 drivers/accel/amdxdna/aie2_msg_priv.h | 10 drivers/accel/amdxdna/aie2_psp.c | 4 drivers/accel/ivpu/ivpu_job.c | 8 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/platform_profile.c | 3 drivers/acpi/resource.c | 2 drivers/acpi/thermal.c | 10 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 44 + drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 12 drivers/char/Kconfig | 2 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/intel/iaa/iaa_crypto_main.c | 6 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/xilinx/zynqmp-sha.c | 18 drivers/dma/ti/k3-udma.c | 3 drivers/edac/bluefield_edac.c | 20 drivers/edac/i10nm_base.c | 35 drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/firmware/samsung/exynos-acpm-pmic.c | 16 drivers/firmware/samsung/exynos-acpm.c | 11 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0_cleaner_shader.h | 6 drivers/gpu/drm/amd/amdgpu/gfx_v10_1_10_cleaner_shader.asm | 13 drivers/gpu/drm/amd/display/dc/basics/fixpt31_32.c | 5 drivers/gpu/drm/amd/display/dc/sspl/spl_fixpt31_32.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 58 - drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/ci/gitlab-ci.yml | 19 drivers/gpu/drm/display/drm_hdmi_audio_helper.c | 3 drivers/gpu/drm/drm_panic_qr.rs | 71 + drivers/gpu/drm/i915/display/intel_dp.c | 7 drivers/gpu/drm/i915/display/intel_dp.h | 1 drivers/gpu/drm/i915/display/intel_dp_mst.c | 5 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 16 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 2 drivers/gpu/drm/meson/meson_vclk.c | 55 - drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/msm/dp/dp_display.c | 27 drivers/gpu/drm/msm/dp/dp_link.h | 4 drivers/gpu/drm/msm/dp/dp_panel.c | 12 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_device.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/v3d/v3d_debugfs.c | 126 +-- drivers/gpu/drm/v3d/v3d_drv.c | 22 drivers/gpu/drm/v3d/v3d_drv.h | 11 drivers/gpu/drm/v3d/v3d_gem.c | 10 drivers/gpu/drm/v3d/v3d_irq.c | 64 + drivers/gpu/drm/v3d/v3d_perfmon.c | 4 drivers/gpu/drm/v3d/v3d_sched.c | 6 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 drivers/gpu/drm/vc4/tests/vc4_test_pv_muxing.c | 154 +++ drivers/gpu/drm/vc4/vc4_hdmi.c | 16 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/xe_bo.c | 48 - drivers/gpu/drm/xe/xe_gt_freq.c | 5 drivers/gpu/drm/xe/xe_guc_debugfs.c | 159 ++-- drivers/gpu/drm/xe/xe_lrc.c | 24 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_pxp.c | 8 drivers/gpu/drm/xe/xe_vm.c | 19 drivers/gpu/drm/xe/xe_vm.h | 69 + drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/gpu/drm/xlnx/Kconfig | 1 drivers/hid/Kconfig | 2 drivers/hid/hid-hyperv.c | 4 drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 7 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 21 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-etm4x-core.c | 5 drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 4 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 51 - drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tmc-etf.c | 11 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad4851.c | 14 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 drivers/iio/adc/pac1934.c | 2 drivers/iio/dac/adi-axi-dac.c | 8 drivers/iio/filter/admv8818.c | 224 ++++- drivers/infiniband/core/cm.c | 19 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/bnxt_re/debugfs.c | 20 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 drivers/infiniband/sw/rxe/rxe_qp.c | 7 drivers/iommu/Kconfig | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/iommu/io-pgtable-arm.c | 13 drivers/iommu/iommu.c | 4 drivers/iommu/ipmmu-vmsa.c | 3 drivers/mailbox/Kconfig | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 - drivers/md/dm-table.c | 67 + drivers/md/dm-zone.c | 86 +- drivers/md/dm.c | 36 drivers/md/dm.h | 6 drivers/md/raid1-10.c | 10 drivers/md/raid1.c | 19 drivers/md/raid10.c | 11 drivers/media/platform/synopsys/hdmirx/snps_hdmirx.c | 14 drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 31 drivers/mfd/stmpe-spi.c | 2 drivers/misc/lis3lv02d/Kconfig | 4 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 144 +-- drivers/net/dsa/b53/b53_common.c | 92 +- drivers/net/dsa/b53/b53_priv.h | 1 drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/airoha/airoha_eth.c | 23 drivers/net/ethernet/airoha/airoha_eth.h | 10 drivers/net/ethernet/airoha/airoha_ppe.c | 32 drivers/net/ethernet/airoha/airoha_regs.h | 10 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 20 drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 18 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/e1000/e1000_main.c | 8 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/iavf/iavf.h | 1 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 29 drivers/net/ethernet/intel/iavf/iavf_main.c | 300 ++----- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 17 drivers/net/ethernet/intel/ice/ice_main.c | 47 - drivers/net/ethernet/intel/ice/ice_ptp.c | 1 drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 41 - drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 drivers/net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_rep.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 18 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 28 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c | 14 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 55 + drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 9 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 48 - drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.h | 4 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws.h | 6 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 - drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 - drivers/net/mctp/mctp-usb.c | 2 drivers/net/netconsole.c | 3 drivers/net/netdevsim/ipsec.c | 15 drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mediatek/Kconfig | 3 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_caps.c | 18 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 --- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++ drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 28 drivers/net/wireless/ath/ath12k/core.h | 19 drivers/net/wireless/ath/ath12k/debugfs.c | 4 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp.h | 2 drivers/net/wireless/ath/ath12k/dp_mon.c | 351 +++++++- drivers/net/wireless/ath/ath12k/dp_mon.h | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 234 +++-- drivers/net/wireless/ath/ath12k/dp_rx.h | 29 drivers/net/wireless/ath/ath12k/dp_tx.c | 23 drivers/net/wireless/ath/ath12k/hal.c | 103 +- drivers/net/wireless/ath/ath12k/hal.h | 64 - drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hal_rx.h | 15 drivers/net/wireless/ath/ath12k/hw.c | 35 drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/mac.c | 86 +- drivers/net/wireless/ath/ath12k/mhi.c | 7 drivers/net/wireless/ath/ath12k/pci.c | 17 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/reg.c | 4 drivers/net/wireless/ath/ath12k/wmi.c | 39 drivers/net/wireless/ath/ath12k/wmi.h | 16 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 1 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/channel.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/eeprom.c | 1 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 14 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 23 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 4 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 36 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pci-imx6.c | 47 + drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/controller/pcie-rockchip.h | 7 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/hotplug/pci_hotplug_core.c | 69 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 29 drivers/pci/hotplug/pciehp_hpc.c | 78 + drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pci.h | 3 drivers/pci/pcie/dpc.c | 68 - drivers/pci/pwrctrl/core.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/qualcomm/phy-qcom-qusb2.c | 27 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/mediatek/mtk-eint.c | 4 drivers/pinctrl/mediatek/mtk-eint.h | 2 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 7 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/qcom/pinctrl-qcs615.c | 2 drivers/pinctrl/qcom/pinctrl-qcs8300.c | 2 drivers/pinctrl/qcom/tlmm-test.c | 1 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 +++--- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pinctrl/sunxi/pinctrl-sunxi-dt.c | 8 drivers/platform/chrome/cros_ec_typec.c | 6 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/max77705_charger.c | 20 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 118 +-- drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/lpfc/lpfc_hbadisc.c | 32 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/soundwire/generic_bandwidth_allocation.c | 7 drivers/spi/atmel-quadspi.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 drivers/spi/spi-qpic-snand.c | 44 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/gpib/ines/ines_gpib.c | 2 drivers/staging/gpib/uapi/gpib_user.h | 2 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 92 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 ++ drivers/usb/renesas_usbhs/common.c | 50 - drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 94 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/virtio/virtio_pci_modern.c | 13 drivers/watchdog/exar_wdt.c | 2 drivers/watchdog/lenovo_se30_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 6 fs/afs/write.c | 9 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/file.c | 2 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 fs/btrfs/tree-log.c | 24 fs/cachefiles/io.c | 16 fs/ceph/addr.c | 6 fs/dax.c | 2 fs/erofs/fscache.c | 6 fs/erofs/super.c | 49 + fs/f2fs/data.c | 6 fs/f2fs/f2fs.h | 46 - fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.c | 12 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 45 - fs/filesystems.c | 14 fs/gfs2/aops.c | 54 - fs/gfs2/aops.h | 3 fs/gfs2/bmap.c | 3 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 98 ++ fs/gfs2/inode.h | 1 fs/gfs2/log.c | 7 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 fs/gfs2/super.c | 90 -- fs/gfs2/sys.c | 1 fs/gfs2/trans.c | 21 fs/gfs2/trans.h | 2 fs/gfs2/xattr.c | 11 fs/gfs2/xattr.h | 2 fs/iomap/buffered-io.c | 2 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/mount.h | 5 fs/namespace.c | 118 +-- fs/netfs/buffered_read.c | 32 fs/netfs/buffered_write.c | 2 fs/netfs/direct_read.c | 13 fs/netfs/direct_write.c | 12 fs/netfs/fscache_io.c | 10 fs/netfs/internal.h | 42 - fs/netfs/main.c | 1 fs/netfs/misc.c | 219 +++++ fs/netfs/objects.c | 48 - fs/netfs/read_collect.c | 185 ---- fs/netfs/read_pgpriv2.c | 4 fs/netfs/read_retry.c | 26 fs/netfs/read_single.c | 6 fs/netfs/write_collect.c | 81 -- fs/netfs/write_issue.c | 38 fs/netfs/write_retry.c | 19 fs/nfs/fscache.c | 1 fs/nfs/localio.c | 45 - fs/nfs/nfs4proc.c | 32 fs/nfs/super.c | 19 fs/nfs_common/nfslocalio.c | 99 +- fs/nfsd/filecache.c | 32 fs/nfsd/filecache.h | 3 fs/nfsd/localio.c | 70 + fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/pidfs.c | 2 fs/pnode.c | 4 fs/smb/client/cifsproto.h | 3 fs/smb/client/cifssmb.c | 24 fs/smb/client/file.c | 19 fs/smb/client/smb2pdu.c | 4 fs/squashfs/super.c | 5 fs/xfs/xfs_aops.c | 22 fs/xfs/xfs_discard.c | 17 include/crypto/sig.h | 2 include/hyperv/hvgdk_mini.h | 2 include/kunit/clk.h | 1 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bpf_verifier.h | 12 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/exportfs.h | 10 include/linux/fscache.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 +- include/linux/iomap.h | 5 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/mount.h | 88 +- include/linux/netdevice.h | 10 include/linux/netfs.h | 15 include/linux/nfslocalio.h | 26 include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/pci.h | 8 include/linux/phy.h | 5 include/linux/pm_runtime.h | 4 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci.h | 3 include/net/bluetooth/hci_core.h | 50 - include/net/checksum.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/net/xfrm.h | 11 include/sound/hdaudio.h | 4 include/sound/hdaudio_ext.h | 6 include/trace/events/netfs.h | 8 include/uapi/drm/xe_drm.h | 5 include/uapi/linux/bits.h | 4 include/uapi/linux/bpf.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 18 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/bpf/verifier.c | 18 kernel/events/core.c | 50 - kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/sched/ext_idle.c | 8 kernel/sched/fair.c | 13 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 10 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++- kernel/trace/trace_events_trigger.c | 20 lib/Kconfig.ubsan | 2 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/tests/usercopy_kunit.c | 1 mm/filemap.c | 20 mm/page_alloc.c | 8 net/9p/client.c | 6 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 46 - net/bluetooth/hci_core.c | 50 - net/bluetooth/hci_event.c | 40 - net/bluetooth/hci_sync.c | 88 +- net/bluetooth/iso.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 146 +-- net/bluetooth/mgmt_util.c | 34 net/bluetooth/mgmt_util.h | 4 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/dev.c | 2 net/core/filter.c | 5 net/core/net_namespace.c | 4 net/core/netmem_priv.h | 33 net/core/page_pool.c | 108 ++ net/core/rtnetlink.c | 2 net/core/skbuff.c | 16 net/core/skmsg.c | 53 - net/core/sock.c | 8 net/core/utils.c | 4 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ethtool/ioctl.c | 3 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/packet/af_packet.c | 21 net/packet/internal.h | 1 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 6 net/xfrm/xfrm_state.c | 16 rust/Makefile | 14 rust/kernel/alloc/kvec.rs | 3 rust/kernel/fs/file.rs | 1 rust/kernel/list/arc.rs | 2 rust/kernel/miscdevice.rs | 2 rust/kernel/pci.rs | 15 scripts/gcc-plugins/gcc-common.h | 32 scripts/gcc-plugins/randomize_layout_plugin.c | 40 - scripts/generate_rust_analyzer.py | 13 scripts/genksyms/genksyms.c | 27 sound/core/seq_device.c | 2 sound/hda/ext/hdac_ext_controller.c | 19 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 5 sound/soc/intel/avs/avs.h | 4 sound/soc/intel/avs/core.c | 51 - sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/intel/avs/loader.c | 11 sound/soc/intel/avs/path.c | 8 sound/soc/intel/avs/pcm.c | 129 ++- sound/soc/intel/avs/registers.h | 2 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 sound/usb/midi.c | 3 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/build/Makefile.feature | 4 tools/include/uapi/linux/bpf.h | 4 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 57 - tools/lib/bpf/libbpf_internal.h | 9 tools/lib/bpf/linker.c | 6 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/MANIFEST | 6 tools/perf/Makefile.config | 6 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 11 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/shell/lib/stat_output.sh | 5 tools/perf/tests/shell/stat+json_output.sh | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 +++++ tools/perf/util/machine.c | 6 tools/perf/util/pmu.c | 3 tools/perf/util/symbol-minimal.c | 160 +--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/perf/util/tool_pmu.c | 8 tools/power/x86/turbostat/turbostat.c | 41 - tools/testing/kunit/qemu_configs/sparc.py | 2 tools/testing/selftests/Makefile | 2 tools/testing/selftests/arm64/fp/fp-ptrace.c | 14 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c | 2 tools/testing/selftests/bpf/progs/verifier_load_acquire.c | 40 - tools/testing/selftests/bpf/progs/verifier_store_release.c | 32 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/coredump/stackdump_test.c | 10 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/drivers/net/hw/tso.py | 4 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 tools/tracing/rtla/src/timerlat_bpf.c | 1 801 files changed, 9798 insertions(+), 5378 deletions(-) Aaradhana Sahu (1): wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Abel Vesa (2): arm64: dts: qcom: x1e001de-devkit: Describe USB retimers resets pin configs arm64: dts: qcom: x1e001de-devkit: Fix pin config for USB0 retimer vregs Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Aditya Kumar Singh (2): wifi: ath12k: fix SLUB BUG - Object already free in ath12k_reg_free() wifi: ath12k: fix ATH12K_FLAG_REGISTERED flag handling Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Zaki (1): iavf: fix reset_task for early reset event Al Viro (8): fs/fhandle.c: fix a race in call of has_locked_children() path_overmount(): avoid false negatives finish_automount(): don't leak MNT_LOCKED from parent to child fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns do_change_type(): refuse to operate on unmounted/not ours mounts Don't propagate mounts into detached trees do_move_mount(): split the checks in subtree-of-our-ns and entire-anon cases Aleksandrs Vinarskis (3): drm/msm/dp: Fix support of LTTPR initialization drm/msm/dp: Account for LTTPRs capabilities drm/msm/dp: Prepare for link training per-segment for LTTPRs Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Ghiti (1): ACPI: platform_profile: Avoid initializing on non-ACPI platforms Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alistair Popple (1): fs/dax: Fix "don't skip locked entries when scanning entries" Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amadeusz Sławiński (1): ASoC: Intel: avs: Fix paths in MODULE_FIRMWARE hints Amir Goldstein (1): exportfs: require ->fh_to_parent() to encode connectable file handles Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (2): arm64: dts: allwinner: a100: set maximum MMC frequency dt-bindings: vendor-prefixes: Add Liontron name Andrea Righi (1): sched_ext: idle: Skip cross-node search with !CONFIG_NUMA Andreas Gruenbacher (7): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix gfs2: Move gfs2_dinode_dealloc gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc gfs2: deallocate inodes in gfs2_create_inode gfs2: Move gfs2_trans_add_databufs gfs2: Don't start unnecessary transactions during log flush Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value André Draszik (2): firmware: exynos-acpm: fix reading longer results firmware: exynos-acpm: silence EPROBE_DEFER error on boot Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Angelo Dureghello (1): iio: dac: adi-axi-dac: fix bus read AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Nadezhdin (1): ice/ptp: fix crosstimestamp reporting Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Antoniu Miclaus (1): iio: adc: ad4851: fix ad4858 chan pointer handling Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Aradhya Bhatia (1): drm/xe/guc: Make creation of SLPC debugfs files conditional Armin Wolf (2): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" ACPI: thermal: Execute _SCP before reading trip points Arnaldo Carvalho de Melo (5): tools build: Don't set libunwind as available if test-all.c build succeeds tools build: Don't show libunwind build status as it is opt-in perf build: Warn when libdebuginfod devel files are not available tools build: Don't show libbfd build status as it is opt-in perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (6): drm: xlnx: zynqmp_dpsub: fix Kconfig dependencies for ASoC iommu: ipmmu-vmsa: avoid Wformat-security warning iommu/io-pgtable-arm: dynamically allocate selftest device struct drm/xe/vsec: fix CONFIG_INTEL_VSEC dependency usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Bard Liao (1): soundwire: only compute port params in specific stream states Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Beleswar Padhi (1): remoteproc: k3-r5: Refactor sequential core power up/down operations Bence Csókás (2): PM: runtime: Add new devm functions spi: atmel-quadspi: Fix unbalanced pm_runtime by using devm_ API Benjamin Marzinski (7): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: handle failures in dm_table_set_restrictions dm: fix dm_blk_report_zones dm: limit swapping tables for devices with zone write plugs dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Benno Lossin (1): rust: list: fix path of `assert_pinned!` Benson Leung (1): platform/chrome: cros_ec_typec: Set Pin Assignment E in DP PORT VDO Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (4): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Call panthor_gpu_coherency_init() after PM resume() drm/panthor: Update panthor_mmu::irq::mask when needed drm/panthor: Fix the panthor_gpu_coherency_init() error path Brian Norris (1): PCI/pwrctrl: Cancel outstanding rescan work when unregistering Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Caleb Sander Mateos (1): block: flip iter directions in blk_rq_integrity_map_user() Can Guo (1): scsi: ufs: qcom: Map devfreq OPP freq to UniPro Core Clock freq Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Carlos Llamas (1): libbpf: Fix implicit memfd_create() for bionic Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (11): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ALSA: hda: Allow to fetch hlink by ID ASoC: Intel: avs: PCM operations for LNL-based platforms ASoC: Intel: avs: Fix PPLCxFMT calculation ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw ASoC: Intel: avs: Ignore Vendor-space manipulation for ACE ASoC: Intel: avs: Read HW capabilities when possible ASoC: Intel: avs: Relocate DSP status registers ASoC: Intel: avs: Verify kcalloc() status when setting constraints ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (6): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() f2fs: zone: fix to calculate first_zoned_segno correctly f2fs: fix to skip f2fs_balance_fs() if checkpoint is disabled Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (3): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table pinctrl: qcom: tlmm-test: Fix potential null dereference in tlmm kunit test wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init Chen-Yu Tsai (2): arm64: dts: mediatek: mt8188: Fix IOMMU device for rdma0 pinctrl: sunxi: dt: Consider pin base when calculating bank number from pin Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christian Marangi (1): net: phy: mediatek: permit to compile test GE SOC PHY driver Christian Schrefl (1): rust: miscdevice: fix typo in MiscDevice::ioctl documentation Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (5): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() net: airoha: Fix an error handling path in airoha_alloc_gdm_port() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (2): arm64: dts: rockchip: Add missing uart3 interrupt for RK3528 arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (5): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} bonding: Mark active offloaded xfrm_states bonding: Fix multiple long standing offload races Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Damon Ding (3): drm/bridge: analogix_dp: Remove the unnecessary calls to clk_disable_unprepare() during probing drm/bridge: analogix_dp: Remove CONFIG_PM related check in analogix_dp_bind()/analogix_dp_unbind() drm/bridge: analogix_dp: Add support to get panel from the DP AUX bus Dan Carpenter (8): power: supply: max77705: Fix workqueue error handling in probe wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() wifi: mt76: mt7925: Fix logical vs bitwise typo remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Ceraolo Spurio (2): drm/xe/pxp: Use the correct define in the set_property_funcs array drm/xe/pxp: Clarify PXP queue creation behavior if PXP is not ready Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (3): staging: gpib: Fix PCMCIA config identifier staging: gpib: Fix secondary address restriction usb: usbtmc: Fix read_stb function and get_stb ioctl David Gow (1): kunit: qemu_configs: Disable faulting tests on 32-bit SPARC David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Hildenbrand (3): s390/uv: Don't return 0 from make_hva_secure() if the operation was not successful s390/uv: Always return 0 from s390_wiggle_split_folio() if successful s390/uv: Improve splitting of large folios that cannot be split while dirty David Howells (5): crypto/krb5: Fix change to use SG miter to use offset netfs: Fix oops in write-retry from mis-resetting the subreq iterator netfs: Fix the request's work item to not require a ref netfs: Fix wait/wake to be consistent about the waitqueue used netfs: Fix undifferentiation of DIO reads from unbuffered reads David Thompson (1): EDAC/bluefield: Don't use bluefield_edac_readl() result on error Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dibin Moolakadan Subrahmanian (1): drm/i915/display: Fix u32 overflow in SNPS PHY HDMI PLL setup Dmitry Antipov (4): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (9): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8937 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8917 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8953 ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (8): net: annotate data-races around cleanup_net_task net: prevent a NULL deref in rtnl_create_link() net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Jiang (1): wifi: mt76: scan: Fix 'mlink' dereferenced before IS_ERR_OR_NULL check Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (5): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: fix wrong start offset for delalloc space release during mmap write btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: fix fsync of files with no hard links not persisting deletion btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gabor Juhos (2): spi: spi-qpic-snand: use kmalloc() for OOB buffer allocation spi: spi-qpic-snand: validate user/chip specific ECC properties Gabriel Dalimonte (1): drm/vc4: fix infinite EPROBE_DEFER loop Gal Pressman (1): net: ethtool: Don't check if RSS context exists in case of context 0 Gary Guo (1): rust: compile libcore with edition 2024 for 1.87+ Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautam R A (2): RDMA/bnxt_re: Fix incorrect display of inactivity_cp in debugfs output RDMA/bnxt_re: Fix missing error handling for tx_queue Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (4): spi: sh-msiof: Fix maximum DMA transfer size arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description HID: HID_APPLETB_KBD should depend on X86 HID: HID_APPLETB_BL should depend on X86 Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.15.3 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Gustavo Luiz Duarte (1): netconsole: fix appending sysdata when sysdata_fields == SYSDATA_RELEASE Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Hao Chang (1): pinctrl: mediatek: Fix the invalid conditions Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Harry Wentland (1): drm/amd/display: Don't check for NULL divisor in fixpt code Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Heiko Stuebner (1): drm/bridge: analogix_dp: Fix clk-disable removal Henry Martin (8): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (7): crypto: iaa - Do not clobber req->base.data crypto: zynqmp-sha - Add locking crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Howard Hsu (1): wifi: mt76: mt7996: fix beamformee SS field Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (5): perf tool_pmu: Fix aggregation on duration_time perf symbol-minimal: Fix double free in filename__read_build_id perf pmu: Avoid segv for missing name/alias_name in wildcarding perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Imre Deak (1): drm/i915/dp_mst: Use the correct connector while computing the link BPP limit on MST Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Israel Rukshin (1): virtio-pci: Fix result size returned for the admin command completion Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (5): netlink: specs: rt-link: add missing byte-order properties netlink: specs: rt-link: decode ip6gre selftests: drv-net: tso: fix the GRE device name selftests: drv-net: tso: make bkg() wait for socat to quit net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access James Clark (1): perf tools: Fix arm64 source package build Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jens Axboe (3): iomap: don't lose folio dropbehind state for overwrites mm/filemap: gate dropbehind invalidate on folio !dirty && !writeback mm/filemap: use filemap_end_dropbehind() for read invalidation Jensen Huang (1): PCI: rockchip: Fix order of rockchip_pci_core_rsts Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jeremy Kerr (1): net: mctp: start tx queue on netdev open Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Jocelyn Falempe (1): drm/panic: Use a decimal fifo to avoid u64 by u64 divide Joe Damato (1): e1000: Move cancel_work_sync to avoid deadlock Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (7): net: dsa: b53: do not enable EEE on bcm63xx net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: implement setting ageing time net: dsa: b53: do not configure bcm63xx's IMP port interface net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jose Maria Casanova Crespo (2): drm/v3d: fix client obtained from axi_ids on V3D 4.1 drm/v3d: client ranges from axi_ids are different with V3D 7.1 Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Tee (1): scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Jyothi Kumar Seerapu (1): arm64: dts: qcom: sm8750: Correct clocks property for uart14 node KONDO KAZUMA(近藤　和真) (1): fs: allow clone_private_mount() for a path on real rootfs KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kalesh AP (1): RDMA/bnxt_re: Fix return code of bnxt_re_configure_cc Karol Wachowski (1): accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction Karthikeyan Periyasamy (2): wifi: ath12k: fix NULL access in assign channel context handler wifi: ath12k: Replace band define G with GHZ where appropriate Kathiravan Thirumoorthy (2): Revert "phy: qcom-qusb2: add QUSB2 support for IPQ5424" phy: qcom-qusb2: reuse the IPQ6018 settings for IPQ5424 Kees Cook (9): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable ubsan: integer-overflow: depend on BROKEN to keep this out of CI randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (4): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on arm64: dts: qcom: msm8998: Remove mdss_hdmi_phy phandle argument arm64: dts: qcom: qcs615: Fix up UFS clocks Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (3): arm64: dts: qcom: sa8775p: Partially revert "arm64: dts: qcom: sa8775p: add QCrypto nodes" arm64: dts: qcom: qcs8300: Partially revert "arm64: dts: qcom: qcs8300: add QCrypto nodes" arm64: dts: qcom: msm8998: Use the header with DSI phy clock IDs Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (2): perf tests switch-tracking: Fix timestamp comparison coresight: etm4x: Fix timestamp bit field handling Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Lijuan Gao (2): pinctrl: qcom: correct the ngpios entry for QCS615 pinctrl: qcom: correct the ngpios entry for QCS8300 Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Hou (2): accel/amdxdna: Fix incorrect size of ERT_START_NPU commands accel/amdxdna: Fix incorrect PSP firmware size Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (5): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix cache write-back issue hisi_acc_vfio_pci: bugfix the problem of uninstalling driver hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (3): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps net: airoha: Add the capability to allocate hfwd descriptors in SRAM net: airoha: Initialize PPE UPDMEM source-mac table Louis-Alexis Eyraud (1): arm64: dts: mediatek: mt8390-genio-common: Set ssusb2 default dual role mode to host Luca Weiss (6): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Lucas De Marchi (1): drm/xe/lrc: Use a temporary buffer for WA BB Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Lukas Wunner (4): crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY PCI: pciehp: Ignore Presence Detect Changed caused by DPC PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset Madhavan Srinivasan (1): powerpc/kernel: Fix ppc_save_regs inclusion in build Maharaja Kennadyrajan (2): wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash wifi: ath12k: fix node corruption in ar->arvifs list Manikanta Mylavarapu (1): arm64: dts: qcom: ipq9574: fix the msi interrupt numbers of pcie3 Mao Jinlong (1): coresight: tmc: fix failure to disable/enable ETF after reading Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused kselftest/arm64: fp-ptrace: Fix expected FPMR value when PSTATE.SM is changed Martin Blumenstingl (3): drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (2): ASoC: tas2764: Reinit cache on part reset ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Auld (1): drm/xe/vm: move xe_svm_init() earlier Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maulik Shah (1): arm64: dts: qcom: sm8750: Fix cluster hierarchy for idle states Maxime Chevallier (1): net: phy: phy_caps: Don't skip better duplex macth on non-exact match Maxime Ripard (3): drm/vc4: tests: Use return instead of assert drm/vc4: tests: Stop allocating the state in test init drm/vc4: tests: Retry pv-muxing tests when EDEADLK Maíra Canal (1): drm/v3d: Associate a V3D tech revision to all supported devices Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Miaoqing Pan (1): wifi: ath12k: fix uaf in ath12k_core_init() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Michal Wajdeczko (2): drm/xe/guc: Refactor GuC debugfs initialization drm/xe/guc: Don't expose GuC privileged debugfs files if VF Miguel Ojeda (3): drm/panic: clean Clippy warning rust: pci: fix docs related to missing Markdown code spans objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mike Yuan (1): pidfs: never refuse ppid == 0 in PIDFD_GET_INFO Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Miri Korenblit (2): wifi: iwlwifi: re-add IWL_AMSDU_8K case wifi: iwlwifi: mld: avoid panic on init failure Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Nam Cao (3): selftests: coredump: Properly initialize pointer selftests: coredump: Fix test failure for slow machines selftests: coredump: Raise timeout to 2 minutes Namhyung Kim (2): perf trace: Fix leaks of 'struct thread' in fprintf_sys_enter() perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (4): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8550: use ICC tag for all interconnect phandles arm64: dts: qcom: sm8550: add missing cpu-cfg interconnect path in the mdss node arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node NeilBrown (7): nfs: fix incorrect handling of large-number NFS errors in nfs4_do_mkdir() nfs_localio: use cmpxchg() to install new nfs_file_localio nfs_localio: always hold nfsd net ref with nfsd_file ref nfs_localio: simplify interface to nfsd for getting nfsd_file nfs_localio: duplicate nfs_close_local_fh() nfs_localio: protect race between nfs_uuid_put() and nfs_close_local_fh() nfs_localio: change nfsd_file_put_local() to take a pointer to __rcu pointer Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Dufresne (2): media: synopsys: hdmirx: Renamed frame_idx to sequence media: synopsys: hdmirx: Count dropped frames Nicolas Frattaroli (1): drm/connector: only call HDMI audio helper plugged cb if non-null Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (12): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix memory corruption during MLO multicast tx wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Handle error cases during extended skb allocation wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: Add extra TLV tag parsing support in monitor Rx path wifi: ath12k: Avoid fetch Error bitmap and decap format from Rx TLV wifi: ath12k: change the status update in the monitor Rx wifi: ath12k: add rx_info to capture required field from rx descriptor wifi: ath12k: replace the usage of rx desc with rx_info wifi: ath12k: Fix invalid RSSI values in station dump wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (3): net: Fix checksum update for ILA adj-transport bpf: Clarify the meaning of BPF_F_PSEUDO_HDR bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pauli Virtanen (2): Bluetooth: separate CIS_LINK and BIS_LINK link types Bluetooth: hci_core: fix list_for_each_entry_rcu usage Paulo Alcantara (2): netfs: Fix setting of transferred bytes with short DIO reads smb: client: fix perf regression with deferred closes Pavel Begunkov (2): nvme: fix implicit bool to flags conversion io_uring: fix spurious drain flushing Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peilin Ye (1): selftests/bpf: Avoid passing out-of-range values to __retval() Pekka Ristola (1): rust: file: mark `LocalFile` as `repr(transparent)` Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Pengyu Luo (1): arm64: dts: qcom: sm8650: add the missing l2 cache node Peter Chiu (2): wifi: mt76: mt7996: set EHT max ampdu length capability wifi: mt76: mt7996: fix invalid NSS setting when TX path differs from NSS Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Petr Pavlu (1): genksyms: Fix enum consts from a reference affecting new values Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (2): wifi: rtw89: pci: configure manual DAC mode via PCI config API only wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Przemek Kitszel (6): iavf: iavf_suspend(): take RTNL before netdev_lock() iavf: centralize watchdog requeueing itself iavf: simplify watchdog_task in terms of adminq task scheduling iavf: extract iavf_watchdog_step() out of iavf_watchdog_task() iavf: sprinkle netdev_assert_locked() annotations iavf: get rid of the crit lock Qasim Ijaz (4): wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() wifi: mt76: mt7996: avoid null deref in mt7996_stop_phy() fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qinxin Xia (1): iommu/arm-smmu-v3: Fix incorrect return in arm_smmu_attach_dev Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (3): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Rameshkumar Sundaram (1): wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Richard Fitzgerald (1): clk: test: Forward-declare struct of_phandle_args in kunit/clk.h Richard Zhu (1): PCI: imx6: Save and restore the LUT setting during suspend/resume for i.MX95 SoC Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Robin Murphy (1): bus: fsl_mc: Fix driver_managed_dma check Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (2): drm/xe: Make xe_gt_freq part of the Documentation drm/xe: Add missing documentation of rpa_freq Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Roman Kisel (1): x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Roxana Nicolescu (2): misc: lis3lv02d: Fix correct sysfs directory path for lis3lv02d char: tlclk: Fix correct sysfs directory path for tlclk Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shahar Shitrit (1): net/mlx5e: Fix number of lanes to UNKNOWN when using data_rate_oper Shayne Chen (2): wifi: mt76: mt7996: fix RX buffer size of MCU event wifi: mt76: fix available_antennas setting Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Shivasharan S (1): scsi: mpt3sas: Fix _ctl_get_mpt_mctp_passthru_adapter() to return IOC pointer Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Srinivasan Shanmugam (1): drm/amdgpu: Refine Cleaner Shader MEC firmware version for GFX10.1.x GPUs Stanislav Fomichev (1): af_packet: move notifier's packet_dev_mc out of rcu critical section Stefan Wahren (1): drm/vc4: hdmi: Call HDMI hotplug helper on disconnect Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Stephen Brennan (1): fs: convert mount flags to enum Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Subbaraya Sundeep (1): octeontx2-af: Send Link events one by one Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit T.J. Mercier (1): selftests/bpf: Fix kmem_cache iterator draining Takashi Iwai (1): ALSA: usb-audio: Kill timer properly at removal Tao Chen (4): bpf: Check link_create.flags parameter for multi_kprobe bpf: Check link_create.flags parameter for multi_uprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Hellström (1): drm/xe: Rework eviction rejection of bound external bos Thomas Richter (1): perf tests metric-only perf stat: Fix tests 84 and 86 s390 Thomas Weißschuh (3): kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y kunit/usercopy: Disable u64 test on 32-bit SPARC uapi: bitops: use UAPI-safe variant of BITS_PER_LONG again Thorsten Blum (1): ASoC: Intel: avs: Fix kcalloc() sizes Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Tingguo Cheng (1): arm64: dts: qcom: qcs615: remove disallowed property in spmi bus node Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tomas Glozar (1): rtla: Define _GNU_SOURCE in timerlat_bpf.c Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (2): drm/ci: fix merge request rules arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation Vitaly Prosyak (1): drm/amdgpu/gfx10: Refine Cleaner Shader for GFX10.1.10 Vlad Dogaru (2): net/mlx5: HWS, Fix matcher action template attach net/mlx5: HWS, make sure the uplink is the last destination Vlad Dumitrescu (1): IB/cm: Drop lockdep assert and WARN when freeing old msg WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Guan (1): HID: intel-thc-hid: intel-quicki2c: pass correct arguments to acpi_evaluate_object Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Xuewen Yan (1): sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Yabin Cui (2): coresight: catu: Introduce refcount and spinlock for enabling/disabling coresight: core: Disable helpers for devices that fail to enable Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (3): coresight/etm4: fix missing disable active config coresight: holding cscfg_csdev_lock while removing cscfg from csdev coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yingying Tang (1): wifi: ath12k: Reorder and relocate the release of resources in ath12k_core_deinit() Yonghong Song (1): bpf: Do not include stack ptr register in precision backtracking bookkeeping Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yongting Lin (1): um: Fix tgkill compile error on old host OSes Yu Kuai (3): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT Yue Haibing (1): mailbox: mchp-ipc-sbi: Fix COMPILE_TEST build error Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zhu Yanjun (1): RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() Ziqi Chen (1): scsi: ufs: qcom: Check gear against max gear in vop freq_to_gear() Zizhi Wo (1): blk-throttle: Fix wrong tg->[bytes/io]_disp update in __tg_update_carryover() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

5 months, 2 weeks

1
1
0 0

Linux 6.12.34

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.34 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 21 Documentation/devicetree/bindings/pwm/brcm,bcm7038-pwm.yaml | 8 Documentation/devicetree/bindings/pwm/brcm,kona-pwm.yaml | 8 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8650.dtsi | 71 +- arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 299 +++++----- arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 + arch/arm64/kernel/fpsimd.c | 36 - arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/events/amd/uncore.c | 36 + arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/resource.c | 2 drivers/base/power/main.c | 3 drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 - drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 - drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 drivers/gpu/drm/meson/meson_vclk.c | 226 ++++--- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 - drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 - drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 - drivers/gpu/drm/xe/xe_gt_freq.c | 2 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 6 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 + drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 + drivers/iio/adc/pac1934.c | 2 drivers/iio/filter/admv8818.c | 224 +++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 - drivers/input/rmi4/rmi_f34.c | 135 ++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 +- drivers/md/dm-zone.c | 25 drivers/md/dm.c | 30 - drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 6 drivers/mfd/stmpe-spi.c | 2 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mmc/host/sdhci-of-dwcmshc.c | 40 + drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 drivers/net/dsa/b53/b53_common.c | 37 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 + drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 3 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 + drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 + drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 ---- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++- drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp_rx.c | 54 - drivers/net/wireless/ath/ath12k/dp_tx.c | 1 drivers/net/wireless/ath/ath12k/hal.c | 103 +-- drivers/net/wireless/ath/ath12k/hal.h | 64 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hw.c | 35 + drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/pci.c | 12 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 - drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 68 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 ++++---- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pmdomain/core.c | 35 + drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 24 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 +++ drivers/usb/renesas_usbhs/common.c | 50 + drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 1 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 + fs/erofs/super.c | 49 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 3 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 - fs/gfs2/super.c | 16 fs/gfs2/sys.c | 1 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 fs/xfs/xfs_discard.c | 17 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 ++ include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/phy.h | 5 include/linux/pm_domain.h | 7 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci_core.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/sound/hdaudio.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 4 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/events/core.c | 50 + kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 7 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 +++- kernel/trace/trace_events_trigger.c | 20 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/usercopy_kunit.c | 1 mm/page_alloc.c | 8 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 2 net/bluetooth/hci_core.c | 29 net/bluetooth/hci_event.c | 16 net/bluetooth/hci_sync.c | 74 ++ net/bluetooth/iso.c | 9 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++-- net/bluetooth/mgmt_util.c | 49 - net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/netmem_priv.h | 33 + net/core/page_pool.c | 108 ++- net/core/skbuff.c | 16 net/core/skmsg.c | 53 + net/core/sock.c | 8 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 rust/kernel/alloc/kvec.rs | 3 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/core/seq_device.c | 2 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/pci/hda/patch_realtek.c | 68 ++ sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 48 - tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/Makefile.config | 2 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 9 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++ tools/perf/util/machine.c | 6 tools/perf/util/symbol-minimal.c | 160 ++--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/power/x86/turbostat/turbostat.c | 41 + tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 515 files changed, 5502 insertions(+), 3052 deletions(-) Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (2): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (2): usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Benjamin Marzinski (5): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: fix dm_blk_report_zones dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (2): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Update panthor_mmu::irq::mask when needed Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (4): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Chris Chiu (3): ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (3): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (1): arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Claudiu Beznea (1): serial: sh-sci: Move runtime PM enable to sci_probe_single() Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (2): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Dan Carpenter (6): wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (1): usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Lechner (1): dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dmitry Antipov (3): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (6): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (3): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.12.34 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (7): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (3): perf symbol-minimal: Fix double free in filename__read_build_id perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (1): net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (4): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kailang Yang (1): ALSA: hda/realtek - Support mute led function for HP platform Kees Cook (8): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (2): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (1): dt-bindings: pwm: Correct indentation and style in DTS example Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Miguel Ojeda (1): objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (2): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Frattaroli (1): mmc: sdhci-of-dwcmshc: add PD workaround on RK3576 Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (4): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (1): wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (1): fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (1): drm/xe: Make xe_gt_freq part of the Documentation Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Stefan Binding (2): ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (3): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown arm64: dts: qcom: x1e80100: Add GPU cooling Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit Tao Chen (3): bpf: Check link_create.flags parameter for multi_kprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kunit/usercopy: Disable u64 test on 32-bit SPARC Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ulf Hansson (1): pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() Uwe Kleine-König (2): iio: adc: ad7124: Fix 3dB filter frequency reading dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3 Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Yabin Cui (1): coresight: catu: Introduce refcount and spinlock for enabling/disabling Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yu Kuai (2): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

5 months, 2 weeks

1
1
0 0

Linux 6.6.94

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.94 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 +- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 +++++++ arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 +- arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/include/asm/mwait.h | 9 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 15 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/bluetooth/hci_qca.c | 14 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 + drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 - drivers/gpu/drm/meson/meson_vclk.c | 226 +++++----- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 + drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 + drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 +- drivers/iio/adc/ad7124.c | 4 drivers/iio/filter/admv8818.c | 224 +++++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/rmi4/rmi_f34.c | 135 +++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/md/dm-flakey.c | 70 +-- drivers/md/dm.c | 30 - drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 - drivers/net/dsa/b53/b53_common.c | 23 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 +- drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++-- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +- drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/macsec.c | 40 + drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 62 +- drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/dp_rx.c | 9 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/target/fcloop.c | 31 - drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 - drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 - drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 - drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 81 ++- drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 +- drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/btrfs/scrub.c | 34 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 10 fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 - fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/hid.h | 3 include/linux/io_uring_types.h | 3 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/phy.h | 5 include/net/bluetooth/hci_core.h | 2 include/net/sock.h | 7 io_uring/io_uring.c | 10 io_uring/io_uring.h | 12 io_uring/kbuf.c | 3 io_uring/poll.c | 2 io_uring/rw.c | 26 - kernel/bpf/core.c | 29 - kernel/events/core.c | 50 +- kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/trace.c | 2 kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++++- kernel/trace/trace_events_trigger.c | 20 lib/kunit/static_stub.c | 2 mm/kasan/report.c | 4 mm/kasan/shadow.c | 2 net/bluetooth/eir.c | 10 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sync.c | 20 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++---- net/bluetooth/mgmt_util.c | 49 +- net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/skmsg.c | 53 +- net/dsa/tag_brcm.c | 2 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 scripts/Makefile.extrawarn | 12 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/soc/apple/mca.c | 23 + sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 +- tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 5 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 5 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 338 files changed, 3244 insertions(+), 1524 deletions(-) Aaron Kling (1): arm64: tegra: Drop remaining serial clock-names and reset-names Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrey Konovalov (1): kasan: use unchecked __memset internally Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (4): drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (1): perf trace: Always print return value for syscalls returning a pid Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Baochen Qiang (3): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Beleswar Padhi (1): arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Benjamin Marzinski (4): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chao Yu (3): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Chenyuan Yang (1): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Christophe JAILLET (2): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (3): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (1): xfrm: Use xdo.dev instead of xdo.real_dev Dan Carpenter (5): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Dmitry Baryshkov (2): ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (3): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (3): net: phy: fix up const issues in to_mdio_device() and to_phy_device() Revert "io_uring: ensure deferred completions are posted for multishot" Linux 6.6.94 Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (1): octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (6): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (4): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jeff Johnson (1): wifi: ath11k: fix soc_dp_stats debugfs file permission Jens Axboe (3): io_uring: add io_file_can_poll() helper io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (1): powerpc: do not build ppc_save_regs.o always Joel Stanley (1): ARM: aspeed: Don't select SRAM Jonas Gorski (2): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julien Massot (2): arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (6): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luiz Augusto von Dentz (6): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: MGMT: Fix sparse errors Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Mark Brown (1): arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland (3): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (2): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Nathan Chancellor (1): kbuild: Disable -Wdefault-const-init-unsafe Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (3): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (1): wifi: ath12k: Add MSDU length validation for TKIP MIC error Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Robinson (1): arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (1): perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (2): usb: typec: ucsi: fix Clang -Wsign-conversion warning fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (1): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Steven Rostedt (2): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Tao Chen (2): libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vaishnav Achath (1): arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yemike Abhilash Chandra (1): arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

5 months, 2 weeks

1
1
0 0

[PATCH] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

5 months, 2 weeks

2
1
0 0

[PATCH v1 1/2] usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed

by Roy Luo

xhci_reset() currently returns -ENODEV if XHCI_STATE_REMOVING is set, without completing the xhci handshake, unless the reset completes exceptionally quickly. This behavior causes a regression on Synopsys DWC3 USB controllers with dual-role capabilities. Specifically, when a DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then attempts to configure its hardware for device mode, the ongoing, incomplete reset leads to critical register access issues. All register reads return zero, not just within the xHCI register space (which might be expected during a reset), but across the entire DWC3 IP block. This patch addresses the issue by preventing xhci_reset() from being called in xhci_resume() and bailing out early in the reinit flow when XHCI_STATE_REMOVING is set. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Suggested-by: Mathias Nyman <mathias.nyman(a)intel.com> Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..244b12eafd95 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1084,7 +1084,10 @@ int xhci_resume(struct xhci_hcd *xhci, bool power_lost, bool is_auto_resume) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); + if (xhci->xhc_state & XHCI_STATE_REMOVING) + retval = -ENODEV; + else + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; -- 2.49.0.1204.g71687c7c1d-goog

5 months, 2 weeks

4
8
0 0

[PATCH 0/7] KVM: arm64: trap fixes and cleanup

by Mark Rutland

This series fixes some issues with the way KVM manages traps in VHE mode, with some cleanups/simplifications atop. Patch 1 fixes a theoretical issue with debug register manipulation, which has been around forever. This was found by inspection while working on other fixes. Patch 2 fixes an issue with NV where a host may take unexpected traps as a result of a guest hypervisor's configuration of CPTR_EL2. Patch 5 fixes an issue with NV where a guest hypervisor's configuration of CPTR_EL2 may not be taken into account when running a guest guest, incorrectly permitting usage of SVE when this should be trapped to the guest hypervisor. The other patches in the series are prepartory work and cleanup. Originally I intended to simplify/cleanup to kvm_hyp_handle_fpsimd() and kvm_hyp_save_fpsimd_host(), as discussed with Will on an earlier series: https://lore.kernel.org/linux-arm-kernel/20250210161242.GC7568@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6owjEPNaJ55e9LM@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/20250210180637.GA7926@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6pbeIsIMWexiDta@J2N7QTR9R3/ In the process of implementing that, I realised that the CPTR trap management wasn't quite right for NV, and found the potential issue with debug register configuration. I've given the series some light testing on a fast model so far; any further testing and/or review would be much appreciated. The series is based on the 'kvmarm-fixes-6.16-2' tag from the kvmarm tree. Mark. Mark Rutland (7): KVM: arm64: VHE: Synchronize restore of host debug registers KVM: arm64: VHE: Synchronize CPTR trap deactivation KVM: arm64: Reorganise CPTR trap manipulation KVM: arm64: Remove ad-hoc CPTR manipulation from fpsimd_sve_sync() KVM: arm64: Remove ad-hoc CPTR manipulation from kvm_hyp_handle_fpsimd() KVM: arm64: Remove cpacr_clear_set() KVM: arm64: VHE: Centralize ISBs when returning to host arch/arm64/include/asm/kvm_emulate.h | 62 ---------- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 147 ++++++++++++++++++++++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/switch.c | 59 ---------- arch/arm64/kvm/hyp/vhe/switch.c | 107 +++-------------- 6 files changed, 158 insertions(+), 228 deletions(-) -- 2.30.2

5 months, 2 weeks

2
8
0 0

[PATCH V3 2/2] PCI: Prevent LS7A Bus Master clearing on kexec

by Huacai Chen

This is similar to commit 62b6dee1b44a ("PCI/portdrv: Prevent LS7A Bus Master clearing on shutdown"), which prevents LS7A Bus Master clearing on kexec. The key point of this is to work around the LS7A defect that clearing PCI_COMMAND_MASTER prevents MMIO requests from going downstream, and we may need to do that even after .shutdown(), e.g., to print console messages. And in this case we rely on .shutdown() for the downstream devices to disable interrupts and DMA. Only skip Bus Master clearing on bridges because endpoint devices still need it. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 602838416e6a..8a1e32367a06 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -517,7 +517,7 @@ static void pci_device_shutdown(struct device *dev) * If it is not a kexec reboot, firmware will hit the PCI * devices with big hammer and stop their DMA any way. */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) + if (kexec_in_progress && !pci_is_bridge(pci_dev) && (pci_dev->current_state <= PCI_D3hot)) pci_clear_master(pci_dev); } -- 2.47.1

5 months, 2 weeks

3
2
0 0

[PATCH V3 1/2] PCI: Use local_pci_probe() when best selected cpu is offline

by Huacai Chen

From: Hongchen Zhang <zhanghongchen(a)loongson.cn> When the best selected CPU is offline, work_on_cpu() will stuck forever. This can be happen if a node is online while all its CPUs are offline (we can use "maxcpus=1" without "nr_cpus=1" to reproduce it), Therefore, in this case, we should call local_pci_probe() instead of work_on_cpu(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index c8bd71a739f7..602838416e6a 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.47.1

5 months, 2 weeks

3
2
0 0

[PATCH 0/2] Fixes in snps-phy HDMI PLL algorithm

by Ankit Nautiyal

Fixes/improvement in snps-phy HDMI PLL algorithm. Ankit Nautiyal (2): drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 drm/i915/snps_hdmi_pll: Use clamp() instead of max(min()) drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.45.2

5 months, 2 weeks

4
5
0 0

[PATCH v2 6.12.y] Kunit to check the longest symbol length

by Sergio González Collado

Hello, Please consider applying the following commits for 6.12.y: c104c16073b7 ("Kunit to check the longest symbol length") 54338750578f ("x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c") They should apply cleanly. Those two commits implement a kunit test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit implements the test. This commit also includes a fix for the test x86/insn_decoder_test. In the case a symbol exceeds the symbol length limit, an error will happen: arch/x86/tools/insn_decoder_test: error: malformed line 1152000: tBb_+0xf2> ..which overflowed by 10 characters reading this line: ffffffff81458193: 74 3d je ffffffff814581d2 <_RNvXse_NtNtNtCshGpAVYOtgW1_4core4iter8adapters7flattenINtB5_13FlattenCompatINtNtB7_3map3MapNtNtNtBb_3str4iter5CharsNtB1v_17CharEscapeDefaultENtNtBb_4char13EscapeDefaultENtNtBb_3fmt5Debug3fmtBb_+0xf2> The fix was proposed in [1] and initially mentioned at [2]. The second commit fixes a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/Y9ES4UKl%2F+DtvAVS@gmail.com/ [2] https://lore.kernel.org/lkml/320c4dba-9919-404b-8a26-a8af16be1845@app.fastm… I will send something similar to 6.6.y and 6.1.y Thanks! Best regards, Sergio

5 months, 2 weeks

2
3
0 0

[PATCH 6.1 1/1] objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

by Dmitriy Privalov

If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() Fixes: 3fe26121dc3a ("spi: amd: Configure device speed") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Mark Brown <broonie(a)kernel.org> Cc: Raju Rangoju <Raju.Rangoju(a)amd.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/78fef0f2434f35be9095bcc9ffa23dd8cab667b9.17428528… Closes: https://lore.kernel.org/r/202503161828.RUk9EhWx-lkp@intel.com/ Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- drivers/spi/spi-amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-amd.c b/drivers/spi/spi-amd.c index bfc3ab5f39ea..b53301e563bc 100644 --- a/drivers/spi/spi-amd.c +++ b/drivers/spi/spi-amd.c @@ -243,7 +243,7 @@ static int amd_set_spi_freq(struct amd_spi *amd_spi, u32 speed_hz) if (speed_hz < AMD_SPI_MIN_HZ) return -EINVAL; - for (i = 0; i < ARRAY_SIZE(amd_spi_freq); i++) + for (i = 0; i < ARRAY_SIZE(amd_spi_freq)-1; i++) if (speed_hz >= amd_spi_freq[i].speed_hz) break; -- 2.34.1

5 months, 2 weeks

1
1
0 0

[PATCH v 4] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Reported-by: Tomasz Mon <tomasz.mon(a)nordicsemi.no> Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v4: - Rebased on top of Linux 6.15-rc6 Changes in v3: - Rebased on top of 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 300ea4969f0c..b817002bdee0 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5383,20 +5383,33 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; -- 2.41.0

5 months, 2 weeks

2
1
0 0

[PATCH stable 6.1-6.12 1/2] net: Fix checksum update for ILA adj-transport

by Paul Chaignon

[ Upstream commit 6043b794c7668c19dabc4a93c75b924a19474d59 ] During ILA address translations, the L4 checksums can be handled in different ways. One of them, adj-transport, consist in parsing the transport layer and updating any found checksum. This logic relies on inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when in state CHECKSUM_COMPLETE. This bug can be reproduced with a simple ILA to SIR mapping, assuming packets are received with CHECKSUM_COMPLETE: $ ip a show dev eth0 14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 3333:0:0:1::c078/64 scope global valid_lft forever preferred_lft forever inet6 fd00:10:244:1::c078/128 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \ csum-mode adj-transport ident-type luid dev eth0 Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on [3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed skb->csum. The translation and drop are visible on pwru [1] traces: IFACE TUPLE FUNC eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ipv6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ip6_rcv_core eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) nf_hook_slow eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) inet_proto_csum_replace_by_diff eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_early_demux eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_route_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input_finish eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_protocol_deliver_rcu eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) raw6_local_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ipv6_raw_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) __skb_checksum_complete eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM) eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_head_state eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_data eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_free_head eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skbmem This is happening because inet_proto_csum_replace_by_diff is updating skb->csum when it shouldn't. The L4 checksum is updated such that it "cancels" the IPv6 address change in terms of checksum computation, so the impact on skb->csum is null. Note this would be different for an IPv4 packet since three fields would be updated: the IPv4 address, the IP checksum, and the L4 checksum. Two would cancel each other and skb->csum would still need to be updated to take the L4 checksum change into account. This patch fixes it by passing an ipv6 flag to inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're in the IPv6 case. Note the behavior of the only other user of inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in this patch and fixed in the subsequent patch. With the fix, using the reproduction from above, I can confirm skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP SYN proceeds to the application after the ILA translation. Link: https://github.com/cilium/pwru [1] Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module") Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.174850948… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> --- include/net/checksum.h | 2 +- net/core/filter.c | 2 +- net/core/utils.c | 4 ++-- net/ipv6/ila/ila_common.c | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/checksum.h b/include/net/checksum.h index 1338cb92c8e7..28b101f26636 100644 --- a/include/net/checksum.h +++ b/include/net/checksum.h @@ -158,7 +158,7 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, const __be32 *from, const __be32 *to, bool pseudohdr); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr); + __wsum diff, bool pseudohdr, bool ipv6); static __always_inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb, diff --git a/net/core/filter.c b/net/core/filter.c index 99b23fd2f509..e0d978c1a4cd 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1999,7 +1999,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, if (unlikely(from != 0)) return -EINVAL; - inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo); + inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo, false); break; case 2: inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo); diff --git a/net/core/utils.c b/net/core/utils.c index 27f4cffaae05..b8c21a859e27 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -473,11 +473,11 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, EXPORT_SYMBOL(inet_proto_csum_replace16); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr) + __wsum diff, bool pseudohdr, bool ipv6) { if (skb->ip_summed != CHECKSUM_PARTIAL) { csum_replace_by_diff(sum, diff); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) + if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr && !ipv6) skb->csum = ~csum_sub(diff, skb->csum); } else if (pseudohdr) { *sum = ~csum_fold(csum_add(diff, csum_unfold(*sum))); diff --git a/net/ipv6/ila/ila_common.c b/net/ipv6/ila/ila_common.c index 95e9146918cc..b8d43ed4689d 100644 --- a/net/ipv6/ila/ila_common.c +++ b/net/ipv6/ila/ila_common.c @@ -86,7 +86,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&th->check, skb, - diff, true); + diff, true, true); } break; case NEXTHDR_UDP: @@ -97,7 +97,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&uh->check, skb, - diff, true); + diff, true, true); if (!uh->check) uh->check = CSUM_MANGLED_0; } @@ -111,7 +111,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&ih->icmp6_cksum, skb, - diff, true); + diff, true, true); } break; } -- 2.43.0

5 months, 2 weeks

2
3
0 0

[PATCH 6.1.y] scsi: pm80xx: Set phy->enable_completion only when we wait for it

by Xiangyu Chen

From: Igor Pylypiv <ipylypiv(a)google.com> [ Upstream commit e4f949ef1516c0d74745ee54a0f4882c1f6c7aea ] pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Signed-off-by: Terrence Adams <tadamsjr(a)google.com> Link: https://lore.kernel.org/r/20240627155924.2361370-2-tadamsjr@google.com Acked-by: Jack Wang <jinpu.wang(a)ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Test info: Building OS: Ubuntu 22.04.5 GCC: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) Base Tree: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y Builds: make defconfig; make bzImage make allyesconfig; make bzImage make allmodconfig; make bzImage Boot target: Intel Basking Ridge --- drivers/scsi/pm8001/pm8001_sas.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index a87c3d7e3e5c..f491edf73e23 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -168,7 +168,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, unsigned long flags; pm8001_ha = sas_phy->ha->lldd_ha; phy = &pm8001_ha->phy[phy_id]; - pm8001_ha->phy[phy_id].enable_completion = &completion; + switch (func) { case PHY_FUNC_SET_LINK_RATE: rates = funcdata; @@ -181,6 +181,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, rates->maximum_linkrate; } if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -189,6 +190,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_HARD_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -197,6 +199,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_LINK_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } -- 2.34.1

5 months, 2 weeks

2
1
0 0

[PATCH] drm/appletbdrm: Make appletbdrm depend on X86

by Aditya Garg

commit de5fbbe1531f645c8b56098be8d1faf31e46f7f0 upstream The appletbdrm driver is exclusively for Touch Bars on x86 Intel Macs. The M1 Macs have a separate driver. So, lets avoid compiling it for other architectures. Signed-off-by: Aditya Garg <gargaditya08(a)live.com> Reviewed-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> Link: https://lore.kernel.org/r/PN3PR01MB95970778982F28E4A3751392B8B72@PN3PR01MB9… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> --- Sending this since https://lore.kernel.org/stable/20250617152509.019353397@linuxfoundation.org/ was also backported to 6.15 drivers/gpu/drm/tiny/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tiny/Kconfig b/drivers/gpu/drm/tiny/Kconfig index 95c1457d7..d66681d0e 100644 --- a/drivers/gpu/drm/tiny/Kconfig +++ b/drivers/gpu/drm/tiny/Kconfig @@ -3,6 +3,7 @@ config DRM_APPLETBDRM tristate "DRM support for Apple Touch Bars" depends on DRM && USB && MMU + depends on X86 || COMPILE_TEST select DRM_GEM_SHMEM_HELPER select DRM_KMS_HELPER help -- 2.49.0

5 months, 2 weeks

3
3
0 0

[PATCH 5.15 0/2] fix LTP regression in fanotify22

by Amir Goldstein

Jan, I noticed that fanotify22, the FAN_FS_ERROR test has regressed in the 5.15.y stable tree. This is because commit d3476f3dad4a ("ext4: don't set SB_RDONLY after filesystem errors") was backported to 5.15.y and the later Fixes commit could not be cleanly applied to 5.15.y over the new mount api re-factoring. I am not sure it is critical to fix this regression, because it is mostly a regression in a test feature, but I think the backport is pretty simple, although I could be missing something. Please ACK if you agree that this backport should be applied to 5.15.y. Thanks, Amir. Amir Goldstein (2): ext4: make 'abort' mount option handling standard ext4: avoid remount errors with 'abort' mount option fs/ext4/ext4.h | 1 + fs/ext4/super.c | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.47.1

5 months, 2 weeks

3
6
0 0

FAILED: patch "[PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f90fff1e152dedf52b932240ebbd670d83330eca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061744-precinct-rubble-45c9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Fri, 13 Jun 2025 19:26:50 +0200 Subject: [PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. Cc: stable(a)vger.kernel.org Reported-by: Benoît Sevens <bsevens(a)google.com> Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c index 50e8d04ab661..2e5b89d7d866 100644 --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -1405,6 +1405,15 @@ void run_posix_cpu_timers(void) lockdep_assert_irqs_disabled(); + /* + * Ensure that release_task(tsk) can't happen while + * handle_posix_cpu_timers() is running. Otherwise, a concurrent + * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and + * miss timer->it.cpu.firing != 0. + */ + if (tsk->exit_state) + return; + /* * If the actual expiry is deferred to task work context and the * work is already scheduled there is no point to do anything here.

5 months, 2 weeks

3
2
0 0

[PATCH 6.12.y] cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update

by jetlan9＠163.com

From: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> [ Upstream commit 426db24d4db2e4f0d6720aeb7795eafcb9e82640 ] Check if policy is NULL before dereferencing it in amd_pstate_update. Fixes: e8f555daacd3 ("cpufreq/amd-pstate: fix setting policy current frequency value") Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> Link: https://lore.kernel.org/r/20250205112523.201101-11-dhananjay.ugwekar@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> [Minor context change fixed.] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/cpufreq/amd-pstate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index 7a16d1932228..62dbc5701e99 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -482,6 +482,9 @@ static void amd_pstate_update(struct amd_cpudata *cpudata, u32 min_perf, u32 nominal_perf = READ_ONCE(cpudata->nominal_perf); u64 value = prev; + if (!policy) + return; + min_perf = clamp_t(unsigned long, min_perf, cpudata->min_limit_perf, cpudata->max_limit_perf); max_perf = clamp_t(unsigned long, max_perf, cpudata->min_limit_perf, -- 2.34.1

5 months, 2 weeks

2
1
0 0

[PATCH] arm64/ptdump: Ensure memory hotplug is prevented during ptdump_check_wx()

by Anshuman Khandual

The arm64 page table dump code can race with concurrent modification of the kernel page tables. When a leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. When intermediate levels of table are freed, the dump code will continue to use memory which has been freed and potentially reallocated for another purpose. In such cases, the dump code may dereference bogus addresses, leading to a number of potential problems. This problem was fixed for ptdump_show() earlier via commit 'bf2b59f60ee1 ("arm64/mm: Hold memory hotplug lock while walking for kernel page table dump")' but a same was missed for ptdump_check_wx() which faced the race condition as well. Let's just take the memory hotplug lock while executing ptdump_check_wx(). Cc: stable(a)vger.kernel.org Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org Reported-by: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- This patch applies on v6.16-rc1 Dev Jain found this via code inspection. arch/arm64/mm/ptdump.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c index 421a5de806c62..551f80d41e8d2 100644 --- a/arch/arm64/mm/ptdump.c +++ b/arch/arm64/mm/ptdump.c @@ -328,7 +328,7 @@ static struct ptdump_info kernel_ptdump_info __ro_after_init = { .mm = &init_mm, }; -bool ptdump_check_wx(void) +static bool __ptdump_check_wx(void) { struct ptdump_pg_state st = { .seq = NULL, @@ -367,6 +367,16 @@ bool ptdump_check_wx(void) } } +bool ptdump_check_wx(void) +{ + bool ret; + + get_online_mems(); + ret = __ptdump_check_wx(); + put_online_mems(); + return ret; +} + static int __init ptdump_init(void) { u64 page_offset = _PAGE_OFFSET(vabits_actual); -- 2.30.2

5 months, 2 weeks

5
7
0 0

[PATCH] Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1"

by Kurt Borja

This reverts commit 5ff79cabb23a2f14d2ed29e9596aec908905a0e6. Although the Alienware m16 R1 AMD model supports G-Mode, it actually has a lower power ceiling than plain "performance" profile, which results in lower performance. Reported-by: Cihan Ozakca <cozakca(a)outlook.com> Cc: stable(a)vger.kernel.org # 6.15.x Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Hi all, Contrary to (my) intuition, imitating Windows behavior actually results in LOWER performance. I was having second thoughts about this revert because users will notice that "performance" not longer turns on the G-Mode key found in this laptop. Some users may think this is actually a regression, but IMO lower performance is worse. --- drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index c42f9228b0b255fe962b735ac96486824e83945f..20ec122a9fe0571a1ecd2ccf630615564ab30481 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -119,7 +119,7 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m16 R1 AMD"), }, - .driver_data = &g_series_quirks, + .driver_data = &generic_quirks, }, { .ident = "Alienware m16 R2", --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-m16-rev-8109b82dee30 -- ~ Kurt

5 months, 2 weeks

3
2
0 0

[PATCH] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..e7d8cf0c1da1b 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -406,7 +406,7 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +438,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

5 months, 2 weeks

2
1
0 0

[PATCH v2] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - removed some typos - added pep variable initialization - updated TRB_ESP description drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 19 ++++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 6 ++++++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..9280a7b97e20 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -427,10 +428,22 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) goto out; } + pep = &pdev->eps[0]; + /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronize the + * software endpoint state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..b1665f9e9ee5 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,12 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* + * Halt Endpoint Command TRB field. + * The ESP bit only exists in the SSP2 controller. + */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

5 months, 2 weeks

2
1
0 0

[PATCH v1] mm/gup: Revert "mm: gup: fix infinite loop within __get_longterm_locked"

by David Hildenbrand

After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Cc: <Stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index e065a49842a87..3c39cbbeebef1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); -- 2.49.0

5 months, 2 weeks

2
1
0 0

[PATCH 1/1] usb: cdnsp: do not disable slot for disabled slot

by Peter Chen

It doesn't need to do it, and the related command event returns 'Slot Not Enabled Error' status. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Suggested-by: Hongliang Yang <hongliang.yang(a)cixtech.com> Reviewed-by: Fugang Duan <fugang.duan(a)cixtech.com> Signed-off-by: Peter Chen <peter.chen(a)cixtech.com> --- drivers/usb/cdns3/cdnsp-ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..757fdd918286 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -772,7 +772,9 @@ static int cdnsp_update_port_id(struct cdnsp_device *pdev, u32 port_id) } if (port_id != old_port) { - cdnsp_disable_slot(pdev); + if (pdev->slot_id) + cdnsp_disable_slot(pdev); + pdev->active_port = port; cdnsp_enable_slot(pdev); } -- 2.25.1

5 months, 2 weeks

1
0
0 0

[PATCH v3] xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS

by xiehongyu1＠kylinos.cn

From: Hongyu Xie <xiehongyu1(a)kylinos.cn> Disable stream for platform xHC controller with broken stream. Fixes: 14aec589327a6 ("storage: accept some UAS devices if streams are unavailable") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Hongyu Xie <xiehongyu1(a)kylinos.cn> --- v3: add changelog information v2: add Fixes information and cc 5.4 lts drivers/usb/host/xhci-plat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 6dab142e72789..c79d5ed48a08b 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -328,7 +328,8 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s } usb3_hcd = xhci_get_usb3_hcd(xhci); - if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4) + if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4 && + !(xhci->quirks & XHCI_BROKEN_STREAMS)) usb3_hcd->can_do_streams = 1; if (xhci->shared_hcd) { -- 2.25.1

5 months, 2 weeks

1
0
0 0

[PATCH v3] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach

by RD Babiera

This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Changes since v1: * Rebased on top of usb-linus for v6.15 Changes since v2: * Restored to v1, usb-next and usb-linus are both synced to v6.16 so there is no longer a version mismatch possibility. --- drivers/usb/typec/tcpm/tcpm.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 1a1f9e1f8e4e..1f6fdfaa34bf 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4410,17 +4410,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, - TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4430,13 +4419,24 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, TYPEC_SOURCE, + tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } + port->pd_capable = false; port->partner = NULL; @@ -4447,14 +4447,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; } base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e -- 2.50.0.rc2.701.gf1e915cc24-goog

5 months, 2 weeks

1
0
0 0

[PATCH v3 0/2] x86/traps: Fix DR6/DR7 initialization

by Xin Li (Intel)

Sohil reported seeing a split lock warning when running a test that generates userspace #DB: x86/split lock detection: #DB: sigtrap_loop_64/4614 took a bus_lock trap at address: 0x4011ae We investigated the issue and figured out: 1) The warning is a false positive. 2) It is not caused by the test itself. 3) It occurs even when Bus Lock Detection (BLD) is disabled. 4) It only happens on the first #DB on a CPU. And the root cause is, at boot time, Linux zeros DR6. This leads to different DR6 values depending on whether the CPU supports BLD: 1) On CPUs with BLD support, DR6 becomes 0xFFFF07F0 (bit 11, DR6.BLD, is cleared). 2) On CPUs without BLD, DR6 becomes 0xFFFF0FF0. Since only BLD-induced #DB exceptions clear DR6.BLD and other debug exceptions leave it unchanged, even if the first #DB is unrelated to BLD, DR6.BLD is still cleared. As a result, such a first #DB is misinterpreted as a BLD #DB, and a false warning is triggerred. Fix the bug by initializing DR6 by writing its architectural reset value at boot time. DR7 suffers from a similar issue, apply the same fix. This patch set is based on tip/x86/urgent branch as of today. Link to the previous patch set v2: https://lore.kernel.org/lkml/20250617073234.1020644-1-xin@zytor.com/ Changes in v3: *) Polish initialize_debug_regs() (PeterZ). *) Rewrite the comment for DR6_RESERVED definition (Sohil and Sean). *) Reword the patch 2's changelog using Sean's description. *) Explain the definition of DR7_FIXED_1 (Sohil). *) Collect TB, RB, AB (PeterZ, Sohil and Sean). Xin Li (Intel) (2): x86/traps: Initialize DR6 by writing its architectural reset value x86/traps: Initialize DR7 by writing its architectural reset value arch/x86/include/asm/debugreg.h | 19 ++++++++++++---- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/debugreg.h | 21 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 24 ++++++++------------ arch/x86/kernel/kgdb.c | 2 +- arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kernel/traps.c | 34 +++++++++++++++++----------- arch/x86/kvm/x86.c | 4 ++-- 9 files changed, 72 insertions(+), 38 deletions(-) base-commit: 2aebf5ee43bf0ed225a09a30cf515d9f2813b759 -- 2.49.0

5 months, 2 weeks

2
3
0 0

[PATCH AUTOSEL 6.15 001/110] drm/amd/display: disable DPP RCG before DPP CLK enable

by Sasha Levin

From: Charlene Liu <Charlene.Liu(a)amd.com> [ Upstream commit 1bcd679209420305a86833bc357d50021909edaf ] [why] DPP CLK enable needs to disable DPPCLK RCG first. The DPPCLK_en in dccg should always be enabled when the corresponding pipe is enabled. Reviewed-by: Hansen Dsouza <hansen.dsouza(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of both the commit message and code changes, my answer is: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Critical Hardware Sequencing Fix The commit addresses a fundamental hardware sequencing requirement where DPP (Display Pipes and Planes) Root Clock Gating (RCG) must be disabled before enabling the DPP clock. This is a critical timing constraint that, if violated, can cause severe system issues. ## Specific Code Evidence 1. **In `dccg35_update_dpp_dto()`**, the fix adds a crucial sequencing step: ```c + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); ``` This ensures RCG is disabled (false) before enabling the DPP clock. 2. **In `dcn35_enable_plane()`**, explicit clock control is added: ```c + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); ``` 3. **Removal of problematic init code** in `dcn35_init_hw()`: ```c - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } ``` ## Similarity to Previous Critical Fixes This commit follows the pattern of Similar Commit #1, which also addressed clock gating sequencing issues that could cause system hangs. The commit message explicitly states this is needed because "DPP CLK enable needs to disable DPPCLK RCG first." ## Impact and Risk Assessment - **Bug Fixed**: Incorrect clock sequencing that can cause system instability - **Scope**: Limited to DCN35 display hardware (recent AMD GPUs) - **Complexity**: Small, focused changes with clear purpose - **Risk**: Low risk of regression - adds proper sequencing without major architectural changes This fix meets all criteria for stable backporting: - Fixes a real bug affecting users (system stability) - Small and contained changes - No new features or architectural changes - Addresses hardware constraints that cannot be worked around The commit should be backported to all stable kernels that include DCN35 display support to ensure proper display functionality and system stability for users with affected AMD GPUs. .../amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 ++++++++++++------- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 ++++++---- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c index b363f5360818d..ad910065f463f 100644 --- a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c @@ -391,6 +391,7 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && enable) return; @@ -411,6 +412,8 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, BREAK_TO_DEBUGGER(); break; } + //DC_LOG_DEBUG("%s: inst(%d) DPPCLK rcg_disable: %d\n", __func__, inst, enable ? 0 : 1); + } static void dccg35_set_dpstreamclk_rcg( @@ -1112,30 +1115,24 @@ static void dcn35_set_dppclk_enable(struct dccg *dccg, { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + switch (dpp_inst) { case 0: REG_UPDATE(DPPCLK_CTRL, DPPCLK0_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); break; case 1: REG_UPDATE(DPPCLK_CTRL, DPPCLK1_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable); break; case 2: REG_UPDATE(DPPCLK_CTRL, DPPCLK2_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable); break; case 3: REG_UPDATE(DPPCLK_CTRL, DPPCLK3_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable); break; default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) DPPCLK_EN = %d\n", __func__, dpp_inst, enable); } @@ -1163,14 +1160,18 @@ static void dccg35_update_dpp_dto(struct dccg *dccg, int dpp_inst, ASSERT(false); phase = 0xff; } + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); - } else + } else { dcn35_set_dppclk_enable(dccg, dpp_inst, false); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); + } dccg->pipe_dppclk_khz[dpp_inst] = req_dppclk; } @@ -1182,6 +1183,7 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) return; + switch (dpp_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); @@ -1198,6 +1200,8 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) rcg: %d\n", __func__, dpp_inst, enable); + } static void dccg35_get_pixel_rate_div( @@ -1521,28 +1525,30 @@ static void dccg35_set_physymclk_root_clock_gating( switch (phy_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 1: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 2: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 3: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 4: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); return; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) PHYESYMCLK_ROOT_GATE_DISABLE:\n", __func__, phy_inst, enable ? 0 : 1); + } static void dccg35_set_physymclk( @@ -1643,6 +1649,8 @@ static void dccg35_dpp_root_clock_control( return; if (clock_on) { + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); + /* turn off the DTO and leave phase/modulo at max */ dcn35_set_dppclk_enable(dccg, dpp_inst, 1); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, @@ -1654,6 +1662,8 @@ static void dccg35_dpp_root_clock_control( REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, 0, DPPCLK0_DTO_MODULO, 1); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); } dccg->dpp_clock_gated[dpp_inst] = !clock_on; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 922b8d71cf1aa..63077c1fad859 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -241,11 +241,6 @@ void dcn35_init_hw(struct dc *dc) dc->res_pool->hubbub->funcs->allow_self_refresh_control(dc->res_pool->hubbub, !dc->res_pool->hubbub->ctx->dc->debug.disable_stutter); } - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } - for (i = 0; i < res_pool->audio_count; i++) { struct audio *audio = res_pool->audios[i]; @@ -901,12 +896,18 @@ void dcn35_init_pipes(struct dc *dc, struct dc_state *context) void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) { + struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + + /* enable DCFCLK current DCHUB */ pipe_ctx->plane_res.hubp->funcs->hubp_clk_cntl(pipe_ctx->plane_res.hubp, true); /* initialize HUBP on power up */ pipe_ctx->plane_res.hubp->funcs->hubp_init(pipe_ctx->plane_res.hubp); - + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); /* make sure OPP_PIPE_CLOCK_EN = 1 */ pipe_ctx->stream_res.opp->funcs->opp_pipe_clock_control( pipe_ctx->stream_res.opp, @@ -923,6 +924,7 @@ void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, // Program system aperture settings pipe_ctx->plane_res.hubp->funcs->hubp_set_vm_system_aperture_settings(pipe_ctx->plane_res.hubp, &apt); } + //DC_LOG_DEBUG("%s: dpp_inst(%d) =\n", __func__, dpp->inst); if (!pipe_ctx->top_pipe && pipe_ctx->plane_state @@ -938,6 +940,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) { struct hubp *hubp = pipe_ctx->plane_res.hubp; struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + dc->hwss.wait_for_mpcc_disconnect(dc, dc->res_pool, pipe_ctx); @@ -955,7 +959,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) hubp->funcs->hubp_clk_cntl(hubp, false); dpp->funcs->dpp_dppclk_control(dpp, false, false); -/*to do, need to support both case*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, false); + hubp->power_gated = true; hubp->funcs->hubp_reset(hubp); @@ -967,6 +972,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) pipe_ctx->top_pipe = NULL; pipe_ctx->bottom_pipe = NULL; pipe_ctx->plane_state = NULL; + //DC_LOG_DEBUG("%s: dpp_inst(%d)=\n", __func__, dpp->inst); + } void dcn35_disable_plane(struct dc *dc, struct dc_state *state, struct pipe_ctx *pipe_ctx) -- 2.39.5

5 months, 2 weeks

5
116
0 0

[PATCH v2] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore

by Anvith Dosapati

From: anvithdosapati <anvithdosapati(a)google.com> In ufshcd_host_reset_and_restore, scale up clocks only when clock scaling is supported. Without this change cpu latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Fixes: a3cd5ec55f6c7 ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org --- v2: - Update commit message - Add Fixes and Cc stable drivers/ufs/core/ufshcd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 4410e7d93b7d..fac381ea2b3a 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7802,7 +7802,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba); -- 2.50.0.rc1.591.g9c95f17f64-goog

5 months, 2 weeks

2
1
0 0

[PATCH v2 2/2] usb: gadget: u_serial: Fix race condition in TTY wakeup

by Kuen-Han Tsai

A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE Fixes: 35f95fd7f234 ("TTY: usb/u_serial, use tty from tty_port") Cc: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- v2: - Move the example up to the changelog Traces: [ 51.494375][ T278] ttyGS1: shutdown [ 51.494817][ T269] android_work: sent uevent USB_STATE=DISCONNECTED [ 52.115792][ T1508] usb: [dm_bind] generic ttyGS1: super speed IN/ep1in OUT/ep1out [ 52.516288][ T1026] android_work: sent uevent USB_STATE=CONNECTED [ 52.551667][ T1533] gserial_connect: start ttyGS1 [ 52.565634][ T1533] [khtsai] enter gs_start_io, ttyGS1, port->port.tty=0000000046bd4060 [ 52.565671][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.591552][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.619901][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.638659][ T1325] [khtsai] gs_close, lock port ttyGS1 [ 52.656842][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) ... [ 52.683005][ T1325] [khtsai] gs_close, clear ttyGS1 [ 52.683007][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) done! [ 52.708643][ T1325] [khtsai] gs_close, unlock port ttyGS1 [ 52.747592][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.747616][ T1533] [khtsai] gs_start_io, ttyGS1, going to call tty_wakeup(), port->port.tty=0000000000000000 [ 52.747629][ T1533] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001f8 --- drivers/usb/gadget/function/u_serial.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index c043bdc30d8a..540dc5ab96fc 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -295,8 +295,8 @@ __acquires(&port->port_lock) break; } - if (do_tty_wake && port->port.tty) - tty_wakeup(port->port.tty); + if (do_tty_wake) + tty_port_tty_wakeup(&port->port); return status; } @@ -574,7 +574,7 @@ static int gs_start_io(struct gs_port *port) gs_start_tx(port); /* Unblock any pending writes into our circular buffer, in case * we didn't in gs_start_tx() */ - tty_wakeup(port->port.tty); + tty_port_tty_wakeup(&port->port); } else { /* Free reqs only if we are still connected */ if (port->port_usb) { -- 2.50.0.rc2.692.g299adb8693-goog

5 months, 2 weeks

2
2
0 0

[REGRESSION][BISECTED] intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384

by Vas Novikov

Hi dear LKML and community, this is my first post here, so I'd appreciate any guidance or redirection if it's due. Starting from commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…, HDMI handling for certain refresh rates on my intel iGPU is broken. The error is still present in 6.16rc1. Specifically, this is the command that disambiguates the newer broken kernels: xrandr --output HDMI-1 --auto --scale 1x1 --mode 1920x1080 --rate 120 --pos 0x0 --output eDP-1 --off The important parts are 1920x1080 and 120Hz. When run on commits prior to the bisected above, it behaves as expected, delivering 1920x1080 @ 120Hz. When run on kernel builds with the above commit included (that commit or later), the monitor goes completely blank. After about 30 seconds, it shuts down entirely (which I assume means that from the monitor's perspective, HDMI got "disconnected"). On this link you can see my original report in the ArchLinux community, where Christian Heusel (@gromit) kindly guided me through the bisection process and built the bisection images for me to try: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/14… This link also contains the bisection history. Additional info: * The monitor and the notebook are connected via an HDMI cable, the monitor itself is a 4k@120Hz monitor. * According to `lsmod | grep -E "(i915|Xe)"`, I'm using the i915 kernel driver for the GPU. * The GPU is an iGPU from intel, specifically `Intel Core Ultra 7 155H`. * One symptom that disambiguates the working and non-working kernels, besides whether they actually have the bug, is that the broken kernels cause xrandr to additionally report the 144.05 refresh rate as possible for the monitor, whereas the non-broken kernels consistently cause xrandr to only list refresh rate 120 and below as possible. I'm only ever testing the refresh rate of 120, but the presence of the 144.05 rate is correlated. If any other information or anything is needed, please write. Thank you, Vas ---- #regzbot introduced: 1efd5384277eb71fce20922579061cd3acdb07cf #regzbot title: intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384 #regzbot link: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/145

5 months, 2 weeks

3
4
0 0

[PATCH] pinctrl: nuvoton: Fix boot on ma35dx platforms

by Miquel Raynal

As part of a wider cleanup trying to get rid of OF specific APIs, an incorrect (and partially unrelated) cleanup was introduced. The goal was to replace a device_for_each_chil_node() loop including an additional condition inside by a macro doing both the loop and the check on a single line. The snippet: device_for_each_child_node(dev, child) if (fwnode_property_present(child, "gpio-controller")) continue; was replaced by: for_each_gpiochip_node(dev, child) which expands into: device_for_each_child_node(dev, child) for_each_if(fwnode_property_present(child, "gpio-controller")) This change is actually doing the opposite of what was initially expected, breaking the probe of this driver, breaking at the same time the whole boot of Nuvoton platforms (no more console, the kernel WARN()). Revert these two changes to roll back to the correct behavior. Fixes: 693c9ecd8326 ("pinctrl: nuvoton: Reduce use of OF-specific APIs") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/nuvoton/pinctrl-ma35.c b/drivers/pinctrl/nuvoton/pinctrl-ma35.c index 06ae1fe8b8c5..b51704bafd81 100644 --- a/drivers/pinctrl/nuvoton/pinctrl-ma35.c +++ b/drivers/pinctrl/nuvoton/pinctrl-ma35.c @@ -1074,7 +1074,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct u32 idx = 0; int ret; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + npctl->nfunctions++; npctl->ngroups += of_get_child_count(to_of_node(child)); } @@ -1092,7 +1095,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct if (!npctl->groups) return -ENOMEM; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + ret = ma35_pinctrl_parse_functions(child, npctl, idx++); if (ret) { fwnode_handle_put(child); -- 2.48.1

5 months, 2 weeks

3
3
0 0

[PATCH v2] pinctrl: qcom: msm: mark certain pins as invalid for interrupts

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio_irq_set_type(). Potentially crashing the kernel due to an invalid request from user-space is not optimal, so let's go through the pins and mark those that would fail the check as invalid for the irq chip as we should not even register them as available irqs. This function can be extended if we determine that there are more corner-cases like this. Fixes: f365be092572 ("pinctrl: Add Qualcomm TLMM driver") Cc: stable(a)vger.kernel.org Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Changes in v2: - expand the commit message, describing the underlying code issue in detail - added a newline for better readability drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c index f012ea88aa22c..1ff84e8c176d4 100644 --- a/drivers/pinctrl/qcom/pinctrl-msm.c +++ b/drivers/pinctrl/qcom/pinctrl-msm.c @@ -1038,6 +1038,25 @@ static bool msm_gpio_needs_dual_edge_parent_workaround(struct irq_data *d, test_bit(d->hwirq, pctrl->skip_wake_irqs); } +static void msm_gpio_irq_init_valid_mask(struct gpio_chip *gc, + unsigned long *valid_mask, + unsigned int ngpios) +{ + struct msm_pinctrl *pctrl = gpiochip_get_data(gc); + const struct msm_pingroup *g; + int i; + + bitmap_fill(valid_mask, ngpios); + + for (i = 0; i < ngpios; i++) { + g = &pctrl->soc->groups[i]; + + if (g->intr_detection_width != 1 && + g->intr_detection_width != 2) + clear_bit(i, valid_mask); + } +} + static int msm_gpio_irq_set_type(struct irq_data *d, unsigned int type) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); @@ -1441,6 +1460,7 @@ static int msm_gpio_init(struct msm_pinctrl *pctrl) girq->default_type = IRQ_TYPE_NONE; girq->handler = handle_bad_irq; girq->parents[0] = pctrl->irq; + girq->init_valid_mask = msm_gpio_irq_init_valid_mask; ret = gpiochip_add_data(&pctrl->chip, pctrl); if (ret) { -- 2.48.1

5 months, 2 weeks

2
1
0 0

[PATCH v2] xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS

by xiehongyu1＠kylinos.cn

From: Hongyu Xie <xiehongyu1(a)kylinos.cn> Disable stream for platform xHC controller with broken stream. Fixes: 14aec589327a6 ("storage: accept some UAS devices if streams are unavailable") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Hongyu Xie <xiehongyu1(a)kylinos.cn> --- drivers/usb/host/xhci-plat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 6dab142e72789..c79d5ed48a08b 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -328,7 +328,8 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s } usb3_hcd = xhci_get_usb3_hcd(xhci); - if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4) + if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4 && + !(xhci->quirks & XHCI_BROKEN_STREAMS)) usb3_hcd->can_do_streams = 1; if (xhci->shared_hcd) { -- 2.25.1

5 months, 2 weeks

2
1
0 0

RE: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise removal

by Parav Pandit

Hi Michael, Stefan, > From: Parav Pandit <parav(a)nvidia.com> > Sent: 02 June 2025 08:15 AM > To: mst(a)redhat.com; stefanha(a)redhat.com; axboe(a)kernel.dk; > virtualization(a)lists.linux.dev; linux-block(a)vger.kernel.org > Cc: stable(a)vger.kernel.org; NBU-Contact-Li Rongqing (EXTERNAL) > <lirongqing(a)baidu.com>; Chaitanya Kulkarni <kch(a)nvidia.com>; > xuanzhuo(a)linux.alibaba.com; pbonzini(a)redhat.com; > jasowang(a)redhat.com; alok.a.tiwari(a)oracle.com; Parav Pandit > <parav(a)nvidia.com>; Max Gurtovoy <mgurtovoy(a)nvidia.com>; Israel > Rukshin <israelr(a)nvidia.com> > Subject: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise > removal > > When the PCI device is surprise removed, requests may not complete the > device as the VQ is marked as broken. Due to this, the disk deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however when the driver > knows about unresponsive block device, swiftly clearing them enables users > and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in virtio > used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: Li RongQing <lirongqing(a)baidu.com> > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin <israelr(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > > --- > v4->v5: > - fixed comment style where comment to start with one empty line at start > - Addressed comments from Alok > - fixed typo in broken vq check Did you get a chance to review this version where I fixed all the comments you proposed? [..]

5 months, 2 weeks

1
0
0 0

[PATCH v2 1/3] mtd: spinand: winbond: Fix W35N number of planes/LUN

by Miquel Raynal

There's been a mistake when extracting the geometry of the W35N02 and W35N04 chips from the datasheet. There is a single plane, however there are respectively 2 and 4 LUNs. They are actually referred in the datasheet as dies (equivalent of target), but as there is no die select operation and the chips only feature a single configuration register for the entire chip (instead of one per die), we can reasonably assume we are talking about LUNs and not dies. Reported-by: Andreas Dannenberg <dannenberg(a)ti.com> Suggested-by: Vignesh Raghavendra <vigneshr(a)ti.com> Fixes: 25e08bf66660 ("mtd: spinand: winbond: Add support for W35N02JW and W35N04JW chips") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/spi/winbond.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index 19f8dd4a6370..2808bbd7a16e 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -289,7 +289,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N02JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x22), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 2, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 2, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, @@ -298,7 +298,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N04JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x23), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 4, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 4, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, -- 2.48.1

5 months, 2 weeks

1
0
0 0

RE:Custom Bags factory 2025/6/18 16:02:14

by Steven Xiu

Hi linux-stable-mirror , This is Steven from China, I would like to introduce my company - Xiamen Oready Industry & Trade Co.,Ltd. to you. My company is specialized in manufacturing & exporting all kinds of bags, backpacks, cases, etc with more than 13 years. OEM & ODM orders are welcome. If you're looking for a reliable supplier of bags, you can contact me directly. I'm at your disposal all the time. Looking forward to hearing from you. Kind regards, Steven Xiu Xiamen Oready Industry & Trade Co.,Ltd. If you no longer wish to receive these emails, please unsubscribe here. because kids have to be able to get to school. And that's what we have to do ,00:40,(Laughter) ,00:42,And my idea is this -- all these men and women should be free to decide whether they do or do not want to conceive a child

5 months, 2 weeks

1
0
0 0

[RFC PATCH 5.10 00/16] ITS mitigation for 5.10

by Pawan Gupta

This is the backport for Indirect Target Selection(ITS) mitigation for 5.10. This is only boot tested, so sending it as an RFC for now. I hope some bot picks this up for some at-scale testing. Meanwhile I am doing basic tests around ITS mitigation. In addition to commits in 5.15 ITS backport, below commits are required to make the ITS mitigation work on 5.10. These are the prime target of scrutiny: x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/alternatives: Introduce int3_emulate_jcc() x86/bhi: Define SPEC_CTRL_BHI_DIS_S --- Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peter Zijlstra (4): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 + arch/x86/Kconfig | 11 + arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++- arch/x86/kernel/cpu/common.c | 63 ++++- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- drivers/base/cpu.c | 8 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + 25 files changed, 842 insertions(+), 73 deletions(-) --- base-commit: 01e7e36b8606e5d4fddf795938010f7bfa3aa277 change-id: 20250609-its-5-10-a656ce2e08ce Best regards, -- Pawan

5 months, 2 weeks

3
19
0 0

[PATCH 1/4] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Cc: stable(a)vger.kernel.org Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index eda35be2a8d9..4e7ef343a29b 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

5 months, 2 weeks

3
3
0 0

+ ocfs2-reset-folio-to-null-when-get-folio-fails.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: reset folio to NULL when get folio fails has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-reset-folio-to-null-when-get-folio-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: reset folio to NULL when get folio fails Date: Mon, 16 Jun 2025 09:31:40 +0800 The reproducer uses FAULT_INJECTION to make memory allocation fail, which causes __filemap_get_folio() to fail, when initializing w_folios[i] in ocfs2_grab_folios_for_write(), it only returns an error code and the value of w_folios[i] is the error code, which causes ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when releasing folios. Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com Reported-by: syzbot+c2ea94ae47cd7e3881ec(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are ocfs2-reset-folio-to-null-when-get-folio-fails.patch

5 months, 2 weeks

1
0
0 0

[PATCH 5.15] xfs: allow inode inactivation during a ro mount log recovery

by Amir Goldstein

From: "Darrick J. Wong" <djwong(a)kernel.org> [ Upstream commit 76e589013fec672c3587d6314f2d1f0aeddc26d9 ] In the next patch, we're going to prohibit log recovery if the primary superblock contains an unrecognized rocompat feature bit even on readonly mounts. This requires removing all the code in the log mounting process that temporarily disables the readonly state. Unfortunately, inode inactivation disables itself on readonly mounts. Clearing the iunlinked lists after log recovery needs inactivation to run to free the unreferenced inodes, which (AFAICT) is the only reason why log mounting plays games with the readonly state in the first place. Therefore, change the inactivation predicates to allow inactivation during log recovery of a readonly mount. Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Stable-dep-of: 74ad4693b647 ("xfs: fix log recovery when unknown rocompat bits are set") Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- Sasha, This 5.15 backport is needed to fix a regression introduced to test generic/417 in kernel v5.15.176. With this backport, kernel v5.15.185 passed the fstests quick run. As you may have noticed, 5.15.y (and 5.10.y) are not being actively maintained by xfs stable maintainer who moved their focus to 6.*.y LTS kernels. The $SUBJECT commit is a dependency of commit 74ad4693b647, as hinted by the wording: "In the next patch, we're going to... This requires...". Indeed, Leah has backported commit 74ad4693b647 to 6.1.y along with its dependency, yet somehow, commit 74ad4693b647 found its way to v5.15.176, without the dependency and without the xfs stable review process. Judging by the line: Stable-dep-of: 652f03db897b ("xfs: remove unknown compat feature check in superblock write validation") that exists only in the 5.15.y tree, I deduce that your bot has auto selected this patch in the process of backporting the commit 652f03db897b, which was explicitly marked for stable v4.19+ [1]. I don't know if there is a lesson to be learned from this incident. Applying xfs backports without running fstests regression is always going to be a gamble. I will leave it up to you to decide if anything in the process of applying xfs patches to <= v5.15.y needs to change. Thanks, Amir. [1] https://lore.kernel.org/linux-xfs/ZzFon-0VbKscbGMT@localhost.localdomain/ fs/xfs/xfs_inode.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 3b36d5569d15..98955cd0de40 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -32,6 +32,7 @@ #include "xfs_symlink.h" #include "xfs_trans_priv.h" #include "xfs_log.h" +#include "xfs_log_priv.h" #include "xfs_bmap_btree.h" #include "xfs_reflink.h" #include "xfs_ag.h" @@ -1678,8 +1679,11 @@ xfs_inode_needs_inactive( if (VFS_I(ip)->i_mode == 0) return false; - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) return false; /* If the log isn't running, push inodes straight to reclaim. */ @@ -1739,8 +1743,11 @@ xfs_inactive( mp = ip->i_mount; ASSERT(!xfs_iflags_test(ip, XFS_IRECOVERY)); - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) goto out; /* Metadata inodes require explicit resource cleanup. */ -- 2.47.1

5 months, 2 weeks

2
1
0 0

[PATCH] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 17 ++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..567ccfdecded 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -428,9 +429,19 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) } /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronise the + * software endpointp state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..c26abef6e1c9 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,9 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* Halt Endpoint Command TRB field. */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

5 months, 2 weeks

3
2
0 0

+ fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Date: Tue, 17 Jun 2025 16:35:32 +0200 is_zero_pfn() does not work for the huge zero folio. Fix it by using is_huge_zero_pmd(). This can cause the PAGEMAP_SCAN ioctl against /proc/pid/pagemap to omit pages. Found by code inspection. Link: https://lkml.kernel.org/r/20250617143532.2375383-1-david@redhat.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio +++ a/fs/proc/task_mmu.c @@ -2182,7 +2182,7 @@ static unsigned long pagemap_thp_categor categories |= PAGE_IS_FILE; } - if (is_zero_pfn(pmd_pfn(pmd))) + if (is_huge_zero_pmd(pmd)) categories |= PAGE_IS_PFNZERO; if (pmd_soft_dirty(pmd)) categories |= PAGE_IS_SOFT_DIRTY; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

5 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] kbuild: hdrcheck: fix cross build with clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 02e9a22ceef0227175e391902d8760425fa072c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061706-stylishly-ravioli-ffa1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02e9a22ceef0227175e391902d8760425fa072c6 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Tue, 25 Feb 2025 11:00:31 +0100 Subject: [PATCH] kbuild: hdrcheck: fix cross build with clang The headercheck tries to call clang with a mix of compiler arguments that don't include the target architecture. When building e.g. x86 headers on arm64, this produces a warning like clang: warning: unknown platform, assuming -mfloat-abi=soft Add in the KBUILD_CPPFLAGS, which contain the target, in order to make it build properly. See also 1b71c2fb04e7 ("kbuild: userprogs: fix bitsize and target detection on clang"). Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> diff --git a/usr/include/Makefile b/usr/include/Makefile index 6c6de1b1622b..e3d6b03527fe 100644 --- a/usr/include/Makefile +++ b/usr/include/Makefile @@ -10,7 +10,7 @@ UAPI_CFLAGS := -std=c90 -Wall -Werror=implicit-function-declaration # In theory, we do not care -m32 or -m64 for header compile tests. # It is here just because CONFIG_CC_CAN_LINK is tested with -m32 or -m64. -UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # USERCFLAGS might contain sysroot location for CC. UAPI_CFLAGS += $(USERCFLAGS)

5 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: fix bitsize and target detection on clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1b71c2fb04e7a713abc6edde4a412416ff3158f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061733-fineness-scale-bebf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b71c2fb04e7a713abc6edde4a412416ff3158f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Thu, 13 Feb 2025 15:55:17 +0100 Subject: [PATCH] kbuild: userprogs: fix bitsize and target detection on clang MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit scripts/Makefile.clang was changed in the linked commit to move --target from KBUILD_CFLAGS to KBUILD_CPPFLAGS, as that generally has a broader scope. However that variable is not inspected by the userprogs logic, breaking cross compilation on clang. Use both variables to detect bitsize and target arguments for userprogs. Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index 52207bcb1a9d..272db408be5c 100644 --- a/Makefile +++ b/Makefile @@ -1120,8 +1120,8 @@ LDFLAGS_vmlinux += --orphan-handling=$(CONFIG_LD_ORPHAN_WARN_LEVEL) endif # Align the bit size of userspace programs with the kernel -KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) -KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) +KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # make the checker run with the right architecture CHECKFLAGS += --arch=$(ARCH)

5 months, 2 weeks

2
1
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Wed, 18 Jun 2025 02:35:00 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in". The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. Two of the patches in this series come from the swap table series [1], and it is worth noting that the performance gain of this series is independent of the swap table series, we'll see another bigger performance gain and reduction of memory usage after the swap table series. I found these issues while trying to split the shmem changes out of the swap table series for easier reviewing, and found several more issues while doing stress tests for performance comparision. Barry also mentioned that CONFIG_TRANSPARENT_HUGEPAGE may have redundant checks [2] and I managed to clean them up properly too. No issue is found with a few days of stress testing. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250617183503.10527-1-ryncsn@gmail.com Link: https://lore.kernel.org/linux-mm/20250514201729.48420-1-ryncsn@gmail.com/ [1] Link: https://lore.kernel.org/linux-mm/CAMgjq7AsKFz7UN+seR5atznE_RBTDC9qjDmwN5saM… [2] Link: https://lkml.kernel.org/r/20250617183503.10527-2-ryncsn@gmail.com Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

5 months, 2 weeks

1
0
0 0

[PATCH net] can: tcan4x5x: fix power regulator retrieval during probe

by Marc Kleine-Budde

From: Brett Werling <brett.werling(a)garmin.com> Fixes the power regulator retrieval in tcan4x5x_can_probe() by ensuring the regulator pointer is not set to NULL in the successful return from devm_regulator_get_optional(). Fixes: 3814ca3a10be ("can: tcan4x5x: tcan4x5x_can_probe(): turn on the power before parsing the config") Signed-off-by: Brett Werling <brett.werling(a)garmin.com> Link: https://patch.msgid.link/20250612191825.3646364-1-brett.werling@garmin.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/m_can/tcan4x5x-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/m_can/tcan4x5x-core.c b/drivers/net/can/m_can/tcan4x5x-core.c index e5c162f8c589..8edaa339d590 100644 --- a/drivers/net/can/m_can/tcan4x5x-core.c +++ b/drivers/net/can/m_can/tcan4x5x-core.c @@ -411,10 +411,11 @@ static int tcan4x5x_can_probe(struct spi_device *spi) priv = cdev_to_priv(mcan_class); priv->power = devm_regulator_get_optional(&spi->dev, "vsup"); - if (PTR_ERR(priv->power) == -EPROBE_DEFER) { - ret = -EPROBE_DEFER; - goto out_m_can_class_free_dev; - } else { + if (IS_ERR(priv->power)) { + if (PTR_ERR(priv->power) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto out_m_can_class_free_dev; + } priv->power = NULL; } base-commit: 7b4ac12cc929e281cf7edc22203e0533790ebc2b -- 2.47.2

5 months, 2 weeks

2
1
0 0

[tip: x86/urgent] x86/mm: Disable INVLPGB when PTI is enabled

by tip-bot2 for Dave Hansen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Gitweb: https://git.kernel.org/tip/94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Author: Dave Hansen <dave.hansen(a)linux.intel.com> AuthorDate: Tue, 10 Jun 2025 15:24:20 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 17 Jun 2025 15:36:57 -07:00 x86/mm: Disable INVLPGB when PTI is enabled PTI uses separate ASIDs (aka. PCIDs) for kernel and user address spaces. When the kernel needs to flush the user address space, it just sets a bit in a bitmap and then flushes the entire PCID on the next switch to userspace. This bitmap is a single 'unsigned long' which is plenty for all 6 dynamic ASIDs. But, unfortunately, the INVLPGB support brings along a bunch more user ASIDs, as many as ~2k more. The bitmap can't address that many. Fortunately, the bitmap is only needed for PTI and all the CPUs with INVLPGB are AMD CPUs that aren't vulnerable to Meltdown and don't need PTI. The only way someone can run into an issue in practice is by booting with pti=on on a newer AMD CPU. Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap. Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug. Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Rik van Riel <riel(a)surriel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250610222420.E8CBF472%40davehans-spike.ostc.i… --- arch/x86/mm/pti.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 1902998..c0c40b6 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -98,6 +98,11 @@ void __init pti_check_boottime_disable(void) return; setup_force_cpu_cap(X86_FEATURE_PTI); + + if (cpu_feature_enabled(X86_FEATURE_INVLPGB)) { + pr_debug("PTI enabled, disabling INVLPGB\n"); + setup_clear_cpu_cap(X86_FEATURE_INVLPGB); + } } static int __init pti_parse_cmdline(char *arg)

5 months, 2 weeks

1
0
0 0

[PATCH v2 0/3] soc: qcom: mdt_loader: Validation and cleanup fixes

by Bjorn Andersson

Signed-off-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> --- Changes in v2: - Validate e_phentsize and and e_shentsize as well --- Bjorn Andersson (3): soc: qcom: mdt_loader: Ensure we don't read past the ELF header soc: qcom: mdt_loader: Rename mdt_phdr_valid() soc: qcom: mdt_loader: Actually use the e_phoff drivers/soc/qcom/mdt_loader.c | 63 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 53 insertions(+), 10 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250604-mdt-loader-validation-and-fixes-5c3267f5b19f Best regards, -- Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>

5 months, 2 weeks

3
3
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function]...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] in drivers/thermal/mediatek/lvts_thermal.o (drivers/thermal/mediatek/lvts_thermal.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 519e0647630e07972733e99a0dc82065a65736ea Log excerpt: ===================================================== drivers/thermal/mediatek/lvts_thermal.c:262:13: error: ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] 262 | static void lvts_debugfs_exit(struct lvts_domain *lvts_td) { } | ^~~~~~~~~~~~~~~~~ CC [M] drivers/watchdog/softdog.o cc1: all warnings being treated as errors ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-mediatek.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685194ac5c2cf25042b9c1a8 #kernelci issue maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 months, 2 weeks

1
0
0 0

Request for backport of 358de8b4f201 to LTS kernels

by Chuck Lever

Hi Greg & Sasha ! I ran into some trouble in my nightly CI systems that test v6.6.y and v6.1.y. Using "make binrpm-pkg" followed by "rpm -iv ..." results in the test systems being unbootable because the vmlinuz file is never copied to /boot. The test systems are imaged with Fedora 39. I found a related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=2239008 It appears there is a missing fix in LTS kernels. I bisected the kernel fix to: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") which includes a "Cc: stable" tag but does not appear in origin/linux-6.6.y, origin/linux-6.1.y, or origin/5.15.y (I did not look further back than that). Would it be appropriate to apply 358de8b4f201 to LTS kernels? -- Chuck Lever

5 months, 2 weeks

2
3
0 0

[PATCH v2] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- Changes in v2: - Fix endianness of rq_accept_statp assignment - Better describe the way the crash happens and how this fixes it - point Fixes: tag at correct patch - add Cc: stable tag --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

5 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] rust: compile libcore with edition 2024 for 1.87+" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f4daa80d6be7d3c55ca72a8e560afc4e21f886aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061734-shale-reliably-8969@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4daa80d6be7d3c55ca72a8e560afc4e21f886aa Mon Sep 17 00:00:00 2001 From: Gary Guo <gary(a)garyguo.net> Date: Sat, 17 May 2025 09:55:59 +0100 Subject: [PATCH] rust: compile libcore with edition 2024 for 1.87+ Rust 1.87 (released on 2025-05-15) compiles core library with edition 2024 instead of 2021 [1]. Ensure that the edition matches libcore's expectation to avoid potential breakage. [ J3m3 reported in Zulip [2] that the `rust-analyzer` target was broken after this patch -- indeed, we need to avoid `core-cfgs` since those are passed to the `rust-analyzer` target. So, instead, I tweaked the patch to create a new `core-edition` variable and explicitly mention the `--edition` flag instead of reusing `core-cfg`s. In addition, pass a new argument using this new variable to `generate_rust_analyzer.py` so that we set the right edition there. By the way, for future reference: the `filter-out` change is needed for Rust < 1.87, since otherwise we would skip the `--edition=2021` we just added, ending up with no edition flag, and thus the compiler would default to the 2015 one. [2] https://rust-for-linux.zulipchat.com/#narrow/channel/291565/topic/x/near/52… - Miguel ] Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust/pull/138162 [1] Reported-by: est31 <est31(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/1163 Signed-off-by: Gary Guo <gary(a)garyguo.net> Link: https://lore.kernel.org/r/20250517085600.2857460-1-gary@garyguo.net Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/Makefile b/rust/Makefile index f207ba0ed466..d62b58d0a55c 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -60,6 +60,8 @@ endif core-cfgs = \ --cfg no_fp_fmt_parse +core-edition := $(if $(call rustc-min-version,108700),2024,2021) + # `rustc` recognizes `--remap-path-prefix` since 1.26.0, but `rustdoc` only # since Rust 1.81.0. Moreover, `rustdoc` ICEs on out-of-tree builds since Rust # 1.82.0 (https://github.com/rust-lang/rust/issues/138520). Thus workaround both @@ -106,8 +108,8 @@ rustdoc-macros: $(src)/macros/lib.rs FORCE # Starting with Rust 1.82.0, skipping `-Wrustdoc::unescaped_backticks` should # not be needed -- see https://github.com/rust-lang/rust/pull/128307. -rustdoc-core: private skip_flags = -Wrustdoc::unescaped_backticks -rustdoc-core: private rustc_target_flags = $(core-cfgs) +rustdoc-core: private skip_flags = --edition=2021 -Wrustdoc::unescaped_backticks +rustdoc-core: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) rustdoc-core: $(RUST_LIB_SRC)/core/src/lib.rs FORCE +$(call if_changed,rustdoc) @@ -416,7 +418,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L cmd_rustc_library = \ OBJTREE=$(abspath $(objtree)) \ $(if $(skip_clippy),$(RUSTC),$(RUSTC_OR_CLIPPY)) \ - $(filter-out $(skip_flags),$(rust_flags) $(rustc_target_flags)) \ + $(filter-out $(skip_flags),$(rust_flags)) $(rustc_target_flags) \ --emit=dep-info=$(depfile) --emit=obj=$@ \ --emit=metadata=$(dir $@)$(patsubst %.o,lib%.rmeta,$(notdir $@)) \ --crate-type rlib -L$(objtree)/$(obj) \ @@ -427,7 +429,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L rust-analyzer: $(Q)MAKEFLAGS= $(srctree)/scripts/generate_rust_analyzer.py \ - --cfgs='core=$(core-cfgs)' \ + --cfgs='core=$(core-cfgs)' $(core-edition) \ $(realpath $(srctree)) $(realpath $(objtree)) \ $(rustc_sysroot) $(RUST_LIB_SRC) $(if $(KBUILD_EXTMOD),$(srcroot)) \ > rust-project.json @@ -483,9 +485,9 @@ $(obj)/helpers/helpers.o: $(src)/helpers/helpers.c $(recordmcount_source) FORCE $(obj)/exports.o: private skip_gendwarfksyms = 1 $(obj)/core.o: private skip_clippy = 1 -$(obj)/core.o: private skip_flags = -Wunreachable_pub +$(obj)/core.o: private skip_flags = --edition=2021 -Wunreachable_pub $(obj)/core.o: private rustc_objcopy = $(foreach sym,$(redirect-intrinsics),--redefine-sym $(sym)=__rust$(sym)) -$(obj)/core.o: private rustc_target_flags = $(core-cfgs) +$(obj)/core.o: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) $(obj)/core.o: $(RUST_LIB_SRC)/core/src/lib.rs \ $(wildcard $(objtree)/include/config/RUSTC_VERSION_TEXT) FORCE +$(call if_changed_rule,rustc_library) diff --git a/scripts/generate_rust_analyzer.py b/scripts/generate_rust_analyzer.py index fe663dd0c43b..7c3ea2b55041 100755 --- a/scripts/generate_rust_analyzer.py +++ b/scripts/generate_rust_analyzer.py @@ -19,7 +19,7 @@ def args_crates_cfgs(cfgs): return crates_cfgs -def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): +def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs, core_edition): # Generate the configuration list. cfg = [] with open(objtree / "include" / "generated" / "rustc_cfg") as fd: @@ -35,7 +35,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): crates_indexes = {} crates_cfgs = args_crates_cfgs(cfgs) - def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False): + def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False, edition="2021"): crate = { "display_name": display_name, "root_module": str(root_module), @@ -43,7 +43,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): "is_proc_macro": is_proc_macro, "deps": [{"crate": crates_indexes[dep], "name": dep} for dep in deps], "cfg": cfg, - "edition": "2021", + "edition": edition, "env": { "RUST_MODFILE": "This is only for rust-analyzer" } @@ -61,6 +61,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): display_name, deps, cfg=[], + edition="2021", ): append_crate( display_name, @@ -68,12 +69,13 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): deps, cfg, is_workspace_member=False, + edition=edition, ) # NB: sysroot crates reexport items from one another so setting up our transitive dependencies # here is important for ensuring that rust-analyzer can resolve symbols. The sources of truth # for this dependency graph are `(sysroot_src / crate / "Cargo.toml" for crate in crates)`. - append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", [])) + append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", []), edition=core_edition) append_sysroot_crate("alloc", ["core"]) append_sysroot_crate("std", ["alloc", "core"]) append_sysroot_crate("proc_macro", ["core", "std"]) @@ -177,6 +179,7 @@ def main(): parser = argparse.ArgumentParser() parser.add_argument('--verbose', '-v', action='store_true') parser.add_argument('--cfgs', action='append', default=[]) + parser.add_argument("core_edition") parser.add_argument("srctree", type=pathlib.Path) parser.add_argument("objtree", type=pathlib.Path) parser.add_argument("sysroot", type=pathlib.Path) @@ -193,7 +196,7 @@ def main(): assert args.sysroot in args.sysroot_src.parents rust_project = { - "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs), + "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs, args.core_edition), "sysroot": str(args.sysroot), }

5 months, 2 weeks

3
3
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) clang: error: assembler command failed with exit code 1 (use -v to...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- clang: error: assembler command failed with exit code 1 (use -v to see invocation) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC lib/idr.o CC drivers/gpu/host1x/debug.o CC drivers/clk/rockchip/clk-rk3328.o CC drivers/clk/rockchip/clk-rk3368.o CC lib/ioremap.o CC drivers/gpu/drm/drm_probe_helper.o CC drivers/clk/rockchip/clk-rk3399.o /tmp/qcom_scm-32-2d4d72.s: Assembler messages: /tmp/qcom_scm-32-2d4d72.s:56: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:69: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:173: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:394: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:545: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:930: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1070: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1117: Error: selected processor does not support `smc #0' in ARM mode clang: error: assembler command failed with exit code 1 (use -v to see invocation) ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191885c2cf25042b9bb39 ## multi_v7_defconfig on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191845c2cf25042b9bb35 #kernelci issue maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupport...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] in drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.o (drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 2c86adab41e98d103953bf8c447202c9147150ab Log excerpt: ===================================================== drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c:3795:6: error: stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3795 | void dml31_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn303/dcn303_fpu.o 1 error generated. CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn314/dcn314_fpu.o ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+kselftest+x86-board on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685193725c2cf25042b9bcc9 #kernelci issue maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [lo...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler] --- - dashboard: https://d.kernelci.org/i/maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC drivers/firmware/trusted_foundations.o CC drivers/clk/qcom/clk-regmap.o CC drivers/gpio/gpio-pl061.o CC kernel/resource.o CC kernel/sysctl.o /tmp/ccsKkK07.s: Assembler messages: /tmp/ccsKkK07.s:45: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:94: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:160: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:296: Error: selected processor does not support `smc #0' in ARM mode ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191a35c2cf25042b9bb4f ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191ab5c2cf25042b9bb56 #kernelci issue maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) integer literal is too large to be represented in type 'long', int...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] in drivers/gpu/drm/meson/meson_vclk.o (drivers/gpu/drm/meson/meson_vclk.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:ae3b0334acd91200d6ced325a381bafac2d46493 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: d99cd6f3a570e2f93e8f966b8ca772ef3da54fe2 Log excerpt: ===================================================== drivers/gpu/drm/meson/meson_vclk.c:399:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 399 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:411:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 411 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:423:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 423 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:436:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 436 | .phy_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:460:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 460 | .phy_freq = 2970000000, | ^ CC [M] net/dccp/feat.o drivers/gpu/drm/meson/meson_vclk.c:850:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 850 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:868:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 868 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:885:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 885 | case 2970000000: | ^ 8 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685192b15c2cf25042b9bc2e #kernelci issue maestro:ae3b0334acd91200d6ced325a381bafac2d46493 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

5 months, 2 weeks

1
0
0 0

[PATCH v2] serial: core: restore of_node information in sysfs

by Aidan Stewart

Since in v6.8-rc1, the of_node symlink under tty devices is missing. This breaks any udev rules relying on this information. Link the of_node information in the serial controller device with the parent defined in the device tree. This will also apply to the serial device which takes the serial controller as a parent device. Fixes: b286f4e87e32 ("serial: core: Move tty and serdev to be children of serial core port device") Cc: stable(a)vger.kernel.org Signed-off-by: Aidan Stewart <astewart(a)tektelic.com> --- v1 -> v2: - v1: https://lore.kernel.org/linux-serial/20250616162154.9057-1-astewart@tekteli… - Remove IS_ENABLED(CONFIG_OF) check. --- drivers/tty/serial/serial_base_bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/serial_base_bus.c b/drivers/tty/serial/serial_base_bus.c index 5d1677f1b651..cb3b127b06b6 100644 --- a/drivers/tty/serial/serial_base_bus.c +++ b/drivers/tty/serial/serial_base_bus.c @@ -72,6 +72,7 @@ static int serial_base_device_init(struct uart_port *port, dev->parent = parent_dev; dev->bus = &serial_base_bus_type; dev->release = release; + device_set_of_node_from_dev(dev, parent_dev); if (!serial_base_initialized) { dev_dbg(port->dev, "uart_add_one_port() called before arch_initcall()?\n"); -- 2.49.0

5 months, 2 weeks

1
0
0 0

[PATCH 6.12.y 0/2] Kunit to check the longest symbol length

by Sergio González Collado

The longest length of a symbol (KSYM_NAME_LEN) was increased to 512 in the reference [1]. Because in Rust symbols can become quite long due to namespacing introduced by modules, types, traits, generics, etc. This patch series presents two commits that implement a test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit: To check that symbol length was valid, the commit implements a kunit test that verifies that a symbol of 512 length can be read. The second commit: There was a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/20220802015052.10452-6-ojeda@kernel.org/ --- Nathan Chancellor (1): x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Sergio González Collado (1): Kunit to check the longest symbol length arch/x86/tools/insn_decoder_test.c | 5 +- lib/Kconfig.debug | 9 ++++ lib/Makefile | 2 + lib/longest_symbol_kunit.c | 82 ++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 lib/longest_symbol_kunit.c base-commit: ba9210b8c96355a16b78e1b890dce78f284d6f31 -- 2.39.2

5 months, 2 weeks

4
11
0 0