- Linux-stable-mirror - lists.linaro.org

[PATCH v2] wifi: mt76: mt7925: fix the incomplete revert of [tx,rx]_ba for MLO

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Since the `Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"` was not completely clean, submit this patch to fully clean it up. Cc: stable(a)vger.kernel.org Fixes: 73915469c55a ("Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"") Change-Id: I2d851e6b79905baae35f691578bf50d56ad0adbf Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- v2: rewrite the subject --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 1ecba46d770d..1bdc313844c4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -572,10 +572,10 @@ void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb) static int mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, - struct mt76_wcid *wcid, struct ieee80211_ampdu_params *params, bool enable, bool tx) { + struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv; struct sta_rec_ba_uni *ba; struct sk_buff *skb; struct tlv *tlv; @@ -608,13 +608,12 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; if (enable && !params->amsdu) msta->deflink.wcid.amsdu = false; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, true); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, @@ -623,10 +622,9 @@ int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, false); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, false); } static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val) -- 2.45.2

6 months

2
1
0 0

Re: sched/deadline: warning in migrate_enable for boosted tasks

by juri.lelli＠redhat.com

Hello, On 14/03/25 04:02, Ma, Jiping wrote: > Hi, All > > We encounter this kernel warning, it looks similar with the one you > are discussing [PATCH 6.6 331/356] sched/deadline: Fix warning in > migrate_enable for boosted tasks - Greg > Kroah-Hartman<https://lore.kernel.org/all/20241212144257.639344223@linuxfoundation.org/>. > Do you have any idea for the issue? > > kernel: warning [ 998.494702] WARNING: CPU: 19 PID: 217 at kernel/sched/deadline.c:277 dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494705] Modules linked in: iptable_nat ceph netfs macvlan igb_uio(O) uio nbd rbd libceph dns_resolver nf_conntrack_netlink nfnetlink_queue xt_NFQUEUE xt_set xt_multiport ipt_rpfilter ip6t_rpfilter ip_set_hash_net ip_set_hash_ip ip_set veth wireguard libchacha20poly1305 chacha_x86_64 poly1305_x86_64 curve25519_x86_64 libcurve25519_generic libchacha xt_nat xt_MASQUERADE xt_mark ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment vfio_pci vfio_pci_core binfmt_misc iscsi_target_mod target_core_mod drbd dm_crypt trusted asn1_encoder xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge virtio_net net_failover failover nfsd auth_rpcgss nfs_acl lockd grace overlay 8021q garp stp mrp llc xfs vfio_iommu_type1 vfio sctp ip6_udp_tunnel udp_tunnel xprtrdma(O) svcrdma(O) rpcrdma(O) nvmet_rdma(O) nvme_rdma(O) ib_srp(O) ib_isert(O) ib_iser(O) rdma_rxe(O) mlx5_ib(O) mlx5_core(O) mlxfw(O) mlxdevm(O) psample tls macsec rdma_ucm(O) rdma_cm(O) iw_cm(O) > kernel: warning [ 998.494748] ib_uverbs(O) ib_ucm(O) ib_cm(O) lru_cache libcrc32c fuse drm sunrpc efivarfs ip_tables ext4 mbcache jbd2 dm_multipath dm_mod sd_mod t10_pi crc64_rocksoft_generic crc64_rocksoft crc64 iTCO_wdt wmi_bmof iTCO_vendor_support dell_smbios dell_wmi_descriptor ledtrig_audio rfkill video intel_uncore_frequency intel_uncore_frequency_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul bnxt_re(O) crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 ib_core(O) rapl mlx_compat(O) uas intel_cstate intel_uncore acpi_ipmi mei_me ahci i2c_i801 bnxt_en(O) usb_storage i2c_smbus intel_pch_thermal mei libahci intel_vsec wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter iavf(O) i40e(O) ice(O) [last unloaded: drbd] > kernel: warning [ 998.494781] CPU: 19 PID: 217 Comm: ktimers/19 Kdump: loaded Tainted: G W O 6.6.0-1-rt-amd64 #1 Debian 6.6.52-1.stx.95 > kernel: warning [ 998.494783] Hardware name: Dell Inc. PowerEdge XR11/0P2RNT, BIOS 1.15.2 09/10/2024 > kernel: warning [ 998.494784] RIP: 0010:dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494786] Code: 48 c7 c7 e0 eb 89 ae c6 05 fd a2 6d 01 01 e8 9b ac f9 ff 0f 0b eb 81 48 c7 c7 c5 39 83 ae c6 05 e7 a2 6d 01 01 e8 84 ac f9 ff <0f> 0b 48 8b 83 28 09 00 00 49 39 c5 0f 83 53 ff ff ff 48 c7 83 28 > kernel: warning [ 998.494788] RSP: 0000:ff32fa3140adbca8 EFLAGS: 00010082 > kernel: warning [ 998.494790] RAX: 0000000000000000 RBX: ff2ef1f93faf23c0 RCX: ff2ef1f93fae0608 > kernel: warning [ 998.494791] RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ff2ef1f93fae0600 > kernel: warning [ 998.494793] RBP: ff2ef1e9c19eaf80 R08: 0000000000000000 R09: ff32fa3140adbc30 > kernel: warning [ 998.494794] R10: 0000000000000001 R11: 0000000000000015 R12: 000000000000000e > kernel: warning [ 998.494795] R13: 0000000000000000 R14: 00000000ffffffff R15: 000000000000000e > kernel: warning [ 998.494796] FS: 0000000000000000(0000) GS:ff2ef1f93fac0000(0000) knlGS:0000000000000000 > kernel: warning [ 998.494798] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > kernel: warning [ 998.494799] CR2: 00000000181b50a0 CR3: 000000063db68005 CR4: 0000000000771ee0 > kernel: warning [ 998.494801] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > kernel: warning [ 998.494802] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > kernel: warning [ 998.494803] PKRU: 55555554 > kernel: warning [ 998.494804] Call Trace: > kernel: warning [ 998.494805] <TASK> > kernel: warning [ 998.494805] ? __warn+0x89/0x140 > kernel: warning [ 998.494808] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494810] ? report_bug+0x198/0x1b0 > kernel: warning [ 998.494814] ? handle_bug+0x3c/0x70 > kernel: warning [ 998.494816] ? exc_invalid_op+0x18/0x70 > kernel: warning [ 998.494818] ? asm_exc_invalid_op+0x1a/0x20 > kernel: warning [ 998.494821] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494823] ? dequeue_task_dl+0x16c/0x1f0 > kernel: warning [ 998.494825] rt_mutex_setprio+0x240/0x460 > kernel: warning [ 998.494828] rt_mutex_slowunlock+0x143/0x280 > kernel: warning [ 998.494831] ? __pfx_mce_timer_fn+0x10/0x10 > kernel: warning [ 998.494833] mce_timer_fn+0x90/0xe0 > kernel: warning [ 998.494835] ? __pfx_mce_timer_fn+0x10/0x10 > kernel: warning [ 998.494837] call_timer_fn+0x24/0x130 > kernel: warning [ 998.494840] expire_timers+0xd3/0x1c0 Not sure it's the same issue. Stacktrace looks different. Anyway, are you maybe able to verify if the issue is still reproducible with latest v6.6-rt stable (v6.6.78-rt51 at the time of writing)? Looks like you are on v6.6-rt, thus the question. Thanks, Juri

6 months

2
1
0 0

[PATCH v3 0/2] R-Car CANFD fixes

by Biju Das

This patch series addresses 2 issues 1) Fix typo in pattern properties for R-Car V4M. 2) Fix page entries in the AFL list. v2->v3: * Collected tags. * Dropped unused variables cfg and start from rcar_canfd_configure_afl_rules(). v1->v2: * Split fixes patches as separate series. * Added Rb tag from Geert for binding patch. * Added the tag Cc:stable@vger.kernel.org Biju Das (2): dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M can: rcar_canfd: Fix page entries in the AFL list .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- drivers/net/can/rcar/rcar_canfd.c | 28 ++++++++----------- 2 files changed, 12 insertions(+), 18 deletions(-) -- 2.43.0

6 months

2
3
0 0

[PATCH v4 0/7] KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs

by Akihiko Odaki

Prepare vPMC registers for user-initiated changes after first run. This is important specifically for debugging Windows on QEMU with GDB; QEMU tries to write back all visible registers when resuming the VM execution with GDB, corrupting the PMU state. Windows always uses the PMU so this can cause adverse effects on that particular OS. This series also contains patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}", which reverts semantic changes made for the mentioned registers in the past. It is necessary to migrate the PMU state properly on Firecracker, QEMU, and crosvm. Signed-off-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> --- Changes in v4: - Reverted changes for functions implementing ioctls in patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Removed kvm_pmu_vcpu_reset(). - Reordered function calls in kvm_vcpu_reload_pmu() for better style. - Link to v3: https://lore.kernel.org/r/20250312-pmc-v3-0-0411cab5dc3d@daynix.com Changes in v3: - Added patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Added an explanation of this path series' motivation to each patch. - Explained why userspace register writes and register reset should be covered in patch "KVM: arm64: PMU: Reload when user modifies registers". - Marked patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" for stable. - Reoreded so that patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" would come first. - Added patch "KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0". - Added patch "KVM: arm64: Reload PMCNTENSET_EL0". - Link to v2: https://lore.kernel.org/r/20250307-pmc-v2-0-6c3375a5f1e4@daynix.com Changes in v2: - Changed to utilize KVM_REQ_RELOAD_PMU as suggested by Oliver Upton. - Added patch "KVM: arm64: PMU: Reload when user modifies registers" to cover more registers. - Added patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}". - Link to v1: https://lore.kernel.org/r/20250302-pmc-v1-1-caff989093dc@daynix.com --- Akihiko Odaki (7): KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} KVM: arm64: PMU: Assume PMU presence in pmu-emul.c KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs KVM: arm64: PMU: Reload when user modifies registers KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0 KVM: arm64: PMU: Reload PMCNTENSET_EL0 KVM: arm64: PMU: Reload when resetting arch/arm64/kvm/arm.c | 8 ++++--- arch/arm64/kvm/pmu-emul.c | 60 ++++++++++++++--------------------------------- arch/arm64/kvm/reset.c | 3 --- arch/arm64/kvm/sys_regs.c | 53 +++++++++++++++++++++++------------------ include/kvm/arm_pmu.h | 3 +-- 5 files changed, 53 insertions(+), 74 deletions(-) --- base-commit: da2f480cb24d39d480b1e235eda0dd2d01f8765b change-id: 20250302-pmc-b90a86af945c Best regards, -- Akihiko Odaki <akihiko.odaki(a)daynix.com>

6 months

2
2
0 0

patch "iio: adc: ad7768-1: Fix conversion result sign" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7768-1: Fix conversion result sign to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 8236644f5ecb180e80ad92d691c22bc509b747bb Mon Sep 17 00:00:00 2001 From: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Date: Thu, 6 Mar 2025 18:00:29 -0300 Subject: iio: adc: ad7768-1: Fix conversion result sign The ad7768-1 ADC output code is two's complement, meaning that the voltage conversion result is a signed value.. Since the value is a 24 bit one, stored in a 32 bit variable, the sign should be extended in order to get the correct representation. Also the channel description has been updated to signed representation, to match the ADC specifications. Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") Reviewed-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt(a)analog.com> Signed-off-by: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Signed-off-by: Jonathan Santos <Jonathan.Santos(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/505994d3b71c2aa38ba714d909a68e021f12124c.174126812… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7768-1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index ea829c51e80b..09e7cccfd51c 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -142,7 +142,7 @@ static const struct iio_chan_spec ad7768_channels[] = { .channel = 0, .scan_index = 0, .scan_type = { - .sign = 'u', + .sign = 's', .realbits = 24, .storagebits = 32, .shift = 8, @@ -373,7 +373,7 @@ static int ad7768_read_raw(struct iio_dev *indio_dev, iio_device_release_direct(indio_dev); if (ret < 0) return ret; - *val = ret; + *val = sign_extend32(ret, chan->scan_type.realbits - 1); return IIO_VAL_INT; -- 2.48.1

6 months

1
0
0 0

patch "iio: adc: ad7768-1: Fix conversion result sign" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7768-1: Fix conversion result sign to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 8236644f5ecb180e80ad92d691c22bc509b747bb Mon Sep 17 00:00:00 2001 From: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Date: Thu, 6 Mar 2025 18:00:29 -0300 Subject: iio: adc: ad7768-1: Fix conversion result sign The ad7768-1 ADC output code is two's complement, meaning that the voltage conversion result is a signed value.. Since the value is a 24 bit one, stored in a 32 bit variable, the sign should be extended in order to get the correct representation. Also the channel description has been updated to signed representation, to match the ADC specifications. Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") Reviewed-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Marcelo Schmitt <marcelo.schmitt(a)analog.com> Signed-off-by: Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> Signed-off-by: Jonathan Santos <Jonathan.Santos(a)analog.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/505994d3b71c2aa38ba714d909a68e021f12124c.174126812… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7768-1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c index ea829c51e80b..09e7cccfd51c 100644 --- a/drivers/iio/adc/ad7768-1.c +++ b/drivers/iio/adc/ad7768-1.c @@ -142,7 +142,7 @@ static const struct iio_chan_spec ad7768_channels[] = { .channel = 0, .scan_index = 0, .scan_type = { - .sign = 'u', + .sign = 's', .realbits = 24, .storagebits = 32, .shift = 8, @@ -373,7 +373,7 @@ static int ad7768_read_raw(struct iio_dev *indio_dev, iio_device_release_direct(indio_dev); if (ret < 0) return ret; - *val = ret; + *val = sign_extend32(ret, chan->scan_type.realbits - 1); return IIO_VAL_INT; -- 2.48.1

6 months

1
0
0 0

[PATCH] wifi: mt76: mt7925: fix the incomplete revert

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Since the `Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"` was not completely clean, submit this patch to fully clean it up. Cc: stable(a)vger.kernel.org Fixes: 73915469c55a ("Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO"") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index 1ecba46d770d..1bdc313844c4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -572,10 +572,10 @@ void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb) static int mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif, - struct mt76_wcid *wcid, struct ieee80211_ampdu_params *params, bool enable, bool tx) { + struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv; struct sta_rec_ba_uni *ba; struct sk_buff *skb; struct tlv *tlv; @@ -608,13 +608,12 @@ int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; if (enable && !params->amsdu) msta->deflink.wcid.amsdu = false; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, true); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, true); } int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, @@ -623,10 +622,9 @@ int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev, { struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv; struct mt792x_vif *mvif = msta->vif; - struct mt76_wcid *wcid = &mvif->sta.deflink.wcid; - return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, wcid, - params, enable, false); + return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params, + enable, false); } static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val) -- 2.45.2

6 months

2
1
0 0

[PATCH v3] KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests

by Amit Machhiwal

Currently on book3s-hv, the capability KVM_CAP_SPAPR_TCE_VFIO is only available for KVM Guests running on PowerNV and not for the KVM guests running on pSeries hypervisors. This prevents a pSeries L2 guest from leveraging the in-kernel acceleration for H_PUT_TCE_INDIRECT and H_STUFF_TCE hcalls that results in slow startup times for large memory guests. Support for VFIO on pSeries was restored in commit f431a8cde7f1 ("powerpc/iommu: Reimplement the iommu_table_group_ops for pSeries"), making it possible to re-enable this capability on pSeries hosts. This change enables KVM_CAP_SPAPR_TCE_VFIO for nested PAPR guests on pSeries, while maintaining the existing behavior on PowerNV. Booting an L2 guest with 128GB of memory shows an average 11% improvement in startup time. Fixes: f431a8cde7f1 ("powerpc/iommu: Reimplement the iommu_table_group_ops for pSeries") Cc: stable(a)vger.kernel.org Reviewed-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Signed-off-by: Amit Machhiwal <amachhiw(a)linux.ibm.com> --- Changes since v2: * Updated the patch description * v2: https://lore.kernel.org/all/20250129094033.2265211-1-amachhiw@linux.ibm.com/ Changes since v1: * Addressed review comments from Ritesh * v1: https://lore.kernel.org/all/20250109132053.158436-1-amachhiw@linux.ibm.com/ arch/powerpc/kvm/powerpc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c index ce1d91eed231..a7138eb18d59 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -543,26 +543,23 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = !hv_enabled; break; #ifdef CONFIG_KVM_MPIC case KVM_CAP_IRQ_MPIC: r = 1; break; #endif #ifdef CONFIG_PPC_BOOK3S_64 case KVM_CAP_SPAPR_TCE: + fallthrough; case KVM_CAP_SPAPR_TCE_64: - r = 1; - break; case KVM_CAP_SPAPR_TCE_VFIO: - r = !!cpu_has_feature(CPU_FTR_HVMODE); - break; case KVM_CAP_PPC_RTAS: case KVM_CAP_PPC_FIXUP_HCALL: case KVM_CAP_PPC_ENABLE_HCALL: #ifdef CONFIG_KVM_XICS case KVM_CAP_IRQ_XICS: #endif case KVM_CAP_PPC_GET_CPU_CHAR: r = 1; break; #ifdef CONFIG_KVM_XIVE base-commit: 6537cfb395f352782918d8ee7b7f10ba2cc3cbf2 -- 2.48.1

6 months

2
1
0 0

[PATCH 5.10.y 5.15.y] ptp: Ensure info->enable callback is always set

by Abdelkareem Abdelsaamad

From: Thomas Weißschuh <linux(a)weissschuh.net> commit fd53aa40e65f518453115b6f56183b0c201db26b upstream. The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. Fixes: d94ba80ebbea ("ptp: Added a brand new class driver for ptp clocks.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Acked-by: Richard Cochran <richardcochran(a)gmail.com> Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Link: https://patch.msgid.link/20250123-ptp-enable-v1-1-b015834d3a47@weissschuh.n… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 42704b26b0f1 ("ptp: Add cycles support for virtual clocks") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- drivers/ptp/ptp_clock.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c index 4d775cd8ee3c..c895e26b1f17 100644 --- a/drivers/ptp/ptp_clock.c +++ b/drivers/ptp/ptp_clock.c @@ -188,6 +188,11 @@ static void ptp_clock_release(struct device *dev) kfree(ptp); } +static int ptp_enable(struct ptp_clock_info *ptp, struct ptp_clock_request *request, int on) +{ + return -EOPNOTSUPP; +} + static void ptp_aux_kworker(struct kthread_work *work) { struct ptp_clock *ptp = container_of(work, struct ptp_clock, @@ -233,6 +238,9 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, mutex_init(&ptp->pincfg_mux); init_waitqueue_head(&ptp->tsev_wq); + if (!ptp->info->enable) + ptp->info->enable = ptp_enable; + if (ptp->info->do_aux_work) { kthread_init_delayed_work(&ptp->aux_work, ptp_aux_kworker); ptp->kworker = kthread_create_worker(0, "ptp%d", ptp->index); -- 2.47.1

6 months

2
1
0 0

[PATCH 6.6.y 0/2] wifi: rtw89: RTL8852BE: Fix the shutdown issue

by Zenm Chen

This patch series addresses a shutdown issue reported in [1]. This problem has been fixed on kernel 6.12 and later, kernel 6.6 is the last kernel these upstream patches should go to because the Realtek RTL8852BE chip supported by kernel since v6.2 is the only chip known to have this problem. [1] https://github.com/lwfinger/rtw89/issues/372 Zenm Chen (2): wifi: rtw89: pci: add pre_deinit to be called after probe complete wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit drivers/net/wireless/realtek/rtw89/core.c | 2 ++ drivers/net/wireless/realtek/rtw89/core.h | 6 ++++++ drivers/net/wireless/realtek/rtw89/pci.c | 10 ++++++++++ 3 files changed, 18 insertions(+) -- 2.48.1

6 months

3
6
0 0

[PATCH v4 0/7] drm/v3d: Fix GPU reset issues on the Raspberry Pi 5

by Maíra Canal

This series addresses GPU reset issues reported in [1], where running a long compute job would trigger repeated GPU resets, leading to a UI freeze. Patches #1 and #2 prevent the same faulty job from being resubmitted in a loop, mitigating the first cause of the issue. However, the issue isn't entirely solved. Even with only a single GPU reset, the UI still freezes on the Raspberry Pi 5, indicating a GPU hang. Patches #3 to #6 address this by properly configuring the V3D_SMS registers, which are required for power management and resets in V3D 7.1. Patch #7 updates the DT maintainership, replacing Emma with the current v3d driver maintainer. [1] https://github.com/raspberrypi/linux/issues/6660 Best Regards, - Maíra --- v1 -> v2: - [1/6, 2/6, 5/6] Add Iago's R-b (Iago Toral) - [3/6] Use V3D_GEN_* macros consistently throughout the driver (Phil Elwell) - [3/6] Don't add Iago's R-b in 3/6 due to changes in the patch - [4/6] Add per-compatible restrictions to enforce per‐SoC register rules (Conor Dooley) - [6/6] Add Emma's A-b, collected through IRC (Emma Anholt) - [6/6] Add Rob's A-b (Rob Herring) - Link to v1: https://lore.kernel.org/r/20250226-v3d-gpu-reset-fixes-v1-0-83a969fdd9c1@ig… v2 -> v3: - [3/7] Add Iago's R-b (Iago Toral) - [4/7, 5/7] Separate the patches to ease the reviewing process -> Now, PATCH 4/7 only adds the per-compatible rules and PATCH 5/7 adds the SMS registers - [4/7] `allOf` goes above `additionalProperties` (Krzysztof Kozlowski) - [4/7, 5/7] Sync `reg` and `reg-names` items (Krzysztof Kozlowski) - Link to v2: https://lore.kernel.org/r/20250308-v3d-gpu-reset-fixes-v2-0-2939c30f0cc4@ig… v3 -> v4: - [4/7] BCM2712 has an external reset controller, therefore the "bridge" register is not needed (Krzysztof Kozlowski) - [4/7] Remove the word "required" from the reg descriptions (Rob Herring) - [5/7] Improve commit message (Rob Herring) - Link to v3: https://lore.kernel.org/r/20250311-v3d-gpu-reset-fixes-v3-0-64f7a4247ec0@ig… --- Maíra Canal (7): drm/v3d: Don't run jobs that have errors flagged in its fence drm/v3d: Set job pointer to NULL when the job's fence has an error drm/v3d: Associate a V3D tech revision to all supported devices dt-bindings: gpu: v3d: Add per-compatible register restrictions dt-bindings: gpu: v3d: Add SMS register to BCM2712 compatible drm/v3d: Use V3D_SMS registers for power on/off and reset on V3D 7.x dt-bindings: gpu: Add V3D driver maintainer as DT maintainer .../devicetree/bindings/gpu/brcm,bcm-v3d.yaml | 77 ++++++++++--- drivers/gpu/drm/v3d/v3d_debugfs.c | 126 ++++++++++----------- drivers/gpu/drm/v3d/v3d_drv.c | 62 +++++++++- drivers/gpu/drm/v3d/v3d_drv.h | 22 +++- drivers/gpu/drm/v3d/v3d_gem.c | 27 ++++- drivers/gpu/drm/v3d/v3d_irq.c | 6 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 4 +- drivers/gpu/drm/v3d/v3d_regs.h | 26 +++++ drivers/gpu/drm/v3d/v3d_sched.c | 29 ++++- 9 files changed, 279 insertions(+), 100 deletions(-) --- base-commit: 10646ddac2917b31c985ceff0e4982c42a9c924b change-id: 20250224-v3d-gpu-reset-fixes-2d21fc70711d

6 months

1
2
0 0

Re: [PATCH 5.10 458/462] btrfs: bring back the incorrectly removed extent buffer lock recursion support

by pk

Hi all. I confirm that the patch fixes the issue for me. Thank you very much.

6 months

1
0
0 0

[PATCH] udf: Fix inode_getblk() return value

by Jan Kara

Smatch noticed that inode_getblk() can return 1 on successful mapping of a block instead of expected 0 after commit b405c1e58b73 ("udf: refactor udf_next_aext() to handle error"). This could confuse some of the callers and lead to strange failures (although the one reported by Smatch in udf_mkdir() is impossible to trigger in practice). Fix the return value of inode_getblk(). Link: https://lore.kernel.org/all/cb514af7-bbe0-435b-934f-dd1d7a16d2cd@stanley.mo… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Fixes: b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/inode.c | 1 + 1 file changed, 1 insertion(+) I plan to merge this patch through my tree. diff --git a/fs/udf/inode.c b/fs/udf/inode.c index 70c907fe8af9..4386dd845e40 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -810,6 +810,7 @@ static int inode_getblk(struct inode *inode, struct udf_map_rq *map) } map->oflags = UDF_BLK_MAPPED; map->pblk = udf_get_lb_pblock(inode->i_sb, &eloc, offset); + ret = 0; goto out_free; } -- 2.43.0

6 months

2
2
0 0

[PATCH 5.10.y 5.15.y] ipv6: Fix signed integer overflow in __ip6_append_data

by Abdelkareem Abdelsaamad

From: Wang Yufen <wangyufen(a)huawei.com> [ Upstream commit f93431c86b631bbca5614c66f966bf3ddb3c2803 ] Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type to size_t. UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:1489:19 2147479552 + 8567 cannot be represented in type 'int' CPU: 0 PID: 253 Comm: err Not tainted 5.16.0+ #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x214/0x230 show_stack+0x30/0x78 dump_stack_lvl+0xf8/0x118 dump_stack+0x18/0x30 ubsan_epilogue+0x18/0x60 handle_overflow+0xd0/0xf0 __ubsan_handle_add_overflow+0x34/0x44 __ip6_append_data.isra.48+0x1598/0x1688 ip6_append_data+0x128/0x260 udpv6_sendmsg+0x680/0xdd0 inet6_sendmsg+0x54/0x90 sock_sendmsg+0x70/0x88 ____sys_sendmsg+0xe8/0x368 ___sys_sendmsg+0x98/0xe0 __sys_sendmmsg+0xf4/0x3b8 __arm64_sys_sendmmsg+0x34/0x48 invoke_syscall+0x64/0x160 el0_svc_common.constprop.4+0x124/0x300 do_el0_svc+0x44/0xc8 el0_svc+0x3c/0x1e8 el0t_64_sync_handler+0x88/0xb0 el0t_64_sync+0x16c/0x170 Changes since v1: -Change the variable [length] type to unsigned, as Eric Dumazet suggested. Changes since v2: -Don't change exthdrlen type in ip6_make_skb, as Paolo Abeni suggested. Changes since v3: -Don't change ulen type in udpv6_sendmsg and l2tp_ip6_sendmsg, as Jakub Kicinski suggested. Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Wang Yufen <wangyufen(a)huawei.com> Link: https://lore.kernel.org/r/20220607120028.845916-1-wangyufen@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Conflict due to f37a4cc6bb0b ("udp6: pass flow in ip6_make_skb together with cork") not in the tree ] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- include/net/ipv6.h | 4 ++-- net/ipv6/ip6_output.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 47d644de0e47..2909233427de 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -991,7 +991,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr); int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags); @@ -1007,7 +1007,7 @@ struct sk_buff *__ip6_make_skb(struct sock *sk, struct sk_buff_head *queue, struct sk_buff *ip6_make_skb(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags, struct inet_cork_full *cork); diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4da3238836b7..d0f69026b689 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1448,7 +1448,7 @@ static int __ip6_append_data(struct sock *sk, struct page_frag *pfrag, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, unsigned int flags, struct ipcm6_cookie *ipc6) { struct sk_buff *skb, *skb_prev = NULL; @@ -1794,7 +1794,7 @@ static int __ip6_append_data(struct sock *sk, int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags) { @@ -1988,7 +1988,7 @@ EXPORT_SYMBOL_GPL(ip6_flush_pending_frames); struct sk_buff *ip6_make_skb(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), - void *from, int length, int transhdrlen, + void *from, size_t length, int transhdrlen, struct ipcm6_cookie *ipc6, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags, struct inet_cork_full *cork) -- 2.47.1

6 months

2
1
0 0

[PATCH 5.10.y 5.15.y] printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX

by Abdelkareem Abdelsaamad

From: Kuan-Wei Chiu <visitorckw(a)gmail.com> [ Upstream commit 3d6f83df8ff2d5de84b50377e4f0d45e25311c7a ] Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Acked-by: Petr Mladek <pmladek(a)suse.com> Link: https://lore.kernel.org/r/20240928113608.1438087-1-visitorckw@gmail.com Signed-off-by: Petr Mladek <pmladek(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit 9a6d43844de2479a3ff8d674c3e2a16172e01598) Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index a8af93cbc293..3a7fd61c0e7b 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -420,7 +420,7 @@ static u64 clear_seq; /* record buffer */ #define LOG_ALIGN __alignof__(unsigned long) #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) -#define LOG_BUF_LEN_MAX (u32)(1 << 31) +#define LOG_BUF_LEN_MAX ((u32)1 << 31) static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN); static char *log_buf = __log_buf; static u32 log_buf_len = __LOG_BUF_LEN; -- 2.47.1

6 months

2
1
0 0

[PATCH v4 4/6] misc: pci_endpoint_test: Fix irq_type to convey the correct type

by Kunihiko Hayashi

There are two variables that indicate the interrupt type to be used in the next test execution, "irq_type" as global and test->irq_type. The global is referenced from pci_endpoint_test_get_irq() to preserve the current type for ioctl(PCITEST_GET_IRQTYPE). The type set in this function isn't reflected in the global "irq_type", so ioctl(PCITEST_GET_IRQTYPE) returns the previous type. As a result, the wrong type is displayed in old "pcitest" as follows: # pcitest -i 0 SET IRQ TYPE TO LEGACY: OKAY # pcitest -I GET IRQ TYPE: MSI And new "pcitest" in kselftest results in an error as follows: # RUN pci_ep_basic.LEGACY_IRQ_TEST ... # pci_endpoint_test.c:104:LEGACY_IRQ_TEST:Expected 0 (0) == ret (1) # pci_endpoint_test.c:104:LEGACY_IRQ_TEST:Can't get Legacy IRQ type Fix this issue by propagating the current type to the global "irq_type". Cc: stable(a)vger.kernel.org Fixes: b2ba9225e031 ("misc: pci_endpoint_test: Avoid using module parameter to determine irqtype") Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> --- drivers/misc/pci_endpoint_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c index acf3d8dab131..896392c428de 100644 --- a/drivers/misc/pci_endpoint_test.c +++ b/drivers/misc/pci_endpoint_test.c @@ -833,6 +833,7 @@ static int pci_endpoint_test_set_irq(struct pci_endpoint_test *test, return ret; } + irq_type = test->irq_type; return 0; } -- 2.25.1

6 months

2
1
0 0

[PATCH 5/5] batman-adv: Ignore own maximum aggregation size during RX

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> An OGMv1 and OGMv2 packet receive processing were not only limited by the number of bytes in the received packet but also by the nodes maximum aggregation packet size limit. But this limit is relevant for TX and not for RX. It must not be enforced by batadv_(i)v_ogm_aggr_packet to avoid loss of information in case of a different limit for sender and receiver. This has a minor side effect for B.A.T.M.A.N. IV because the batadv_iv_ogm_aggr_packet is also used for the preprocessing for the TX. But since the aggregation code itself will not allow more than BATADV_MAX_AGGREGATION_BYTES bytes, this check was never triggering (in this context) prior of removing it. Cc: stable(a)vger.kernel.org Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_iv_ogm.c | 3 +-- net/batman-adv/bat_v_ogm.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index 07ae5dd1f150..b12645949ae5 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -325,8 +325,7 @@ batadv_iv_ogm_aggr_packet(int buff_pos, int packet_len, /* check if there is enough space for the optional TVLV */ next_buff_pos += ntohs(ogm_packet->tvlv_len); - return (next_buff_pos <= packet_len) && - (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES); + return next_buff_pos <= packet_len; } /* send a batman ogm to a given interface */ diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index e503ee0d896b..8f89ffe6020c 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -839,8 +839,7 @@ batadv_v_ogm_aggr_packet(int buff_pos, int packet_len, /* check if there is enough space for the optional TVLV */ next_buff_pos += ntohs(ogm2_packet->tvlv_len); - return (next_buff_pos <= packet_len) && - (next_buff_pos <= BATADV_MAX_AGGREGATION_BYTES); + return next_buff_pos <= packet_len; } /** -- 2.39.5

6 months

1
0
0 0

[PATCH 4/5] batman-adv: Fix incorrect offset in batadv_tt_tvlv_ogm_handler_v1()

by Simon Wunderlich

From: Remi Pommarel <repk(a)triplefau.lt> Since commit 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data"), the introduction of batadv_tvlv_tt_data's flex array member in batadv_tt_tvlv_ogm_handler_v1() put tt_changes at invalid offset. Those TT changes are supposed to be filled from the end of batadv_tvlv_tt_data structure (including vlan_data flexible array), but only the flex array size is taken into account missing completely the size of the fixed part of the structure itself. Fix the tt_change offset computation by using struct_size() instead of flex_array_size() so both flex array member and its container structure sizes are taken into account. Cc: stable(a)vger.kernel.org Fixes: 4436df478860 ("batman-adv: Add flex array to struct batadv_tvlv_tt_data") Signed-off-by: Remi Pommarel <repk(a)triplefau.lt> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/translation-table.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 760d51fdbdf6..7d5de4cbb814 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -3959,23 +3959,21 @@ static void batadv_tt_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, struct batadv_tvlv_tt_change *tt_change; struct batadv_tvlv_tt_data *tt_data; u16 num_entries, num_vlan; - size_t flex_size; + size_t tt_data_sz; if (tvlv_value_len < sizeof(*tt_data)) return; tt_data = tvlv_value; - tvlv_value_len -= sizeof(*tt_data); - num_vlan = ntohs(tt_data->num_vlan); - flex_size = flex_array_size(tt_data, vlan_data, num_vlan); - if (tvlv_value_len < flex_size) + tt_data_sz = struct_size(tt_data, vlan_data, num_vlan); + if (tvlv_value_len < tt_data_sz) return; tt_change = (struct batadv_tvlv_tt_change *)((void *)tt_data - + flex_size); - tvlv_value_len -= flex_size; + + tt_data_sz); + tvlv_value_len -= tt_data_sz; num_entries = batadv_tt_entries(tvlv_value_len); -- 2.39.5

6 months

1
0
0 0

[PATCH 3/5] batman-adv: Drop unmanaged ELP metric worker

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v.c | 2 -- net/batman-adv/bat_v_elp.c | 71 ++++++++++++++++++++++++++------------ net/batman-adv/bat_v_elp.h | 2 -- net/batman-adv/types.h | 3 -- 4 files changed, 48 insertions(+), 30 deletions(-) diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c index ac11f1f08db0..d35479c465e2 100644 --- a/net/batman-adv/bat_v.c +++ b/net/batman-adv/bat_v.c @@ -113,8 +113,6 @@ static void batadv_v_hardif_neigh_init(struct batadv_hardif_neigh_node *hardif_neigh) { ewma_throughput_init(&hardif_neigh->bat_v.throughput); - INIT_WORK(&hardif_neigh->bat_v.metric_work, - batadv_v_elp_throughput_metric_update); } /** diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 65e52de52bcd..b065578b4436 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -18,6 +18,7 @@ #include <linux/if_ether.h> #include <linux/jiffies.h> #include <linux/kref.h> +#include <linux/list.h> #include <linux/minmax.h> #include <linux/netdevice.h> #include <linux/nl80211.h> @@ -26,6 +27,7 @@ #include <linux/rcupdate.h> #include <linux/rtnetlink.h> #include <linux/skbuff.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/string.h> #include <linux/types.h> @@ -41,6 +43,18 @@ #include "routing.h" #include "send.h" +/** + * struct batadv_v_metric_queue_entry - list of hardif neighbors which require + * and metric update + */ +struct batadv_v_metric_queue_entry { + /** @hardif_neigh: hardif neighbor scheduled for metric update */ + struct batadv_hardif_neigh_node *hardif_neigh; + + /** @list: list node for metric_queue */ + struct list_head list; +}; + /** * batadv_v_elp_start_timer() - restart timer for ELP periodic work * @hard_iface: the interface for which the timer has to be reset @@ -137,10 +151,17 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, goto default_throughput; } + /* only use rtnl_trylock because the elp worker will be cancelled while + * the rntl_lock is held. the cancel_delayed_work_sync() would otherwise + * wait forever when the elp work_item was started and it is then also + * trying to rtnl_lock + */ + if (!rtnl_trylock()) + return false; + /* if not a wifi interface, check if this device provides data via * ethtool (e.g. an Ethernet adapter) */ - rtnl_lock(); ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings); rtnl_unlock(); if (ret == 0) { @@ -175,31 +196,19 @@ static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, /** * batadv_v_elp_throughput_metric_update() - worker updating the throughput * metric of a single hop neighbour - * @work: the work queue item + * @neigh: the neighbour to probe */ -void batadv_v_elp_throughput_metric_update(struct work_struct *work) +static void +batadv_v_elp_throughput_metric_update(struct batadv_hardif_neigh_node *neigh) { - struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; - struct batadv_hardif_neigh_node *neigh; u32 throughput; bool valid; - neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, - metric_work); - neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, - bat_v); - valid = batadv_v_elp_get_throughput(neigh, &throughput); if (!valid) - goto put_neigh; + return; ewma_throughput_add(&neigh->bat_v.throughput, throughput); - -put_neigh: - /* decrement refcounter to balance increment performed before scheduling - * this task - */ - batadv_hardif_neigh_put(neigh); } /** @@ -273,14 +282,16 @@ batadv_v_elp_wifi_neigh_probe(struct batadv_hardif_neigh_node *neigh) */ static void batadv_v_elp_periodic_work(struct work_struct *work) { + struct batadv_v_metric_queue_entry *metric_entry; + struct batadv_v_metric_queue_entry *metric_safe; struct batadv_hardif_neigh_node *hardif_neigh; struct batadv_hard_iface *hard_iface; struct batadv_hard_iface_bat_v *bat_v; struct batadv_elp_packet *elp_packet; + struct list_head metric_queue; struct batadv_priv *bat_priv; struct sk_buff *skb; u32 elp_interval; - bool ret; bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work); hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v); @@ -316,6 +327,8 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) atomic_inc(&hard_iface->bat_v.elp_seqno); + INIT_LIST_HEAD(&metric_queue); + /* The throughput metric is updated on each sent packet. This way, if a * node is dead and no longer sends packets, batman-adv is still able to * react timely to its death. @@ -340,16 +353,28 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) /* Reading the estimated throughput from cfg80211 is a task that * may sleep and that is not allowed in an rcu protected - * context. Therefore schedule a task for that. + * context. Therefore add it to metric_queue and process it + * outside rcu protected context. */ - ret = queue_work(batadv_event_workqueue, - &hardif_neigh->bat_v.metric_work); - - if (!ret) + metric_entry = kzalloc(sizeof(*metric_entry), GFP_ATOMIC); + if (!metric_entry) { batadv_hardif_neigh_put(hardif_neigh); + continue; + } + + metric_entry->hardif_neigh = hardif_neigh; + list_add(&metric_entry->list, &metric_queue); } rcu_read_unlock(); + list_for_each_entry_safe(metric_entry, metric_safe, &metric_queue, list) { + batadv_v_elp_throughput_metric_update(metric_entry->hardif_neigh); + + batadv_hardif_neigh_put(metric_entry->hardif_neigh); + list_del(&metric_entry->list); + kfree(metric_entry); + } + restart_timer: batadv_v_elp_start_timer(hard_iface); out: diff --git a/net/batman-adv/bat_v_elp.h b/net/batman-adv/bat_v_elp.h index 9e2740195fa2..c9cb0a307100 100644 --- a/net/batman-adv/bat_v_elp.h +++ b/net/batman-adv/bat_v_elp.h @@ -10,7 +10,6 @@ #include "main.h" #include <linux/skbuff.h> -#include <linux/workqueue.h> int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface); void batadv_v_elp_iface_disable(struct batadv_hard_iface *hard_iface); @@ -19,6 +18,5 @@ void batadv_v_elp_iface_activate(struct batadv_hard_iface *primary_iface, void batadv_v_elp_primary_iface_set(struct batadv_hard_iface *primary_iface); int batadv_v_elp_packet_recv(struct sk_buff *skb, struct batadv_hard_iface *if_incoming); -void batadv_v_elp_throughput_metric_update(struct work_struct *work); #endif /* _NET_BATMAN_ADV_BAT_V_ELP_H_ */ diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 04f6398b3a40..85a50096f5b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -596,9 +596,6 @@ struct batadv_hardif_neigh_node_bat_v { * neighbor */ unsigned long last_unicast_tx; - - /** @metric_work: work queue callback item for metric update */ - struct work_struct metric_work; }; /** -- 2.39.5

6 months

1
0
0 0

[PATCH 2/5] batman-adv: Ignore neighbor throughput metrics in error case

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> If a temporary error happened in the evaluation of the neighbor throughput information, then the invalid throughput result should not be stored in the throughtput EWMA. Cc: stable(a)vger.kernel.org Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v_elp.c | 50 ++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index fbf499bcc671..65e52de52bcd 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -59,11 +59,13 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface) /** * batadv_v_elp_get_throughput() - get the throughput towards a neighbour * @neigh: the neighbour for which the throughput has to be obtained + * @pthroughput: calculated throughput towards the given neighbour in multiples + * of 100kpbs (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc). * - * Return: The throughput towards the given neighbour in multiples of 100kpbs - * (a value of '1' equals 0.1Mbps, '10' equals 1Mbps, etc). + * Return: true when value behind @pthroughput was set */ -static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) +static bool batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh, + u32 *pthroughput) { struct batadv_hard_iface *hard_iface = neigh->if_incoming; struct net_device *soft_iface = hard_iface->soft_iface; @@ -77,14 +79,16 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) * batman-adv interface */ if (!soft_iface) - return BATADV_THROUGHPUT_DEFAULT_VALUE; + return false; /* if the user specified a customised value for this interface, then * return it directly */ throughput = atomic_read(&hard_iface->bat_v.throughput_override); - if (throughput != 0) - return throughput; + if (throughput != 0) { + *pthroughput = throughput; + return true; + } /* if this is a wireless device, then ask its throughput through * cfg80211 API @@ -111,19 +115,24 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) * possible to delete this neighbor. For now set * the throughput metric to 0. */ - return 0; + *pthroughput = 0; + return true; } if (ret) goto default_throughput; - if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) - return sinfo.expected_throughput / 100; + if (sinfo.filled & BIT(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) { + *pthroughput = sinfo.expected_throughput / 100; + return true; + } /* try to estimate the expected throughput based on reported tx * rates */ - if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) - return cfg80211_calculate_bitrate(&sinfo.txrate) / 3; + if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) { + *pthroughput = cfg80211_calculate_bitrate(&sinfo.txrate) / 3; + return true; + } goto default_throughput; } @@ -142,8 +151,10 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) hard_iface->bat_v.flags &= ~BATADV_FULL_DUPLEX; throughput = link_settings.base.speed; - if (throughput && throughput != SPEED_UNKNOWN) - return throughput * 10; + if (throughput && throughput != SPEED_UNKNOWN) { + *pthroughput = throughput * 10; + return true; + } } default_throughput: @@ -157,7 +168,8 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) } /* if none of the above cases apply, return the base_throughput */ - return BATADV_THROUGHPUT_DEFAULT_VALUE; + *pthroughput = BATADV_THROUGHPUT_DEFAULT_VALUE; + return true; } /** @@ -169,15 +181,21 @@ void batadv_v_elp_throughput_metric_update(struct work_struct *work) { struct batadv_hardif_neigh_node_bat_v *neigh_bat_v; struct batadv_hardif_neigh_node *neigh; + u32 throughput; + bool valid; neigh_bat_v = container_of(work, struct batadv_hardif_neigh_node_bat_v, metric_work); neigh = container_of(neigh_bat_v, struct batadv_hardif_neigh_node, bat_v); - ewma_throughput_add(&neigh->bat_v.throughput, - batadv_v_elp_get_throughput(neigh)); + valid = batadv_v_elp_get_throughput(neigh, &throughput); + if (!valid) + goto put_neigh; + + ewma_throughput_add(&neigh->bat_v.throughput, throughput); +put_neigh: /* decrement refcounter to balance increment performed before scheduling * this task */ -- 2.39.5

6 months

1
0
0 0

[PATCH 1/5] batman-adv: fix panic during interface removal

by Simon Wunderlich

From: Andy Strohman <andrew(a)andrewstrohman.com> Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft interface up until the work is finished. This fixes a crash triggered by reboot that looks like this: Call trace: batadv_v_mesh_free+0xd0/0x4dc [batman_adv] batadv_v_elp_throughput_metric_update+0x1c/0xa4 process_one_work+0x178/0x398 worker_thread+0x2e8/0x4d0 kthread+0xd8/0xdc ret_from_fork+0x10/0x20 (the batadv_v_mesh_free call is misleading, and does not actually happen) I was able to make the issue happen more reliably by changing hardif_neigh->bat_v.metric_work work to be delayed work. This allowed me to track down and confirm the fix. Cc: stable(a)vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Andy Strohman <andrew(a)andrewstrohman.com> [sven(a)narfation.org: prevent entering batadv_v_elp_get_throughput without soft_iface] Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/bat_v_elp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c index 1d704574e6bf..fbf499bcc671 100644 --- a/net/batman-adv/bat_v_elp.c +++ b/net/batman-adv/bat_v_elp.c @@ -66,12 +66,19 @@ static void batadv_v_elp_start_timer(struct batadv_hard_iface *hard_iface) static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) { struct batadv_hard_iface *hard_iface = neigh->if_incoming; + struct net_device *soft_iface = hard_iface->soft_iface; struct ethtool_link_ksettings link_settings; struct net_device *real_netdev; struct station_info sinfo; u32 throughput; int ret; + /* don't query throughput when no longer associated with any + * batman-adv interface + */ + if (!soft_iface) + return BATADV_THROUGHPUT_DEFAULT_VALUE; + /* if the user specified a customised value for this interface, then * return it directly */ @@ -141,7 +148,7 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh) default_throughput: if (!(hard_iface->bat_v.flags & BATADV_WARNING_DEFAULT)) { - batadv_info(hard_iface->soft_iface, + batadv_info(soft_iface, "WiFi driver or ethtool info does not provide information about link speeds on interface %s, therefore defaulting to hardcoded throughput values of %u.%1u Mbps. Consider overriding the throughput manually or checking your driver.\n", hard_iface->net_dev->name, BATADV_THROUGHPUT_DEFAULT_VALUE / 10, -- 2.39.5

6 months

1
0
0 0

[PATCH stable 6.6] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..9db35305f257 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

6 months

4
5
0 0

FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030948-playhouse-strongman-c9c3@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan <surenb(a)google.com> Date: Wed, 26 Feb 2025 10:55:09 -0800 Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index f5c6b3454f76..d06453fa8aba 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; put_swap_device(si); si = NULL;

6 months

3
2
0 0

FAILED: patch "[PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 927e926d72d9155fde3264459fe9bfd7b5e40d28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030947-disloyal-bust-0d23@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 927e926d72d9155fde3264459fe9bfd7b5e40d28 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan <surenb(a)google.com> Date: Wed, 26 Feb 2025 10:55:09 -0800 Subject: [PATCH] userfaultfd: fix PTE unmapping stack-allocated PTE copies Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index f5c6b3454f76..d06453fa8aba 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; put_swap_device(si); si = NULL;

6 months

3
2
0 0

Re: [PATCH] drm/ttm/tests: fix potential null pointer dereference in ttm_bo_unreserve_bulk()

by Qasim Ijaz

On Thu, Mar 13, 2025 at 03:20:34PM +0100, Christian König wrote: > Am 11.03.25 um 20:01 schrieb Qasim Ijaz: > > In the ttm_bo_unreserve_bulk() test function, resv is allocated > > using kunit_kzalloc(), but the subsequent assertion mistakenly > > verifies the ttm_dev pointer instead of checking the resv pointer. > > This mistake means that if allocation for resv fails, the error will > > go undetected, resv will be NULL and a call to dma_resv_init(resv) > > The description here is correct, but the subject line is a bit misleading. > > Please use something like this instead "drm/ttm/tests: incorrect assert in ttm_bo_unreserve_bulk()". > > > will dereference a NULL pointer. > > That irrelevant, an allocation failure will result in a NULL pointer deref anyway. This is just an unit test. > > > > > Fix the assertion to properly verify the resv pointer. > > > > Fixes: 588c4c8d58c4 ("drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk") > > Cc: stable(a)vger.kernel.org > > Please drop those tags. This is just an unit test, not relevant for stability and therefore shouldn't be backported. > > Regards, > Christian. > Thank you for the feedback Christian, I will resend a new patch with the changes you described. Thanks, Qasim. > > Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> > > --- > > drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > index f8f20d2f6174..e08e5a138420 100644 > > --- a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > +++ b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c > > @@ -340,7 +340,7 @@ static void ttm_bo_unreserve_bulk(struct kunit *test) > > KUNIT_ASSERT_NOT_NULL(test, ttm_dev); > > > > resv = kunit_kzalloc(test, sizeof(*resv), GFP_KERNEL); > > - KUNIT_ASSERT_NOT_NULL(test, ttm_dev); > > + KUNIT_ASSERT_NOT_NULL(test, resv); > > > > err = ttm_device_kunit_init(priv, ttm_dev, false, false); > > KUNIT_ASSERT_EQ(test, err, 0); >

6 months

1
0
0 0

[PATCH 5.4,4.10 1/2] perf cs-etm: Add missing variable in cs_etm__process_queues()

by Ben Hutchings

Commit 5afd032961e8 "perf cs-etm: Don't flush when packet_queue fills up" uses i as a loop counter in cs_etm__process_queues(). It was backported to the 5.4 and 5.10 stable branches, but the i variable doesn't exist there as it was only added in 5.15. Declare i with the expected type. Fixes: 1ed167325c32 ("perf cs-etm: Don't flush when packet_queue fills up") Fixes: 26db806fa23e ("perf cs-etm: Don't flush when packet_queue fills up") Signed-off-by: Ben Hutchings <benh(a)debian.org> --- tools/perf/util/cs-etm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c index e3fa32b83367..2055d582a8a4 100644 --- a/tools/perf/util/cs-etm.c +++ b/tools/perf/util/cs-etm.c @@ -2171,7 +2171,7 @@ static int cs_etm__process_timeless_queues(struct cs_etm_auxtrace *etm, static int cs_etm__process_queues(struct cs_etm_auxtrace *etm) { int ret = 0; - unsigned int cs_queue_nr, queue_nr; + unsigned int cs_queue_nr, queue_nr, i; u8 trace_chan_id; u64 timestamp; struct auxtrace_queue *queue;

6 months

3
7
0 0

[PATCH] drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini()

by Wentao Liang

In gfx_v12_0_cp_gfx_load_me_microcode_rs64(), gfx_v12_0_pfp_fini() is incorrectly used to free 'me' field of 'gfx', since gfx_v12_0_pfp_fini() can only release 'pfp' field of 'gfx'. The release function of 'me' field should be gfx_v12_0_me_fini(). Fixes: 52cb80c12e8a ("drm/amdgpu: Add gfx v12_0 ip block support (v6)") Cc: stable(a)vger.kernel.org # 6.11+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c index da327ab48a57..02bc2eddf0c0 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c @@ -2413,7 +2413,7 @@ static int gfx_v12_0_cp_gfx_load_me_microcode_rs64(struct amdgpu_device *adev) (void **)&adev->gfx.me.me_fw_data_ptr); if (r) { dev_err(adev->dev, "(%d) failed to create me data bo\n", r); - gfx_v12_0_pfp_fini(adev); + gfx_v12_0_me_fini(adev); return r; } -- 2.42.0.windows.2

6 months

3
2
0 0

[PATCH] drm/amd/display: avoid NPD when ASIC does not support DMUB

by Thadeu Lima de Souza Cascardo

ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 37.447808] #PF: supervisor read access in kernel mode [ 37.452959] #PF: error_code(0x0000) - not-present page [ 37.458112] PGD 0 P4D 0 [ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88 [ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.572697] Call Trace: [ 37.575152] <TASK> [ 37.577258] ? __die_body+0x66/0xb0 [ 37.580756] ? page_fault_oops+0x3e7/0x4a0 [ 37.584861] ? exc_page_fault+0x3e/0xe0 [ 37.588706] ? exc_page_fault+0x5c/0xe0 [ 37.592550] ? asm_exc_page_fault+0x22/0x30 [ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.601107] dcn10_cursor_lock+0x1e1/0x240 [ 37.605211] program_cursor_attributes+0x81/0x190 [ 37.609923] commit_planes_for_stream+0x998/0x1ef0 [ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0 [ 37.619703] dc_update_planes_and_stream+0x78/0x140 [ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0 [ 37.629832] ? srso_return_thunk+0x5/0x5f [ 37.633847] ? mark_held_locks+0x6d/0xd0 [ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.642135] ? srso_return_thunk+0x5/0x5f [ 37.646148] ? lockdep_hardirqs_on+0x95/0x150 [ 37.650510] ? srso_return_thunk+0x5/0x5f [ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50 [ 37.658883] ? srso_return_thunk+0x5/0x5f [ 37.662897] ? wait_for_common+0x186/0x1c0 [ 37.666998] ? srso_return_thunk+0x5/0x5f [ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170 [ 37.675983] commit_tail+0xf5/0x1c0 [ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0 [ 37.684186] drm_atomic_commit+0xd6/0x100 [ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10 [ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130 [ 37.698054] drm_mode_cursor_common+0x501/0x670 [ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.707572] drm_mode_cursor_ioctl+0x48/0x70 [ 37.711851] drm_ioctl_kernel+0xf2/0x150 [ 37.715781] drm_ioctl+0x363/0x590 [ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.724165] amdgpu_drm_ioctl+0x41/0x80 [ 37.728013] __se_sys_ioctl+0x7f/0xd0 [ 37.731685] do_syscall_64+0x87/0x100 [ 37.735355] ? vma_end_read+0x12/0xe0 [ 37.739024] ? srso_return_thunk+0x5/0x5f [ 37.743041] ? find_held_lock+0x47/0xf0 [ 37.746884] ? vma_end_read+0x12/0xe0 [ 37.750552] ? srso_return_thunk+0x5/0x5f [ 37.754565] ? lock_release+0x1c4/0x2e0 [ 37.758406] ? vma_end_read+0x12/0xe0 [ 37.762079] ? exc_page_fault+0x84/0xe0 [ 37.765921] ? srso_return_thunk+0x5/0x5f [ 37.769938] ? lockdep_hardirqs_on+0x95/0x150 [ 37.774303] ? srso_return_thunk+0x5/0x5f [ 37.778317] ? exc_page_fault+0x84/0xe0 [ 37.782163] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 37.787218] RIP: 0033:0x784aa5ec3059 [ 37.790803] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1d 48 8b 45 c8 64 48 2b 04 25 28 00 0 [ 37.809553] RSP: 002b:0000784a9cdf90e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.817121] RAX: ffffffffffffffda RBX: 0000784a9cdf917c RCX: 0000784aa5ec3059 [ 37.824256] RDX: 0000784a9cdf917c RSI: 00000000c01c64a3 RDI: 0000000000000020 [ 37.831391] RBP: 0000784a9cdf9130 R08: 0000000000000100 R09: 0000000000ff0000 [ 37.838525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000025c01606ed0 [ 37.845657] R13: 0000025c00030200 R14: 00000000c01c64a3 R15: 0000000000000020 [ 37.852799] </TASK> [ 37.854992] Modules linked in: [ 37.864546] gsmi: Log Shutdown Reason 0x03 [ 37.868656] CR2: 0000000000000058 [ 37.871979] ---[ end trace 0000000000000000 ]--- [ 37.880976] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.885954] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.904703] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.909933] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.917068] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.924201] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.931336] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.938469] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.945602] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.953689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.959435] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.966570] Kernel panic - not syncing: Fatal exception [ 37.971901] Kernel Offset: 0x30200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 37.982840] gsmi: Log Shutdown Reason 0x02 Fixes: b5c764d6ed55 ("drm/amd/display: Use HW lock mgr for PSR1") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org Cc: Sun peng Li <sunpeng.li(a)amd.com> Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Daniel Wheeler <daniel.wheeler(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c index 5bb8b78bf250a0e56c3e99ce7c99ed7f70c8f0f6..eef817a4c580aca2ebc7fb1b77cfc0377d477bdc 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c @@ -63,6 +63,9 @@ void dmub_hw_lock_mgr_inbox0_cmd(struct dc_dmub_srv *dmub_srv, bool should_use_dmub_lock(struct dc_link *link) { + /* ASIC doesn't support DMUB */ + if (!link->ctx->dmub_srv) + return false; if (link->psr_settings.psr_version == DC_PSR_VERSION_SU_1 || link->psr_settings.psr_version == DC_PSR_VERSION_1) return true; --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250205-amdgpu-dmub-3fc25a0bc68e Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

6 months

4
4
0 0

[PATCH 1/1] PCI/bwctrl: Disable PCIe BW controller during reset

by Ilpo Järvinen

PCIe BW controller enables BW notifications for Downstream Ports by setting Link Bandwidth Management Interrupt Enable (LBMIE) and Link Autonomous Bandwidth Interrupt Enable (LABIE) (PCIe Spec. r6.2 sec. 7.5.3.7). It was discovered that performing a reset can lead to the device underneath the Downstream Port becoming unavailable if BW notifications are left enabled throughout the reset sequence (at least LBMIE was found to cause an issue). While the PCIe Specifications do not indicate BW notifications could not be kept enabled during resets, the PCIe Link state during an intentional reset is not of large interest. Thus, disable BW controller for the bridge while reset is performed and re-enable it after the reset has completed to workaround the problems some devices encounter if BW notifications are left on throughout the reset sequence. Keep a counter for the disable/enable because MFD will execute pci_dev_save_and_disable() and pci_dev_restore() back to back for sibling devices: [ 50.139010] vfio-pci 0000:01:00.0: resetting [ 50.139053] vfio-pci 0000:01:00.1: resetting [ 50.141126] pcieport 0000:00:01.1: PME: Spurious native interrupt! [ 50.141133] pcieport 0000:00:01.1: PME: Spurious native interrupt! [ 50.441466] vfio-pci 0000:01:00.0: reset done [ 50.501534] vfio-pci 0000:01:00.1: reset done Fixes: 665745f27487 ("PCI/bwctrl: Re-add BW notification portdrv as PCIe BW controller") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219765 Tested-by: Joel Mathew Thomas <proxy0(a)tutamail.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- I suspect the root cause is some kind of violation of specifications. Resets shouldn't cause devices to become unavailable just because BW notifications have been enabled. Before somebody comments on those dual rwsems, I do have yet to be submitted patch to simplify the locking as per Lukas Wunner's earlier suggestion. I've just focused on solving the regressions first. drivers/pci/pci.c | 8 +++++++ drivers/pci/pci.h | 4 ++++ drivers/pci/pcie/bwctrl.c | 49 ++++++++++++++++++++++++++++++++------- 3 files changed, 53 insertions(+), 8 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 869d204a70a3..7a53d7474175 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5148,6 +5148,7 @@ static void pci_dev_save_and_disable(struct pci_dev *dev) { const struct pci_error_handlers *err_handler = dev->driver ? dev->driver->err_handler : NULL; + struct pci_dev *bridge = pci_upstream_bridge(dev); /* * dev->driver->err_handler->reset_prepare() is protected against @@ -5166,6 +5167,9 @@ static void pci_dev_save_and_disable(struct pci_dev *dev) */ pci_set_power_state(dev, PCI_D0); + if (bridge) + pcie_bwnotif_disable(bridge); + pci_save_state(dev); /* * Disable the device by clearing the Command register, except for @@ -5181,9 +5185,13 @@ static void pci_dev_restore(struct pci_dev *dev) { const struct pci_error_handlers *err_handler = dev->driver ? dev->driver->err_handler : NULL; + struct pci_dev *bridge = pci_upstream_bridge(dev); pci_restore_state(dev); + if (bridge) + pcie_bwnotif_enable(bridge); + /* * dev->driver->err_handler->reset_done() is protected against * races with ->remove() by the device lock, which must be held by diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index 01e51db8d285..856546f1aad9 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -759,12 +759,16 @@ static inline void pcie_ecrc_get_policy(char *str) { } #ifdef CONFIG_PCIEPORTBUS void pcie_reset_lbms_count(struct pci_dev *port); int pcie_lbms_count(struct pci_dev *port, unsigned long *val); +void pcie_bwnotif_enable(struct pci_dev *port); +void pcie_bwnotif_disable(struct pci_dev *port); #else static inline void pcie_reset_lbms_count(struct pci_dev *port) {} static inline int pcie_lbms_count(struct pci_dev *port, unsigned long *val) { return -EOPNOTSUPP; } +static inline void pcie_bwnotif_enable(struct pci_dev *port) {} +static inline void pcie_bwnotif_disable(struct pci_dev *port) {} #endif struct pci_dev_reset_methods { diff --git a/drivers/pci/pcie/bwctrl.c b/drivers/pci/pcie/bwctrl.c index 0a5e7efbce2c..a117f6f67c07 100644 --- a/drivers/pci/pcie/bwctrl.c +++ b/drivers/pci/pcie/bwctrl.c @@ -40,11 +40,13 @@ * @set_speed_mutex: Serializes link speed changes * @lbms_count: Count for LBMS (since last reset) * @cdev: Thermal cooling device associated with the port + * @disable_count: BW notifications disabled/enabled counter */ struct pcie_bwctrl_data { struct mutex set_speed_mutex; atomic_t lbms_count; struct thermal_cooling_device *cdev; + int disable_count; }; /* @@ -200,10 +202,9 @@ int pcie_set_target_speed(struct pci_dev *port, enum pci_bus_speed speed_req, return ret; } -static void pcie_bwnotif_enable(struct pcie_device *srv) +static void __pcie_bwnotif_enable(struct pci_dev *port) { - struct pcie_bwctrl_data *data = srv->port->link_bwctrl; - struct pci_dev *port = srv->port; + struct pcie_bwctrl_data *data = port->link_bwctrl; u16 link_status; int ret; @@ -224,12 +225,44 @@ static void pcie_bwnotif_enable(struct pcie_device *srv) pcie_update_link_speed(port->subordinate); } -static void pcie_bwnotif_disable(struct pci_dev *port) +void pcie_bwnotif_enable(struct pci_dev *port) +{ + guard(rwsem_read)(&pcie_bwctrl_setspeed_rwsem); + guard(rwsem_read)(&pcie_bwctrl_lbms_rwsem); + + if (!port->link_bwctrl) + return; + + port->link_bwctrl->disable_count--; + if (!port->link_bwctrl->disable_count) { + __pcie_bwnotif_enable(port); + pci_dbg(port, "BW notifications enabled\n"); + } + WARN_ON_ONCE(port->link_bwctrl->disable_count < 0); +} + +static void __pcie_bwnotif_disable(struct pci_dev *port) { pcie_capability_clear_word(port, PCI_EXP_LNKCTL, PCI_EXP_LNKCTL_LBMIE | PCI_EXP_LNKCTL_LABIE); } +void pcie_bwnotif_disable(struct pci_dev *port) +{ + guard(rwsem_read)(&pcie_bwctrl_setspeed_rwsem); + guard(rwsem_read)(&pcie_bwctrl_lbms_rwsem); + + if (!port->link_bwctrl) + return; + + port->link_bwctrl->disable_count++; + + if (port->link_bwctrl->disable_count == 1) { + __pcie_bwnotif_disable(port); + pci_dbg(port, "BW notifications disabled\n"); + } +} + static irqreturn_t pcie_bwnotif_irq(int irq, void *context) { struct pcie_device *srv = context; @@ -314,7 +347,7 @@ static int pcie_bwnotif_probe(struct pcie_device *srv) return ret; } - pcie_bwnotif_enable(srv); + __pcie_bwnotif_enable(port); } } @@ -336,7 +369,7 @@ static void pcie_bwnotif_remove(struct pcie_device *srv) scoped_guard(rwsem_write, &pcie_bwctrl_setspeed_rwsem) { scoped_guard(rwsem_write, &pcie_bwctrl_lbms_rwsem) { - pcie_bwnotif_disable(srv->port); + __pcie_bwnotif_disable(srv->port); free_irq(srv->irq, srv); @@ -347,13 +380,13 @@ static void pcie_bwnotif_remove(struct pcie_device *srv) static int pcie_bwnotif_suspend(struct pcie_device *srv) { - pcie_bwnotif_disable(srv->port); + __pcie_bwnotif_disable(srv->port); return 0; } static int pcie_bwnotif_resume(struct pcie_device *srv) { - pcie_bwnotif_enable(srv); + __pcie_bwnotif_enable(srv->port); return 0; } base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b -- 2.39.5

6 months

2
7
0 0

[PATCH] drm/ttm/tests: fix potential null pointer dereference in ttm_bo_unreserve_bulk()

by Qasim Ijaz

In the ttm_bo_unreserve_bulk() test function, resv is allocated using kunit_kzalloc(), but the subsequent assertion mistakenly verifies the ttm_dev pointer instead of checking the resv pointer. This mistake means that if allocation for resv fails, the error will go undetected, resv will be NULL and a call to dma_resv_init(resv) will dereference a NULL pointer. Fix the assertion to properly verify the resv pointer. Fixes: 588c4c8d58c4 ("drm/ttm/tests: Fix a warning in ttm_bo_unreserve_bulk") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/gpu/drm/ttm/tests/ttm_bo_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c index f8f20d2f6174..e08e5a138420 100644 --- a/drivers/gpu/drm/ttm/tests/ttm_bo_test.c +++ b/drivers/gpu/drm/ttm/tests/ttm_bo_test.c @@ -340,7 +340,7 @@ static void ttm_bo_unreserve_bulk(struct kunit *test) KUNIT_ASSERT_NOT_NULL(test, ttm_dev); resv = kunit_kzalloc(test, sizeof(*resv), GFP_KERNEL); - KUNIT_ASSERT_NOT_NULL(test, ttm_dev); + KUNIT_ASSERT_NOT_NULL(test, resv); err = ttm_device_kunit_init(priv, ttm_dev, false, false); KUNIT_ASSERT_EQ(test, err, 0); -- 2.39.5

6 months

2
1
0 0

[PATCH 5.4 000/328] 5.4.291-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.291 release. There are 328 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 13 Mar 2025 14:56:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.291-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.291-rc1 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: skip BAR resizing if the bios already did it Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue Yang Yang <yang.yang29(a)zte.com.cn> kernel/acct.c: use dedicated helper to access rlimit values Hui Su <sh_def(a)163.com> kernel/acct.c: use #elif instead of #end and #elif Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Maksym Glubokiy <maksym.glubokiy(a)plvision.eu> net: extract port range fields from fl_flow_key Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add type for ALC287 Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Davidlohr Bueso <dave(a)stgolabs.net> usb/gadget: f_midi: Replace tasklet with work Allen Pais <allen.lkml(a)gmail.com> usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: Increase DWC3 controller halt timeout Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - some more fixes to RSA test vectors Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - populate RSA CRT parameters in RSA test vectors lei he <helei.sig11(a)bytedance.com> crypto: testmgr - fix version number of RSA tests Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - Fix wrong test case of RSA Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - fix wrong key length for pkcs1pad Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Xin Long <lucien.xin(a)gmail.com> vlan: move dev_put into vlan_dev_uninit Xin Long <lucien.xin(a)gmail.com> vlan: introduce vlan_dev_free_egress_priority Stefan Berger <stefanb(a)linux.ibm.com> ima: Fix use-after-free on a dentry's dname.name Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" David Woodhouse <dwmw(a)amazon.co.uk> x86/i8253: Disable PIT timer 0 when not in use Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> parport_pc: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> serial: 8250_pci: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> can: ems_pci: move ASIX AX99100 ids to pci_ids.h Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not output warnings when clearing dirty buffers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Li Zetao <lizetao1(a)huawei.com> neighbour: delete redundant judgment statements Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Jiri Pirko <jiri(a)nvidia.com> net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Huacai Chen <chenhuacai(a)loongson.cn> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)linux.alibaba.com> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Petr Tesarik <petr.tesarik.ext(a)huawei.com> xen: remove a confusing comment on auto-translated guest I/O Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Emil Renner Berthing <kernel(a)esmil.dk> net: usb: rtl8150: use new tasklet API Romain Perier <romain.perier(a)gmail.com> tasklet: Introduce new initialization API Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: add bounds checks to host bulk flow fairness counts Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: eliminate staggered calls to kunmap in nilfs_rename Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Oleksij Rempel <linux(a)rempel-privat.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Malcolm Priestley <tvboxspy(a)gmail.com> media: lmedm04: Use GFP_KERNEL for URB allocation/submission. Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leonro(a)nvidia.com> RDMA/mlx4: Avoid false error about access to uninitialized gids array Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Kees Cook <keescook(a)chromium.org> selftests/harness: Display signed values correctly Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused dualmac control leftovers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused timer and related code Jakob Koschel <jakobkoschel(a)gmail.com> rtlwifi: replace usage of found with dedicated list iterator variable Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct Kees Cook <keescook(a)chromium.org> overflow: Allow mixed type arguments Keith Busch <kbusch(a)kernel.org> overflow: Correct check_shl_overflow() comment Kees Cook <keescook(a)chromium.org> overflow: Add __must_check attribute to check_*() helpers Ben Hutchings <benh(a)debian.org> udf: Fix use of check_add_overflow() with mixed type arguments Ben Hutchings <benh(a)debian.org> perf cs-etm: Add missing variable in cs_etm__process_queues() ------------- Diffstat: .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- Makefile | 9 +- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 2 + arch/alpha/kernel/entry.S | 24 +-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm/boot/dts/mt7623.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/kernel/cacheinfo.c | 12 +- arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/kvm/vsie.c | 25 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/intel.c | 52 +++-- arch/x86/kernel/i8253.c | 11 +- arch/x86/mm/init.c | 32 +-- arch/x86/xen/mmu_pv.c | 79 +++++-- block/partitions/ldm.h | 2 +- block/partitions/mac.c | 18 +- crypto/testmgr.h | 227 +++++++++++++++------ drivers/acpi/apei/ghes.c | 10 +- drivers/base/bus.c | 2 + drivers/base/regmap/regmap-irq.c | 2 + drivers/block/nbd.c | 1 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clocksource/i8253.c | 13 +- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/core.c | 13 +- drivers/dma/ti/edma.c | 3 +- drivers/firmware/Kconfig | 2 +- drivers/gpio/gpio-bcm-kona.c | 71 +++++-- drivers/gpio/gpio-rcar.c | 7 +- drivers/gpio/gpio-stmpe.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 16 ++ drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/drm_dp_cec.c | 14 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-core.c | 2 + drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hid/wacom_wac.c | 5 + drivers/hwmon/ad7314.c | 10 + drivers/hwmon/ntc_thermistor.c | 66 +++--- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/leds/leds-lp8860.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ov5640.c | 1 + drivers/media/platform/exynos4-is/mipi-csis.c | 10 +- drivers/media/platform/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 14 +- drivers/media/usb/uvc/uvc_ctrl.c | 85 ++++++-- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 9 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/mmc/core/sdio.c | 2 + drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/net/caif/caif_virtio.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/ethernet/broadcom/tg3.c | 58 ++++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 31 ++- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/loopback.c | 14 ++ drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/team/team.c | 11 +- drivers/net/tun.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/net/usb/rtl8150.c | 28 ++- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/realtek/rtlwifi/base.c | 36 +--- drivers/net/wireless/realtek/rtlwifi/base.h | 2 - drivers/net/wireless/realtek/rtlwifi/pci.c | 65 +----- .../net/wireless/realtek/rtlwifi/rtl8192se/dm.c | 42 ++-- .../net/wireless/realtek/rtlwifi/rtl8192se/fw.c | 40 ++-- .../net/wireless/realtek/rtlwifi/rtl8192se/hw.c | 157 +++++++------- .../net/wireless/realtek/rtlwifi/rtl8192se/led.c | 10 +- .../net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 211 ++++++++++--------- .../net/wireless/realtek/rtlwifi/rtl8192se/rf.c | 70 +++---- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 11 +- .../net/wireless/realtek/rtlwifi/rtl8192se/trx.c | 10 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 --- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 8 +- drivers/nvmem/core.c | 2 + drivers/of/base.c | 8 +- drivers/parport/parport_pc.c | 5 + drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/power/supply/da9150-fg.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++------ drivers/ptp/ptp_clock.c | 8 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/regulator/of_regulator.c | 14 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/storvsc_drv.c | 1 + drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/slimbus/messaging.c | 5 +- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-mxs.c | 3 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/tee/optee/supp.c | 35 +--- drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 ++ drivers/tty/serial/8250/8250_pci.c | 10 + drivers/tty/serial/8250/8250_port.c | 9 + drivers/tty/serial/sh-sci.c | 25 ++- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/class/cdc-acm.c | 28 ++- drivers/usb/core/hub.c | 13 +- drivers/usb/core/quirks.c | 10 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/gadget.c | 37 +++- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/f_midi.c | 22 +- drivers/usb/gadget/function/f_tcm.c | 54 ++--- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-pci.c | 8 +- drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/host/xhci.c | 23 ++- drivers/usb/host/xhci.h | 9 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 +++-- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 + drivers/usb/typec/tcpm/tcpm.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 2 +- drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 + drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + fs/afs/xdr_fs.h | 2 +- fs/binfmt_flat.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/super.c | 2 +- fs/btrfs/transaction.c | 4 +- fs/nfsd/nfs4callback.c | 1 + fs/nilfs2/dir.c | 24 +-- fs/nilfs2/inode.c | 10 +- fs/nilfs2/mdt.c | 6 +- fs/nilfs2/namei.c | 37 ++-- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/page.c | 55 ++--- fs/nilfs2/page.h | 4 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/dir.c | 25 ++- fs/ocfs2/quota_global.c | 5 + fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/orangefs/orangefs-debugfs.c | 4 +- fs/squashfs/inode.c | 5 +- fs/ubifs/debug.c | 22 +- fs/udf/super.c | 2 +- include/linux/i8253.h | 1 + include/linux/interrupt.h | 28 ++- include/linux/kallsyms.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/netdevice.h | 6 + include/linux/overflow.h | 101 +++++---- include/linux/pci_ids.h | 4 + include/linux/pps_kernel.h | 3 +- include/linux/usb/hcd.h | 5 +- include/net/flow_dissector.h | 16 ++ include/net/flow_offload.h | 6 + include/net/l3mdev.h | 2 + include/net/net_namespace.h | 15 +- include/trace/events/oom.h | 36 +++- kernel/acct.c | 141 ++++++++----- kernel/events/core.c | 17 +- kernel/padata.c | 2 +- kernel/power/hibernate.c | 7 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 8 +- kernel/softirq.c | 18 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ftrace.c | 27 ++- mm/memcontrol.c | 7 +- mm/oom_kill.c | 14 +- mm/page_alloc.c | 1 + net/8021q/vlan.c | 3 +- net/8021q/vlan.h | 2 +- net/8021q/vlan_dev.c | 15 +- net/8021q/vlan_netlink.c | 7 +- net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 116 ++++++++--- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/bluetooth/l2cap_sock.c | 3 +- net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/drop_monitor.c | 39 ++-- net/core/flow_dissector.c | 49 +++-- net/core/flow_offload.c | 7 + net/core/neighbour.c | 11 +- net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ipv4/arp.c | 4 +- net/ipv4/devinet.c | 3 +- net/ipv4/ipmr_base.c | 3 - net/ipv4/route.c | 8 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp.c | 4 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/ipv6/ndisc.c | 28 +-- net/ipv6/route.c | 7 +- net/ipv6/udp.c | 4 +- net/llc/llc_s_ac.c | 49 +++-- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/openvswitch/datapath.c | 12 +- net/rose/af_rose.c | 24 ++- net/rose/rose_timer.c | 15 ++ net/sched/cls_flower.c | 8 +- net/sched/sch_api.c | 4 + net/sched/sch_cake.c | 140 +++++++------ net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/sunrpc/cache.c | 10 +- net/vmw_vsock/af_vsock.c | 5 + net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- scripts/Makefile.extrawarn | 5 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- security/integrity/ima/ima_api.c | 16 +- security/integrity/ima/ima_template_lib.c | 17 +- security/tomoyo/common.c | 2 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 86 +++++++- sound/soc/codecs/es8328.c | 15 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 +- sound/soc/sunxi/sun4i-spdif.c | 7 + tools/perf/bench/epoll-wait.c | 7 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/cs-etm.c | 2 +- tools/perf/util/env.c | 5 +- tools/perf/util/env.h | 2 +- tools/perf/util/header.c | 8 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + tools/testing/selftests/kselftest_harness.h | 42 +++- tools/testing/selftests/net/udpgso.c | 26 +++ 305 files changed, 3058 insertions(+), 1680 deletions(-)

6 months

5
335
0 0

[PATCH net 13/13] net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family

by Marek Behún

Implement the workaround for erratum 3.3 RGMII timing may be out of spec when transmit delay is enabled for the 6320 family, which says: When transmit delay is enabled via Port register 1 bit 14 = 1, duty cycle may be out of spec. Under very rare conditions this may cause the attached device receive CRC errors. Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 5.4.x --- drivers/net/dsa/mv88e6xxx/chip.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 898aff46693b..6e7c9bbd9787 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -3674,6 +3674,21 @@ static int mv88e6xxx_stats_setup(struct mv88e6xxx_chip *chip) return mv88e6xxx_g1_stats_clear(chip); } +static int mv88e6320_setup_errata(struct mv88e6xxx_chip *chip) +{ + u16 dummy; + int err; + + /* Workaround for erratum + * 3.3 RGMII timing may be out of spec when transmit delay is enabled + */ + err = mv88e6xxx_port_hidden_write(chip, 0, 0xf, 0x7, 0xe000); + if (err) + return err; + + return mv88e6xxx_port_hidden_read(chip, 0, 0xf, 0x7, &dummy); +} + /* Check if the errata has already been applied. */ static bool mv88e6390_setup_errata_applied(struct mv88e6xxx_chip *chip) { @@ -5125,6 +5140,7 @@ static const struct mv88e6xxx_ops mv88e6290_ops = { static const struct mv88e6xxx_ops mv88e6320_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, @@ -5180,6 +5196,7 @@ static const struct mv88e6xxx_ops mv88e6320_ops = { static const struct mv88e6xxx_ops mv88e6321_ops = { /* MV88E6XXX_FAMILY_6320 */ + .setup_errata = mv88e6320_setup_errata, .ieee_pri_map = mv88e6085_g1_ieee_pri_map, .ip_pri_map = mv88e6085_g1_ip_pri_map, .irl_init_all = mv88e6352_g2_irl_init_all, -- 2.48.1

6 months

1
0
0 0

[PATCH net 12/13] net: dsa: mv88e6xxx: fix internal PHYs for 6320 family

by Marek Behún

Fix internal PHYs definition for the 6320 family, which has only 2 internal PHYs (on ports 3 and 4). Fixes: bc3931557d1d ("net: dsa: mv88e6xxx: Add number of internal PHYs") Signed-off-by: Marek Behún <kabel(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.6.x --- drivers/net/dsa/mv88e6xxx/chip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 3849b8d55fa9..898aff46693b 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -6240,7 +6240,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, @@ -6267,7 +6268,8 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 5, + .num_internal_phys = 2, + .internal_phys_offset = 3, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, -- 2.48.1

6 months

1
0
0 0

[PATCH v4 0/3] leds: rgb: leds-qcom-lpg: PWM fixes

by Abel Vesa

The PWM allow configuring the PWM resolution from 8 bits PWM values up to 15 bits values, for the Hi-Res PWMs, and then either 6-bit or 9-bit for the normal PWMs. The current implementation loops through all possible resolutions (PWM sizes), for the PWM subtype, on top of the already existing process of determining the prediv, exponent and refclk. The first and second issues are related to capping the computed PWM value. The third issue is that it uses the wrong maximum possible PWM value for determining the best matched period. Fix all of them. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v4: - Rebased on next-20250305 - Re-worded the commit messages for the first two patches to include an example that should better explain what the issue that is being fixed is. As per Uwe's request. - Link to v3: https://lore.kernel.org/r/20250303-leds-qcom-lpg-fix-max-pwm-on-hi-res-v3-0… Changes in v3: - Added a new patch that fixes the normal PWMs, since they now support 6-bit resolution as well. Added it as first patch. - Re-worded the second patch. Included Bjorn's suggestion and R-b tag. - Link to v2: https://lore.kernel.org/r/20250226-leds-qcom-lpg-fix-max-pwm-on-hi-res-v2-0… Changes in v2: - Re-worded the commit to drop the details that are not important w.r.t. what the patch is fixing. - Added another patch which fixes the resolution used for determining best matched period and PWM config. - Link to v1: https://lore.kernel.org/r/20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-v1-1… --- Abel Vesa (3): leds: rgb: leds-qcom-lpg: Fix pwm resolution max for normal PWMs leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs drivers/leds/rgb/leds-qcom-lpg.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- base-commit: 7ec162622e66a4ff886f8f28712ea1b13069e1aa change-id: 20250220-leds-qcom-lpg-fix-max-pwm-on-hi-res-067e8782a79b Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

6 months

2
3
0 0

FAILED: patch "[PATCH] virt: sev-guest: Move SNP Guest Request data pages handling" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 3e385c0d6ce88ac9916dcf84267bd5855d830748 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030957-magnetism-lustily-55d9@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e385c0d6ce88ac9916dcf84267bd5855d830748 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy <aik(a)amd.com> Date: Fri, 7 Mar 2025 12:37:00 +1100 Subject: [PATCH] virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex Compared to the SNP Guest Request, the "Extended" version adds data pages for receiving certificates. If not enough pages provided, the HV can report to the VM how much is needed so the VM can reallocate and repeat. Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") moved handling of the allocated/desired pages number out of scope of said mutex and create a possibility for a race (multiple instances trying to trigger Extended request in a VM) as there is just one instance of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex. Fix the issue by moving the data blob/size and the GHCB input struct (snp_req_data) into snp_guest_req which is allocated on stack now and accessed by the GHCB caller under that mutex. Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of four callers needs it. Free the received blob in get_ext_report() right after it is copied to the userspace. Possible future users of snp_send_guest_request() are likely to have different ideas about the buffer size anyways. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Nikunj A Dadhania <nikunj(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250307013700.437505-3-aik@amd.com diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..96c7bc698e6b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2853,19 +2853,8 @@ struct snp_msg_desc *snp_msg_alloc(void) if (!mdesc->response) goto e_free_request; - mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); - if (!mdesc->certs_data) - goto e_free_response; - - /* initial the input address for guest request */ - mdesc->input.req_gpa = __pa(mdesc->request); - mdesc->input.resp_gpa = __pa(mdesc->response); - mdesc->input.data_gpa = __pa(mdesc->certs_data); - return mdesc; -e_free_response: - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); e_free_request: free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); e_unmap: @@ -2885,7 +2874,6 @@ void snp_msg_free(struct snp_msg_desc *mdesc) kfree(mdesc->ctx); free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); iounmap((__force void __iomem *)mdesc->secrets); memset(mdesc, 0, sizeof(*mdesc)); @@ -3054,7 +3042,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(req, &mdesc->input, rio); + rc = snp_issue_guest_request(req, &req->input, rio); switch (rc) { case -ENOSPC: /* @@ -3064,7 +3052,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = mdesc->input.data_npages; + override_npages = req->input.data_npages; req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* @@ -3120,7 +3108,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r } if (override_npages) - mdesc->input.data_npages = override_npages; + req->input.data_npages = override_npages; return rc; } @@ -3158,6 +3146,11 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req */ memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request)); + /* Initialize the input address for guest request */ + req->input.req_gpa = __pa(mdesc->request); + req->input.resp_gpa = __pa(mdesc->response); + req->input.data_gpa = req->certs_data ? __pa(req->certs_data) : 0; + rc = __handle_guest_request(mdesc, req, rio); if (rc) { if (rc == -EIO && diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..ba7999f66abe 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -203,6 +203,9 @@ struct snp_guest_req { unsigned int vmpck_id; u8 msg_version; u8 msg_type; + + struct snp_req_data input; + void *certs_data; }; /* @@ -263,9 +266,6 @@ struct snp_msg_desc { struct snp_guest_msg secret_request, secret_response; struct snp_secrets_page *secrets; - struct snp_req_data input; - - void *certs_data; struct aesgcm_ctx *ctx; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 23ac177472be..70fbc9a3e703 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -176,6 +176,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_guest_req req = {}; int ret, npages = 0, resp_len; sockptr_t certs_address; + struct page *page; if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; @@ -209,8 +210,20 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ - memset(mdesc->certs_data, 0, report_req->certs_len); npages = report_req->certs_len >> PAGE_SHIFT; + page = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, + get_order(report_req->certs_len)); + if (!page) + return -ENOMEM; + + req.certs_data = page_address(page); + ret = set_memory_decrypted((unsigned long)req.certs_data, npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(report_req->certs_len)); + return -EFAULT; + } + cmd: /* * The intermediate response buffer is used while decrypting the @@ -219,10 +232,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques */ resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize; report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!report_resp) - return -ENOMEM; + if (!report_resp) { + ret = -ENOMEM; + goto e_free_data; + } - mdesc->input.data_npages = npages; + req.input.data_npages = npages; req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; @@ -237,7 +252,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - report_req->certs_len = mdesc->input.data_npages << PAGE_SHIFT; + report_req->certs_len = req.input.data_npages << PAGE_SHIFT; if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) ret = -EFAULT; @@ -246,7 +261,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && copy_to_sockptr(certs_address, mdesc->certs_data, report_req->certs_len)) { + if (npages && copy_to_sockptr(certs_address, req.certs_data, report_req->certs_len)) { ret = -EFAULT; goto e_free; } @@ -256,6 +271,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques e_free: kfree(report_resp); +e_free_data: + if (npages) { + if (set_memory_encrypted((unsigned long)req.certs_data, npages)) + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + else + __free_pages(page, get_order(report_req->certs_len)); + } return ret; }

6 months

5
10
0 0

[PATCH 5.10.y] KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel

by Abdelkareem Abdelsaamad

From: Sean Christopherson <seanjc(a)google.com> commit a8de7f100bb5989d9c3627d3a223ee1c863f3b69 upstream. Advertise support for Hyper-V's SEND_IPI and SEND_IPI_EX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said hypercalls if the local APIC is emulated in userspace, i.e. don't rely on userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID. Rejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if Hyper-V enlightenments are exposed to the guest without an in-kernel local APIC: dump_stack+0xbe/0xfd __kasan_report.cold+0x34/0x84 kasan_report+0x3a/0x50 __apic_accept_irq+0x3a/0x5c0 kvm_hv_send_ipi.isra.0+0x34e/0x820 kvm_hv_hypercall+0x8d9/0x9d0 kvm_emulate_hypercall+0x506/0x7e0 __vmx_handle_exit+0x283/0xb60 vmx_handle_exit+0x1d/0xd0 vcpu_enter_guest+0x16b0/0x24c0 vcpu_run+0xc0/0x550 kvm_arch_vcpu_ioctl_run+0x170/0x6d0 kvm_vcpu_ioctl+0x413/0xb20 __se_sys_ioctl+0x111/0x160 do_syscal1_64+0x30/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Note, checking the sending vCPU is sufficient, as the per-VM irqchip_mode can't be modified after vCPUs are created, i.e. if one vCPU has an in-kernel local APIC, then all vCPUs have an in-kernel local APIC. Reported-by: Dongjie Zou <zoudongjie(a)huawei.com> Fixes: 214ff83d4473 ("KVM: x86: hyperv: implement PV IPI send hypercalls") Fixes: 2bc39970e932 ("x86/kvm/hyper-v: Introduce KVM_GET_SUPPORTED_HV_CPUID") Cc: stable(a)vger.kernel.org Reviewed-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Link: https://lore.kernel.org/r/20250118003454.2619573-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 72167a9d7da2 ("KVM: x86: hyper-v: Stop shadowing global 'current_vcpu' variable") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- arch/x86/kvm/hyperv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 20eb8f55e1f1..e097faf12c82 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -1618,6 +1618,9 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *current_vcpu, u64 ingpa, u64 outgpa, u32 vector; bool all_cpus; + if (!lapic_in_kernel(current_vcpu)) + return HV_STATUS_INVALID_HYPERCALL_INPUT; + if (!ex) { if (!fast) { if (unlikely(kvm_read_guest(kvm, ingpa, &send_ipi, @@ -2060,7 +2063,8 @@ int kvm_vcpu_ioctl_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, ent->eax |= HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED; ent->eax |= HV_X64_APIC_ACCESS_RECOMMENDED; ent->eax |= HV_X64_RELAXED_TIMING_RECOMMENDED; - ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; + if (!vcpu || lapic_in_kernel(vcpu)) + ent->eax |= HV_X64_CLUSTER_IPI_RECOMMENDED; ent->eax |= HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED; if (evmcs_ver) ent->eax |= HV_X64_ENLIGHTENED_VMCS_RECOMMENDED; -- 2.47.1

6 months

2
1
0 0

[PATCH 5.10.y] x86/kexec: fix memory leak of elf header buffer

by Abdelkareem Abdelsaamad

From: Baoquan He <bhe(a)redhat.com> commit b3e34a47f98974d0844444c5121aaff123004e57 upstream. This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160 [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0 [<0000000019afff23>] crash_load_segments+0x260/0x470 [<0000000019ebe95c>] bzImage64_load+0x814/0xad0 [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0 [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0 [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530 [<0000000087c19992>] do_syscall_64+0x3b/0x90 [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers. While it's not freed back to system correctly when kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing x86 specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there. And also remove the incorrect elf header buffer freeing code. Before calling arch specific kexec_file loading function, the image instance has been initialized. So 'image->elf_headers' must be NULL. It doesn't make sense to free the elf header buffer in the place. Three different people have reported three bugs about the memory leak on x86_64 inside Redhat. Link: https://lkml.kernel.org/r/20220223113225.63106-2-bhe@redhat.com Signed-off-by: Baoquan He <bhe(a)redhat.com> Acked-by: Dave Young <dyoung(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Conflict due to 179350f00e06 ("x86: Use ELF fields defined in 'struct kimage'") not in the tree] Signed-off-by: Abdelkareem Abdelsaamad <kareemem(a)amazon.com> --- arch/x86/kernel/machine_kexec_64.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c index a29a44a98e5b..19f6aafd595a 100644 --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -402,9 +402,6 @@ void machine_kexec(struct kimage *image) #ifdef CONFIG_KEXEC_FILE void *arch_kexec_kernel_image_load(struct kimage *image) { - vfree(image->arch.elf_headers); - image->arch.elf_headers = NULL; - if (!image->fops || !image->fops->load) return ERR_PTR(-ENOEXEC); @@ -540,6 +537,15 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, (int)ELF64_R_TYPE(rel[i].r_info), value); return -ENOEXEC; } + +int arch_kimage_file_post_load_cleanup(struct kimage *image) +{ + vfree(image->arch.elf_headers); + image->arch.elf_headers = NULL; + image->arch.elf_headers_sz = 0; + + return kexec_image_post_load_cleanup_default(image); +} #endif /* CONFIG_KEXEC_FILE */ static int -- 2.47.1

6 months

2
1
0 0

[PATCH 6.1.y] fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super

by Miguel García

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> commit 91a4b1ee78cb100b19b70f077c247f211110348f upstream. This patch is a backport and fixes an UBSAN warning about shift-out-of-bounds in ntfs_fill_super() function of the NTFS3 driver. The original code incorrectly calculated MFT record size, causing undefined behavior when performing bit shifts with values that exceed type limits. The fix has been verified by executing the syzkaller reproducer test case. After applying this patch, the system successfully handles the test case without kernel panic or UBSAN warnings. Bug: https://syzkaller.appspot.com/bug?extid=010986becd65dbf9464b Reported-by: syzbot+010986becd65dbf9464b(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Miguel Garcia Roman <miguelgarciaroman8(a)gmail.com> (cherry picked from commit 91a4b1ee78cb100b19b70f077c247f211110348f) --- fs/ntfs3/ntfs_fs.h | 2 ++ fs/ntfs3/super.c | 68 +++++++++++++++++++++++++++++++--------------- 2 files changed, 48 insertions(+), 22 deletions(-) diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 26dbe1b46fdd..cbbf1ccc38e3 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -42,9 +42,11 @@ enum utf16_endian; #define MINUS_ONE_T ((size_t)(-1)) /* Biggest MFT / smallest cluster */ #define MAXIMUM_BYTES_PER_MFT 4096 +#define MAXIMUM_SHIFT_BYTES_PER_MFT 12 #define NTFS_BLOCKS_PER_MFT_RECORD (MAXIMUM_BYTES_PER_MFT / 512) #define MAXIMUM_BYTES_PER_INDEX 4096 +#define MAXIMUM_SHIFT_BYTES_PER_INDEX 12 #define NTFS_BLOCKS_PER_INODE (MAXIMUM_BYTES_PER_INDEX / 512) /* NTFS specific error code when fixup failed. */ diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index eee54214f4a3..a9063771afcc 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -680,7 +680,7 @@ static u32 true_sectors_per_clst(const struct NTFS_BOOT *boot) * ntfs_init_from_boot - Init internal info from on-disk boot sector. */ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, - u64 dev_size) + u64 dev_size) { struct ntfs_sb_info *sbi = sb->s_fs_info; int err; @@ -705,12 +705,12 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* 0x55AA is not mandaroty. Thanks Maxim Suhanov*/ /*if (0x55 != boot->boot_magic[0] || 0xAA != boot->boot_magic[1]) - * goto out; + * goto out; */ boot_sector_size = (u32)boot->bytes_per_sector[1] << 8; if (boot->bytes_per_sector[0] || boot_sector_size < SECTOR_SIZE || - !is_power_of_2(boot_sector_size)) { + !is_power_of_2(boot_sector_size)) { goto out; } @@ -733,15 +733,49 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* Check MFT record size. */ if ((boot->record_size < 0 && - SECTOR_SIZE > (2U << (-boot->record_size))) || - (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + SECTOR_SIZE > (2U << (-boot->record_size))) || + (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + goto out; + } + + /* Calculate cluster size */ + sbi->cluster_size = boot_sector_size * sct_per_clst; + sbi->cluster_bits = blksize_bits(sbi->cluster_size); + + if (boot->record_size >= 0) { + record_size = (u32)boot->record_size << sbi->cluster_bits; + } else if (-boot->record_size <= MAXIMUM_SHIFT_BYTES_PER_MFT) { + record_size = 1u << (-boot->record_size); + } else { + ntfs_err(sb, "%s: invalid record size %d.", "NTFS", + boot->record_size); + goto out; + } + + sbi->record_size = record_size; + sbi->record_bits = blksize_bits(record_size); + sbi->attr_size_tr = (5 * record_size >> 4); // ~320 bytes + + if (record_size > MAXIMUM_BYTES_PER_MFT) { + ntfs_err(sb, "Unsupported bytes per MFT record %u.", + record_size); + goto out; + } + + if (boot->index_size >= 0) { + sbi->index_size = (u32)boot->index_size << sbi->cluster_bits; + } else if (-boot->index_size <= MAXIMUM_SHIFT_BYTES_PER_INDEX) { + sbi->index_size = 1u << (-boot->index_size); + } else { + ntfs_err(sb, "%s: invalid index size %d.", "NTFS", + boot->index_size); goto out; } /* Check index record size. */ if ((boot->index_size < 0 && - SECTOR_SIZE > (2U << (-boot->index_size))) || - (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { + SECTOR_SIZE > (2U << (-boot->index_size))) || + (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { goto out; } @@ -762,9 +796,6 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, dev_size += sector_size - 1; } - sbi->cluster_size = boot_sector_size * sct_per_clst; - sbi->cluster_bits = blksize_bits(sbi->cluster_size); - sbi->mft.lbo = mlcn << sbi->cluster_bits; sbi->mft.lbo2 = mlcn2 << sbi->cluster_bits; @@ -785,9 +816,9 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sbi->cluster_mask = sbi->cluster_size - 1; sbi->cluster_mask_inv = ~(u64)sbi->cluster_mask; sbi->record_size = record_size = boot->record_size < 0 - ? 1 << (-boot->record_size) - : (u32)boot->record_size - << sbi->cluster_bits; + ? 1 << (-boot->record_size) + : (u32)boot->record_size + << sbi->cluster_bits; if (record_size > MAXIMUM_BYTES_PER_MFT || record_size < SECTOR_SIZE) goto out; @@ -801,8 +832,8 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, ALIGN(sizeof(enum ATTR_TYPE), 8); sbi->index_size = boot->index_size < 0 - ? 1u << (-boot->index_size) - : (u32)boot->index_size << sbi->cluster_bits; + ? 1u << (-boot->index_size) + : (u32)boot->index_size << sbi->cluster_bits; sbi->volume.ser_num = le64_to_cpu(boot->serial_num); @@ -871,13 +902,6 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sb->s_maxbytes = 0xFFFFFFFFull << sbi->cluster_bits; #endif - /* - * Compute the MFT zone at two steps. - * It would be nice if we are able to allocate 1/8 of - * total clusters for MFT but not more then 512 MB. - */ - sbi->zone_max = min_t(CLST, 0x20000000 >> sbi->cluster_bits, clusters >> 3); - err = 0; out: -- 2.34.1

6 months

2
1
0 0

[PATCH 6.6.y] bpf: Use raw_spinlock_t in ringbuf

by jianqi.ren.cn＠windriver.com

From: Wander Lairson Costa <wander.lairson(a)gmail.com> [ Upstream commit 8b62645b09f870d70c7910e7550289d444239a46 ] The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_count: 1, expected: 0 RCU nest depth: 1, expected: 1 INFO: lockdep is turned off. Preemption disabled at: [<ffffd33a5c88ea44>] migrate_enable+0xc0/0x39c CPU: 7 PID: 556208 Comm: test_progs Tainted: G Hardware name: Qualcomm SA8775P Ride (DT) Call trace: dump_backtrace+0xac/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0xac/0xe8 dump_stack+0x18/0x30 __might_resched+0x3bc/0x4fc rt_spin_lock+0x8c/0x1a4 __bpf_ringbuf_reserve+0xc4/0x254 bpf_ringbuf_reserve_dynptr+0x5c/0xdc bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238 trace_call_bpf+0x238/0x774 perf_call_bpf_enter.isra.0+0x104/0x194 perf_syscall_enter+0x2f8/0x510 trace_sys_enter+0x39c/0x564 syscall_trace_enter+0x220/0x3c0 do_el0_svc+0x138/0x1dc el0_svc+0x54/0x130 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Switch the spinlock to raw_spinlock_t to avoid this error. Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Brian Grech <bgrech(a)redhat.com> Signed-off-by: Wander Lairson Costa <wander.lairson(a)gmail.com> Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/r/20240920190700.617253-1-wander@redhat.com Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- kernel/bpf/ringbuf.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index 528f4d634226..6aff5ee483b6 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -29,7 +29,7 @@ struct bpf_ringbuf { u64 mask; struct page **pages; int nr_pages; - spinlock_t spinlock ____cacheline_aligned_in_smp; + raw_spinlock_t spinlock ____cacheline_aligned_in_smp; /* For user-space producer ring buffers, an atomic_t busy bit is used * to synchronize access to the ring buffers in the kernel, rather than * the spinlock that is used for kernel-producer ring buffers. This is @@ -173,7 +173,7 @@ static struct bpf_ringbuf *bpf_ringbuf_alloc(size_t data_sz, int numa_node) if (!rb) return NULL; - spin_lock_init(&rb->spinlock); + raw_spin_lock_init(&rb->spinlock); atomic_set(&rb->busy, 0); init_waitqueue_head(&rb->waitq); init_irq_work(&rb->work, bpf_ringbuf_notify); @@ -417,10 +417,10 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) cons_pos = smp_load_acquire(&rb->consumer_pos); if (in_nmi()) { - if (!spin_trylock_irqsave(&rb->spinlock, flags)) + if (!raw_spin_trylock_irqsave(&rb->spinlock, flags)) return NULL; } else { - spin_lock_irqsave(&rb->spinlock, flags); + raw_spin_lock_irqsave(&rb->spinlock, flags); } pend_pos = rb->pending_pos; @@ -446,7 +446,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) */ if (new_prod_pos - cons_pos > rb->mask || new_prod_pos - pend_pos > rb->mask) { - spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } @@ -458,7 +458,7 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) /* pairs with consumer's smp_load_acquire() */ smp_store_release(&rb->producer_pos, new_prod_pos); - spin_unlock_irqrestore(&rb->spinlock, flags); + raw_spin_unlock_irqrestore(&rb->spinlock, flags); return (void *)hdr + BPF_RINGBUF_HDR_SZ; } -- 2.25.1

6 months

2
1
0 0

[PATCH net] net: mana: cleanup mana struct after debugfs_remove()

by Shradha Gupta

When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized and ends up pointing to older, cleaned-up dentry. Further in the hibernation path, as part of power_down(), mana_gd_shutdown() is triggered. This call, unaware of the failures in resume, tries to cleanup the already cleaned up mana_port_debugfs value and hits the following bug: [ 191.359296] mana 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access in kernel mode [ 191.361125] #PF: error_code(0x0002) - not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098 [ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] <TASK> [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] ? __die+0x24/0x70 [ 191.374468] ? page_fault_oops+0x290/0x5b0 [ 191.374875] ? do_user_addr_fault+0x448/0x800 [ 191.375357] ? exc_page_fault+0x7a/0x160 [ 191.375971] ? asm_exc_page_fault+0x27/0x30 [ 191.376416] ? down_write+0x19/0x50 [ 191.376832] ? down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] ? __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] ? __flush_work+0x1e2/0x3b0 [ 191.379362] ? __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] ? __pfx_lru_add+0x10/0x10 [ 191.387515] ? queued_spin_unlock+0x9/0x10 [ 191.387937] ? do_anonymous_page+0x33c/0xa00 [ 191.388374] ? __handle_mm_fault+0xcf3/0x1210 [ 191.388805] ? __count_memcg_events+0xbe/0x180 [ 191.389235] ? handle_mm_fault+0xae/0x300 [ 191.389588] ? do_user_addr_fault+0x559/0x800 [ 191.390027] ? irqentry_exit_to_user_mode+0x43/0x230 [ 191.390525] ? irqentry_exit+0x1d/0x30 [ 191.390879] ? exc_page_fault+0x86/0x160 [ 191.391235] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 191.391745] RIP: 0033:0x7dbc4ff1c574 [ 191.392111] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 [ 191.393412] RSP: 002b:00007ffd95a23ab8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 191.393990] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007dbc4ff1c574 [ 191.394594] RDX: 0000000000000005 RSI: 00005a6eeadb0ce0 RDI: 0000000000000001 [ 191.395215] RBP: 00007ffd95a23ae0 R08: 00007dbc50003b20 R09: 0000000000000000 [ 191.395805] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000005 [ 191.396404] R13: 00005a6eeadb0ce0 R14: 00007dbc500045c0 R15: 00007dbc50001ee0 [ 191.396987] </TASK> To fix this, we explicitly set such mana debugfs variables to NULL after debugfs_remove() is called. Fixes: 6607c17c6c5e ("net: mana: Enable debugfs files for MANA device") Cc: stable(a)vger.kernel.org Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/gdma_main.c | 11 ++++++++++- drivers/net/ethernet/microsoft/mana/mana_en.c | 10 ++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index c15a5ef4674e..f1966788c98e 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -1579,6 +1579,7 @@ static int mana_gd_probe(struct pci_dev *pdev, const struct pci_device_id *ent) * adapter-MTU file and apc->mana_pci_debugfs folder. */ debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; pci_iounmap(pdev, bar0_va); free_gc: pci_set_drvdata(pdev, NULL); @@ -1601,6 +1602,8 @@ static void mana_gd_remove(struct pci_dev *pdev) debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; + pci_iounmap(pdev, gc->bar0_va); vfree(gc); @@ -1656,6 +1659,8 @@ static void mana_gd_shutdown(struct pci_dev *pdev) debugfs_remove_recursive(gc->mana_pci_debugfs); + gc->mana_pci_debugfs = NULL; + pci_disable_device(pdev); } @@ -1682,8 +1687,10 @@ static int __init mana_driver_init(void) mana_debugfs_root = debugfs_create_dir("mana", NULL); err = pci_register_driver(&mana_driver); - if (err) + if (err) { debugfs_remove(mana_debugfs_root); + mana_debugfs_root = NULL; + } return err; } @@ -1693,6 +1700,8 @@ static void __exit mana_driver_exit(void) pci_unregister_driver(&mana_driver); debugfs_remove(mana_debugfs_root); + + mana_debugfs_root = NULL; } module_init(mana_driver_init); diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 2d826077d38c..9a8171f099b6 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -748,12 +748,11 @@ static const struct net_device_ops mana_devops = { static void mana_cleanup_port_context(struct mana_port_context *apc) { /* - * at this point all dir/files under the vport directory - * are already cleaned up. - * We are sure the apc->mana_port_debugfs remove will not - * cause any freed memory access issues + * make sure subsequent cleanup attempts don't end up removing already + * cleaned dentry pointer */ debugfs_remove(apc->mana_port_debugfs); + apc->mana_port_debugfs = NULL; kfree(apc->rxqs); apc->rxqs = NULL; } @@ -1264,6 +1263,7 @@ static void mana_destroy_eq(struct mana_context *ac) return; debugfs_remove_recursive(ac->mana_eqs_debugfs); + ac->mana_eqs_debugfs = NULL; for (i = 0; i < gc->max_num_queues; i++) { eq = ac->eqs[i].eq; @@ -1926,6 +1926,7 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { debugfs_remove_recursive(apc->tx_qp[i].mana_tx_debugfs); + apc->tx_qp[i].mana_tx_debugfs = NULL; napi = &apc->tx_qp[i].tx_cq.napi; if (apc->tx_qp[i].txq.napi_initialized) { @@ -2113,6 +2114,7 @@ static void mana_destroy_rxq(struct mana_port_context *apc, return; debugfs_remove_recursive(rxq->mana_rx_debugfs); + rxq->mana_rx_debugfs = NULL; napi = &rxq->rx_cq.napi; -- 2.34.1

6 months

3
2
0 0

Linux 6.13.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.7 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/sysctl/kernel.rst | 11 Documentation/devicetree/bindings/iio/adc/adi,ad7606.yaml | 1 Makefile | 7 arch/arm/mm/fault-armv.c | 37 +- arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 +--- arch/loongarch/include/asm/bug.h | 13 arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 +++ arch/loongarch/kvm/exit.c | 6 arch/loongarch/kvm/main.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/loongarch/kvm/vm.c | 6 arch/loongarch/mm/mmap.c | 6 arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 18 - arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/pgtable_64.c | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/svm/svm.c | 49 +++ arch/x86/kvm/svm/svm.h | 2 arch/x86/kvm/svm/vmenter.S | 10 arch/x86/kvm/vmx/vmx.c | 8 arch/x86/kvm/vmx/vmx.h | 2 arch/x86/kvm/x86.c | 2 block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 drivers/gpu/drm/imagination/pvr_queue.c | 18 - drivers/gpu/drm/imagination/pvr_queue.h | 4 drivers/gpu/drm/imagination/pvr_vm.c | 134 +++++++-- drivers/gpu/drm/imagination/pvr_vm.h | 3 drivers/gpu/drm/nouveau/Kconfig | 1 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tiny/bochs.c | 5 drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_hmm.c | 188 +++++++++---- drivers/gpu/drm/xe/xe_hmm.h | 7 drivers/gpu/drm/xe/xe_pt.c | 96 +++--- drivers/gpu/drm/xe/xe_pt_walk.c | 3 drivers/gpu/drm/xe/xe_pt_walk.h | 4 drivers/gpu/drm/xe/xe_vm.c | 100 ++++--- drivers/gpu/drm/xe/xe_vm.h | 10 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-corsair-void.c | 83 +++-- drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++-- drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/ad7192.c | 2 drivers/iio/adc/ad7606.c | 2 drivers/iio/adc/at91-sama5d2_adc.c | 68 ++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 drivers/iio/light/apds9306.c | 4 drivers/iio/light/hid-sensor-prox.c | 7 drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/vsc-tp.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++-------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 drivers/net/ipa/data/ipa_data-v4.7.c | 18 - drivers/net/mctp/mctp-i3c.c | 3 drivers/net/phy/phy.c | 43 +++ drivers/net/phy/phy_device.c | 2 drivers/net/ppp/ppp_generic.c | 28 + drivers/net/wireless/intel/iwlwifi/fw/dump.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 77 +++-- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 23 - drivers/nvme/host/ioctl.c | 12 drivers/nvme/host/tcp.c | 81 +++++ drivers/nvme/target/nvmet.h | 1 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/usb/atm/cxacru.c | 13 drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 +++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 - drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-hub.c | 8 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 25 - drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/typec/ucsi/ucsi_acpi.c | 21 - drivers/usb/typec/ucsi/ucsi_ccg.c | 1 drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 drivers/virt/acrn/hsm.c | 6 drivers/virt/coco/sev-guest/sev-guest.c | 24 + fs/btrfs/inode.c | 9 fs/btrfs/volumes.c | 1 fs/coredump.c | 15 - fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/exfat/file.c | 2 fs/exfat/namei.c | 2 fs/nfs/file.c | 3 fs/smb/client/cifsglob.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/reparse.h | 28 + fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2inode.c | 4 fs/smb/client/smb2ops.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/linux/compaction.h | 5 include/linux/cred.h | 9 include/linux/ethtool.h | 23 + include/linux/hugetlb.h | 4 include/linux/nvme-tcp.h | 2 include/linux/phy.h | 36 ++ include/linux/phylib_stubs.h | 42 ++ include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 15 + kernel/trace/trace_probe.h | 2 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/internal.h | 5 mm/kmsan/hooks.c | 1 mm/memory-failure.c | 63 ++-- mm/memory.c | 21 - mm/memory_hotplug.c | 26 - mm/page_alloc.c | 4 mm/userfaultfd.c | 17 + mm/vma.c | 12 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ethtool/cabletest.c | 8 net/ethtool/linkstate.c | 26 + net/ethtool/netlink.c | 6 net/ethtool/netlink.h | 5 net/ethtool/phy.c | 2 net/ethtool/plca.c | 6 net/ethtool/pse-pd.c | 4 net/ethtool/stats.c | 18 + net/ethtool/strset.c | 2 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 +-- net/mac80211/ieee80211_i.h | 2 net/mac80211/mlme.c | 1 net/mac80211/parse.c | 164 ++++++++--- net/mptcp/pm_netlink.c | 18 + net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 rust/kernel/block/mq/gen_disk.rs | 6 sound/core/seq/seq_clientmgr.c | 46 ++- sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 107 ++++++- sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/testing/selftests/damon/damon_nr_regions.py | 2 tools/testing/selftests/damon/damos_quota.py | 9 tools/testing/selftests/damon/damos_quota_goal.py | 3 tools/testing/selftests/mm/hugepage-mremap.c | 2 tools/testing/selftests/mm/ksm_functional_tests.c | 8 tools/testing/selftests/mm/memfd_secret.c | 14 tools/testing/selftests/mm/mkdirty.c | 8 tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 tools/testing/selftests/mm/uffd-common.c | 4 tools/testing/selftests/mm/uffd-stress.c | 15 - tools/testing/selftests/mm/uffd-unit-tests.c | 14 usr/include/Makefile | 2 239 files changed, 2390 insertions(+), 1068 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alessio Belle (1): drm/imagination: Fix timestamps in firmware traces Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Martin (1): drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Andy Shevchenko (1): eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (3): iio: dac: ad3552r: clear reset status flag dt-bindings: iio: dac: adi-axi-adc: fix ad7606 pwm-names iio: adc: ad7606: fix wrong scale available AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antheas Kapenekakis (1): ALSA: hda/realtek: Remove (revert) duplicate Ally X config Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (1): x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Benjamin Berg (1): wifi: iwlwifi: mvm: log error for failures after D3 Bibo Mao (5): LoongArch: Set hugetlb mmap base address aligned with pmd size LoongArch: Set max_pfn with the PFN of the last page LoongArch: KVM: Add interrupt checking for AVEC LoongArch: KVM: Reload guest CSR registers after sleep LoongArch: KVM: Fix GPA size issue about VM Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Brendan King (3): drm/imagination: avoid deadlock on fence release drm/imagination: Hold drm_gem_gpuva lock for unmap drm/imagination: only init job done fences once Brian Geffon (1): mm: fix finish_fault() handling for large folios Christian A. Ehrhardt (1): acpi: typec: ucsi: Introduce a ->poll_cci method Christian Brauner (1): cred: return old creds from revert_creds_light() Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Dan Carpenter (1): nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Dave Airlie (1): drm/nouveau: select FW caching Emmanuel Grumbach (2): wifi: iwlwifi: mvm: don't dump the firmware state upon RFKILL while suspend wifi: iwlwifi: mvm: don't try to talk to a dead firmware Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Eric Sandeen (1): exfat: short-circuit zero-byte writes in exfat_file_write_iter Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Gabriel Krisman Bertazi (1): Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Greg Kroah-Hartman (1): Linux 6.13.7 Hans de Goede (1): mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): btrfs: fix a leaked chunk map issue in read_one_chunk() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Herbert Xu (1): cred: Fix RCU warnings in override/revert_creds Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Ilan Peer (4): wifi: iwlwifi: Free pages allocated when failing to build A-MSDU wifi: iwlwifi: Fix A-MSDU TSO preparation wifi: mac80211: Support parsing EPCS ML element wifi: iwlwifi: pcie: Fix TSO preparation Jakub Kicinski (1): net: ethtool: plumb PHY stats to PHY drivers Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: apds9306: fix max_scale_nano values Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Johannes Berg (4): wifi: iwlwifi: mvm: clean up ROC on failure wifi: iwlwifi: limit printed string from FW file wifi: mac80211: fix MLE non-inheritance parsing wifi: mac80211: fix vendor-specific inheritance John Hubbard (1): Revert "selftests/mm: remove local __NR_* definitions" Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Kees Cook (1): coredump: Only sort VMAs when core_sort_vma sysctl is set Keith Busch (1): nvme-ioctl: fix leaked requests on mapping error Kenneth Feng (1): drm/amd/pm: always allow ih interrupt from fw Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Lorenzo Stoakes (1): mm: abort vma_modify() on merge out of memory failure Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Ma Wupeng (3): mm: memory-failure: update ttu flag inside unmap_poisoned_folio hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio mm: memory-hotplug: check folio ref count first in do_migrate_range Maarten Lankhorst (1): drm/xe: Remove double pageflip Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marc Zyngier (1): xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Markus Burri (1): iio: adc: ad7192: fix channel select Masami Hiramatsu (Google) (3): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: tprobe-events: Reject invalid tracepoint name tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Matt Johnston (1): mctp i3c: handle NULL header address Matthew Auld (1): drm/xe/userptr: properly setup pfn_flags_mask Matthew Brost (1): drm/xe: Add staging tree for VM binds Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maurizio Lombardi (4): nvmet: remove old function prototype nvme-tcp: add basic support for the C2HTermReq PDU nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme-tcp: Fix a C2HTermReq error message Maxime Chevallier (1): net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (2): usb: xhci: Fix host controllers "dying" after suspend and resume usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Miri Korenblit (1): wifi: iwlwifi: fw: avoid using an uninitialized variable Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Naohiro Aota (1): btrfs: zoned: fix extent range end unlock in cow_file_range() Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikunj A Dadhania (1): virt: sev-guest: Allocate request data dynamically Oleksij Rempel (1): ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pali Rohár (1): cifs: Remove symlink member from cifs_open_info_data union Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (2): loongarch: Use ASM_REACHABLE perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (2): stmmac: loongson: Pass correct arg to PCI function drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qi Zheng (1): arm: pgtable: fix NULL pointer dereference issue Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Ricardo Ribalda (1): iio: hid-sensor-prox: Split difference from multiple channels Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (7): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: SVM: Save host DR masks on CPUs with DebugSwap KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules SeongJae Park (4): selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced selftests/damon/damos_quota: make real expectation of quota exceeds selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Steve French (1): smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Stuart Hayhurst (1): HID: corsair-void: Update power supply values with a unified work handler Suren Baghdasaryan (1): userfaultfd: do not block on locking a large folio with raised refcount Takashi Iwai (2): ALSA: seq: Avoid module auto-load handling at event delivery drm/bochs: Fix DPMS regression Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Hellström (6): drm/xe/hmm: Style- and include fixes drm/xe/hmm: Don't dereference struct page pointers without notifier lock drm/xe/vm: Fix a misplaced #endif drm/xe/vm: Validate userptr during gpu vma prefetching drm/xe: Fix fault mode invalidation with unbind drm/xe/userptr: Unmap userptrs in the mmu notifier Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tvrtko Ursulin (1): drm/xe: Fix GT "for each engine" workarounds Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuezhang Mo (1): exfat: fix just enough dentries but allocate a new cluster to dir Yutaro Ohno (1): rust: block: fix formatting in GenDisk doc Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

6 months

1
1
0 0

Linux 6.12.19

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.19 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 9 .gitignore | 1 Documentation/admin-guide/sysctl/kernel.rst | 11 Documentation/rust/coding-guidelines.rst | 146 + MAINTAINERS | 8 Makefile | 22 arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 arch/loongarch/include/asm/bug.h | 13 arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 arch/loongarch/kvm/exit.c | 6 arch/loongarch/kvm/main.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/loongarch/kvm/vm.c | 6 arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/powerpc/kvm/e500_mmu_host.c | 19 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 17 arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/pgtable_64.c | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/svm/svm.c | 49 arch/x86/kvm/svm/svm.h | 2 arch/x86/kvm/svm/vmenter.S | 10 arch/x86/kvm/vmx/vmx.c | 8 arch/x86/kvm/vmx/vmx.h | 2 arch/x86/kvm/x86.c | 2 arch/x86/mm/init.c | 23 block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/rnull.rs | 4 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-rcar.c | 31 drivers/gpio/gpio-vf610.c | 11 drivers/gpu/drm/Kconfig | 12 drivers/gpu/drm/Makefile | 6 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 drivers/gpu/drm/drm_client_setup.c | 66 drivers/gpu/drm/drm_fb_helper.c | 85 - drivers/gpu/drm/drm_fbdev_client.c | 141 + drivers/gpu/drm/drm_fbdev_ttm.c | 142 - drivers/gpu/drm/drm_fourcc.c | 30 drivers/gpu/drm/drm_panic_qr.rs | 25 drivers/gpu/drm/i915/display/i9xx_plane.c | 22 drivers/gpu/drm/i915/display/icl_dsi.c | 448 ++--- drivers/gpu/drm/i915/display/icl_dsi.h | 4 drivers/gpu/drm/i915/display/intel_atomic_plane.c | 49 drivers/gpu/drm/i915/display/intel_atomic_plane.h | 19 drivers/gpu/drm/i915/display/intel_color.c | 17 drivers/gpu/drm/i915/display/intel_color.h | 1 drivers/gpu/drm/i915/display/intel_cursor.c | 101 - drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_de.h | 11 drivers/gpu/drm/i915/display/intel_display.c | 58 drivers/gpu/drm/i915/display/intel_display_types.h | 16 drivers/gpu/drm/i915/display/intel_sprite.c | 27 drivers/gpu/drm/i915/display/skl_universal_plane.c | 307 ++- drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 drivers/gpu/drm/imagination/pvr_queue.c | 18 drivers/gpu/drm/imagination/pvr_queue.h | 4 drivers/gpu/drm/imagination/pvr_vm.c | 134 + drivers/gpu/drm/imagination/pvr_vm.h | 3 drivers/gpu/drm/nouveau/Kconfig | 2 drivers/gpu/drm/nouveau/nouveau_drm.c | 10 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_hmm.c | 188 +- drivers/gpu/drm/xe/xe_hmm.h | 7 drivers/gpu/drm/xe/xe_pt.c | 96 - drivers/gpu/drm/xe/xe_pt_walk.c | 3 drivers/gpu/drm/xe/xe_pt_walk.h | 4 drivers/gpu/drm/xe/xe_vm.c | 100 - drivers/gpu/drm/xe/xe_vm.h | 10 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/iio/adc/ad7192.c | 2 drivers/iio/adc/at91-sama5d2_adc.c | 68 drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 drivers/iio/light/apds9306.c | 4 drivers/misc/cardreader/rtsx_usb.c | 15 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/mei/vsc-tp.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 drivers/net/ipa/data/ipa_data-v4.7.c | 18 drivers/net/mctp/mctp-i3c.c | 3 drivers/net/phy/phy.c | 43 drivers/net/phy/phy_device.c | 2 drivers/net/ppp/ppp_generic.c | 28 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 2 drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 23 drivers/nvme/host/ioctl.c | 20 drivers/nvme/host/nvme.h | 7 drivers/nvme/host/pci.c | 147 + drivers/nvme/host/tcp.c | 81 drivers/nvme/target/tcp.c | 15 drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/usb/atm/cxacru.c | 13 drivers/usb/core/hub.c | 33 drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 - drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-hub.c | 8 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 25 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/typec/ucsi/ucsi_acpi.c | 21 drivers/usb/typec/ucsi/ucsi_ccg.c | 1 drivers/usb/typec/ucsi/ucsi_glink.c | 1 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 drivers/virt/acrn/hsm.c | 6 fs/btrfs/file.c | 9 fs/btrfs/volumes.c | 1 fs/coredump.c | 15 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/exfat/file.c | 2 fs/exfat/namei.c | 2 fs/netfs/read_collect.c | 21 fs/netfs/read_pgpriv2.c | 5 fs/nfs/file.c | 3 fs/smb/client/cifsglob.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/reparse.h | 28 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2inode.c | 4 fs/smb/client/smb2ops.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/drm/drm_client_setup.h | 26 include/drm/drm_drv.h | 18 include/drm/drm_fbdev_client.h | 19 include/drm/drm_fbdev_ttm.h | 13 include/drm/drm_fourcc.h | 1 include/linux/compaction.h | 5 include/linux/ethtool.h | 23 include/linux/hugetlb.h | 4 include/linux/nvme-tcp.h | 2 include/linux/nvme.h | 1 include/linux/phy.h | 36 include/linux/phylib_stubs.h | 42 include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 15 kernel/trace/trace_probe.h | 2 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/internal.h | 5 mm/kasan/kasan_test_rust.rs | 3 mm/kmsan/hooks.c | 1 mm/memory-failure.c | 63 mm/memory.c | 21 mm/memory_hotplug.c | 26 mm/page_alloc.c | 4 mm/userfaultfd.c | 17 mm/vma.c | 12 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ethtool/cabletest.c | 8 net/ethtool/linkstate.c | 26 net/ethtool/netlink.c | 6 net/ethtool/netlink.h | 5 net/ethtool/phy.c | 2 net/ethtool/plca.c | 6 net/ethtool/pse-pd.c | 4 net/ethtool/stats.c | 18 net/ethtool/strset.c | 2 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 net/mac80211/ieee80211_i.h | 2 net/mac80211/mlme.c | 1 net/mac80211/parse.c | 164 + net/mptcp/pm_netlink.c | 18 net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 rust/Makefile | 92 - rust/bindgen_parameters | 5 rust/bindings/bindings_helper.h | 1 rust/bindings/lib.rs | 6 rust/exports.c | 1 rust/ffi.rs | 48 rust/helpers/helpers.c | 1 rust/helpers/slab.c | 6 rust/helpers/vmalloc.c | 9 rust/kernel/alloc.rs | 150 + rust/kernel/alloc/allocator.rs | 208 +- rust/kernel/alloc/allocator_test.rs | 95 + rust/kernel/alloc/box_ext.rs | 89 - rust/kernel/alloc/kbox.rs | 456 +++++ rust/kernel/alloc/kvec.rs | 913 +++++++++++ rust/kernel/alloc/layout.rs | 91 + rust/kernel/alloc/vec_ext.rs | 185 -- rust/kernel/block/mq/gen_disk.rs | 6 rust/kernel/block/mq/operations.rs | 18 rust/kernel/block/mq/raw_writer.rs | 2 rust/kernel/block/mq/tag_set.rs | 2 rust/kernel/error.rs | 82 rust/kernel/firmware.rs | 2 rust/kernel/init.rs | 127 - rust/kernel/init/__internal.rs | 13 rust/kernel/init/macros.rs | 18 rust/kernel/ioctl.rs | 2 rust/kernel/lib.rs | 5 rust/kernel/list.rs | 1 rust/kernel/list/arc_field.rs | 2 rust/kernel/net/phy.rs | 16 rust/kernel/prelude.rs | 5 rust/kernel/print.rs | 5 rust/kernel/rbtree.rs | 49 rust/kernel/std_vendor.rs | 12 rust/kernel/str.rs | 46 rust/kernel/sync/arc.rs | 25 rust/kernel/sync/arc/std_vendor.rs | 2 rust/kernel/sync/condvar.rs | 7 rust/kernel/sync/lock.rs | 8 rust/kernel/sync/lock/mutex.rs | 4 rust/kernel/sync/lock/spinlock.rs | 4 rust/kernel/sync/locked_by.rs | 2 rust/kernel/task.rs | 8 rust/kernel/time.rs | 4 rust/kernel/types.rs | 140 - rust/kernel/uaccess.rs | 48 rust/kernel/workqueue.rs | 29 rust/macros/lib.rs | 14 rust/macros/module.rs | 8 rust/uapi/lib.rs | 6 samples/rust/rust_minimal.rs | 4 samples/rust/rust_print.rs | 1 scripts/Makefile.build | 4 scripts/generate_rust_analyzer.py | 11 sound/core/seq/seq_clientmgr.c | 46 sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 107 + sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 sound/usb/usx2y/usbusx2yaudio.c | 27 tools/testing/selftests/bpf/benchs/bench_trigger.c | 3 tools/testing/selftests/bpf/bpf_util.h | 9 tools/testing/selftests/bpf/map_tests/task_storage_map.c | 3 tools/testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c | 10 tools/testing/selftests/bpf/prog_tests/core_reloc.c | 2 tools/testing/selftests/bpf/prog_tests/linked_funcs.c | 2 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c | 4 tools/testing/selftests/bpf/prog_tests/task_local_storage.c | 8 tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 2 tools/testing/selftests/damon/damon_nr_regions.py | 2 tools/testing/selftests/damon/damos_quota.py | 9 tools/testing/selftests/damon/damos_quota_goal.py | 3 tools/testing/selftests/mm/hugepage-mremap.c | 2 tools/testing/selftests/mm/ksm_functional_tests.c | 8 tools/testing/selftests/mm/memfd_secret.c | 14 tools/testing/selftests/mm/mkdirty.c | 8 tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 tools/testing/selftests/mm/uffd-common.c | 4 tools/testing/selftests/mm/uffd-stress.c | 15 tools/testing/selftests/mm/uffd-unit-tests.c | 14 usr/include/Makefile | 2 335 files changed, 6008 insertions(+), 2448 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alessio Belle (1): drm/imagination: Fix timestamps in firmware traces Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Martin (1): drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antheas Kapenekakis (1): ALSA: hda/realtek: Remove (revert) duplicate Ally X config Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (1): x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Asahi Lina (1): rust: alloc: Fix `ArrayLayout` allocations Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bartosz Golaszewski (1): gpio: vf610: use generic device_get_match_data() Benno Lossin (1): rust: alloc: introduce `ArrayLayout` Bibo Mao (4): LoongArch: Set max_pfn with the PFN of the last page LoongArch: KVM: Add interrupt checking for AVEC LoongArch: KVM: Reload guest CSR registers after sleep LoongArch: KVM: Fix GPA size issue about VM Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Brendan King (3): drm/imagination: avoid deadlock on fence release drm/imagination: Hold drm_gem_gpuva lock for unmap drm/imagination: only init job done fences once Brian Geffon (1): mm: fix finish_fault() handling for large folios Christian A. Ehrhardt (1): acpi: typec: ucsi: Introduce a ->poll_cci method Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Dan Carpenter (1): nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Danilo Krummrich (28): rust: alloc: add `Allocator` trait rust: alloc: separate `aligned_size` from `krealloc_aligned` rust: alloc: rename `KernelAllocator` to `Kmalloc` rust: alloc: implement `ReallocFunc` rust: alloc: make `allocator` module public rust: alloc: implement `Allocator` for `Kmalloc` rust: alloc: add module `allocator_test` rust: alloc: implement `Vmalloc` allocator rust: alloc: implement `KVmalloc` allocator rust: alloc: add __GFP_NOWARN to `Flags` rust: alloc: implement kernel `Box` rust: treewide: switch to our kernel `Box` type rust: alloc: remove extension of std's `Box` rust: alloc: add `Box` to prelude rust: alloc: implement kernel `Vec` type rust: alloc: implement `IntoIterator` for `Vec` rust: alloc: implement `collect` for `IntoIter` rust: treewide: switch to the kernel `Vec` type rust: alloc: remove `VecExt` extension rust: alloc: add `Vec` to prelude rust: error: use `core::alloc::LayoutError` rust: error: check for config `test` in `Error::name` rust: alloc: implement `contains` for `Flags` rust: alloc: implement `Cmalloc` in module allocator_test rust: str: test: replace `alloc::format` rust: alloc: update module comment of alloc.rs kbuild: rust: remove the `alloc` crate and `GlobalAlloc` MAINTAINERS: add entry for the Rust `alloc` module Dave Airlie (1): drm/nouveau: select FW caching Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't try to talk to a dead firmware Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Eric Sandeen (1): exfat: short-circuit zero-byte writes in exfat_file_write_iter Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Ethan D. Twardy (1): rust: kbuild: expand rusttest target for macros Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Filipe Xavier (2): rust: error: make conversion functions public rust: error: optimize error type to use nonzero Gabriel Krisman Bertazi (1): Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Gary Guo (4): rust: fix size_t in bindgen prototypes of C builtins rust: map `__kernel_size_t` and friends also to usize/isize rust: use custom FFI integer types rust: map `long` to `isize` and `char` to `u8` Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.12.19 Hans de Goede (1): mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): btrfs: fix a leaked chunk map issue in read_one_chunk() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Ilan Peer (4): wifi: iwlwifi: Free pages allocated when failing to build A-MSDU wifi: iwlwifi: Fix A-MSDU TSO preparation wifi: mac80211: Support parsing EPCS ML element wifi: iwlwifi: pcie: Fix TSO preparation Imre Deak (1): drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jakub Kicinski (1): net: ethtool: plumb PHY stats to PHY drivers Jani Nikula (1): drm/i915/dsi: convert to struct intel_display Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: apds9306: fix max_scale_nano values Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johan Korsnes (1): gpio: vf610: add locking to gpio direction functions Johannes Berg (4): wifi: iwlwifi: mvm: clean up ROC on failure wifi: iwlwifi: limit printed string from FW file wifi: mac80211: fix MLE non-inheritance parsing wifi: mac80211: fix vendor-specific inheritance John Hubbard (1): Revert "selftests/mm: remove local __NR_* definitions" Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Kees Cook (1): coredump: Only sort VMAs when core_sort_vma sysctl is set Keith Busch (3): nvme-pci: add support for sgl metadata nvme-pci: use sgls for all user requests if possible nvme-ioctl: fix leaked requests on mapping error Kenneth Feng (1): drm/amd/pm: always allow ih interrupt from fw Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Kumar Kartikeya Dwivedi (1): selftests/bpf: Clean up open-coded gettid syscall invocations Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Lorenzo Stoakes (1): mm: abort vma_modify() on merge out of memory failure Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Ma Wupeng (3): mm: memory-failure: update ttu flag inside unmap_poisoned_folio hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio mm: memory-hotplug: check folio ref count first in do_migrate_range Maarten Lankhorst (1): drm/xe: Remove double pageflip Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marc Zyngier (1): xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Markus Burri (1): iio: adc: ad7192: fix channel select Masami Hiramatsu (Google) (3): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: tprobe-events: Reject invalid tracepoint name tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Matt Johnston (1): mctp i3c: handle NULL header address Matthew Auld (1): drm/xe/userptr: properly setup pfn_flags_mask Matthew Brost (1): drm/xe: Add staging tree for VM binds Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maurizio Lombardi (3): nvme-tcp: add basic support for the C2HTermReq PDU nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme-tcp: Fix a C2HTermReq error message Max Kellermann (2): fs/netfs/read_pgpriv2: skip folio queues without `marks3` fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Maxime Chevallier (1): net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Miguel Ojeda (19): rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]` rust: sort global Rust flags rust: types: avoid repetition in `{As,From}Bytes` impls rust: enable `clippy::undocumented_unsafe_blocks` lint rust: enable `clippy::unnecessary_safety_comment` lint rust: enable `clippy::unnecessary_safety_doc` lint rust: enable `clippy::ignored_unit_patterns` lint rust: enable `rustdoc::unescaped_backticks` lint rust: init: remove unneeded `#[allow(clippy::disallowed_names)]` rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]` rust: introduce `.clippy.toml` rust: replace `clippy::dbg_macro` with `disallowed_macros` rust: provide proper code documentation titles rust: enable Clippy's `check-private-items` Documentation: rust: add coding guidelines on lints rust: start using the `#[expect(...)]` attribute Documentation: rust: discuss `#[expect(...)]` in the guidelines rust: finish using custom FFI integer types docs: rust: remove spurious item in `expect` list Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Oleksij Rempel (1): ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pali Rohár (1): cifs: Remove symlink member from cifs_open_info_data union Paolo Bonzini (1): KVM: e500: always restore irqs Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (2): loongarch: Use ASM_REACHABLE perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (2): stmmac: loongson: Pass correct arg to PCI function drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Qu Wenruo (1): btrfs: fix data overwriting bug during buffered write when block size < page size Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (7): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: SVM: Save host DR masks on CPUs with DebugSwap KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules SeongJae Park (4): selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced selftests/damon/damos_quota: make real expectation of quota exceeds selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Steve French (1): smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Suren Baghdasaryan (1): userfaultfd: do not block on locking a large folio with raised refcount Takashi Iwai (1): ALSA: seq: Avoid module auto-load handling at event delivery Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Böhler (7): drm/panic: avoid reimplementing Iterator::find drm/panic: remove unnecessary borrow in alignment_pattern drm/panic: prefer eliding lifetimes drm/panic: remove redundant field when assigning value drm/panic: correctly indent continuation of line in list item drm/panic: allow verbose boolean for clarity drm/panic: allow verbose version check Thomas Hellström (6): drm/xe/hmm: Style- and include fixes drm/xe/hmm: Don't dereference struct page pointers without notifier lock drm/xe/vm: Fix a misplaced #endif drm/xe/vm: Validate userptr during gpu vma prefetching drm/xe: Fix fault mode invalidation with unbind drm/xe/userptr: Unmap userptrs in the mmu notifier Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (5): drm/fbdev-helper: Move color-mode lookup into 4CC format helper drm/fbdev: Add memory-agnostic fbdev client drm: Add client-agnostic setup helper drm/fbdev-ttm: Support struct drm_driver.fbdev_probe drm/nouveau: Run DRM default client setup Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tvrtko Ursulin (1): drm/xe: Fix GT "for each engine" workarounds Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Ville Syrjälä (2): drm/i915/color: Extract intel_color_modeset() drm/i915: Plumb 'dsb' all way to the plane hooks Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuezhang Mo (1): exfat: fix just enough dentries but allocate a new cluster to dir Yutaro Ohno (1): rust: block: fix formatting in GenDisk doc Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (2): HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

6 months

1
1
0 0

Linux 6.6.83

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.83 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 1 arch/arm64/include/asm/hugetlb.h | 4 arch/arm64/mm/hugetlbpage.c | 61 ++--- arch/loongarch/include/asm/hugetlb.h | 6 arch/loongarch/kernel/machine_kexec.c | 4 arch/loongarch/kernel/setup.c | 3 arch/loongarch/kernel/smp.c | 47 +++- arch/mips/include/asm/hugetlb.h | 6 arch/parisc/include/asm/hugetlb.h | 2 arch/parisc/mm/hugetlbpage.c | 2 arch/powerpc/include/asm/hugetlb.h | 6 arch/powerpc/kvm/e500_mmu_host.c | 21 + arch/riscv/include/asm/cpufeature.h | 1 arch/riscv/include/asm/csr.h | 3 arch/riscv/include/asm/hugetlb.h | 3 arch/riscv/include/asm/hwcap.h | 16 + arch/riscv/kernel/cacheinfo.c | 54 +++- arch/riscv/kernel/cpufeature.c | 6 arch/riscv/kernel/setup.c | 6 arch/riscv/kernel/smpboot.c | 4 arch/riscv/mm/hugetlbpage.c | 2 arch/s390/include/asm/hugetlb.h | 17 + arch/s390/kernel/traps.c | 6 arch/s390/mm/hugetlbpage.c | 4 arch/sparc/include/asm/hugetlb.h | 2 arch/sparc/mm/hugetlbpage.c | 2 arch/x86/boot/compressed/acpi.c | 14 - arch/x86/boot/compressed/cmdline.c | 4 arch/x86/boot/compressed/ident_map_64.c | 7 arch/x86/boot/compressed/kaslr.c | 26 +- arch/x86/boot/compressed/mem.c | 6 arch/x86/boot/compressed/misc.c | 26 +- arch/x86/boot/compressed/misc.h | 1 arch/x86/boot/compressed/pgtable_64.c | 11 arch/x86/boot/compressed/sev.c | 2 arch/x86/include/asm/boot.h | 2 arch/x86/include/asm/spec-ctrl.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 +++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/svm/svm.c | 21 + arch/x86/kvm/svm/svm.h | 2 arch/x86/mm/init.c | 23 + block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/cdx/cdx.c | 6 drivers/char/misc.c | 2 drivers/firmware/efi/libstub/x86-stub.c | 2 drivers/firmware/efi/libstub/x86-stub.h | 2 drivers/firmware/efi/mokvar-table.c | 42 +-- drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/i915/display/icl_dsi.c | 4 drivers/gpu/drm/i915/display/intel_ddi.c | 46 +++ drivers/gpu/drm/i915/i915_reg.h | 4 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-steam.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++--- drivers/hwmon/peci/dimmtemp.c | 10 drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/at91-sama5d2_adc.c | 68 +++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 - drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/dsa/mt7530.c | 8 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/enetc/enetc.c | 25 +- drivers/net/ethernet/freescale/enetc/enetc.h | 9 drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 27 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 21 + drivers/net/ipa/data/ipa_data-v4.7.c | 18 - drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/slimbus/messaging.c | 5 drivers/spi/spi-mxs.c | 3 drivers/usb/atm/cxacru.c | 13 - drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 ++++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 + drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 - drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 15 - drivers/virt/acrn/hsm.c | 6 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/nfs/direct.c | 19 + fs/nfs/file.c | 3 fs/smb/client/inode.c | 4 fs/smb/server/smb2pdu.c | 8 fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 include/asm-generic/hugetlb.h | 2 include/linux/compaction.h | 5 include/linux/hugetlb.h | 4 include/linux/sched.h | 2 kernel/events/core.c | 4 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 kernel/trace/trace_fprobe.c | 2 kernel/trace/trace_probe.h | 1 mm/compaction.c | 3 mm/hugetlb.c | 4 mm/kmsan/hooks.c | 1 mm/memory.c | 6 mm/page_alloc.c | 1 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 ++-- net/mptcp/pm_netlink.c | 18 + net/sched/sch_fifo.c | 3 net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 security/integrity/ima/ima_main.c | 7 security/integrity/integrity.h | 3 sound/core/seq/seq_clientmgr.c | 46 ++- sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 99 ++++++++ sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 ++ sound/usb/usx2y/usbusx2yaudio.c | 27 -- usr/include/Makefile | 2 166 files changed, 1330 insertions(+), 707 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrei Kuchynski (1): usb: typec: ucsi: Fix NULL pointer access Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andrew Jones (1): RISC-V: Enable cbo.zero in usermode Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: Sanitize boot params before parsing command line Arnd Bergmann (2): kbuild: hdrcheck: fix cross build with clang ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bibo Mao (1): LoongArch: Set max_pfn with the PFN of the last page Borislav Petkov (AMD) (1): x86/microcode/AMD: Add some forgotten models to the SHA check Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Farouk Bouabid (1): arm64: dts: rockchip: add rs485 support on uart5 of px30-ringneck-haikou Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Gal Pressman (1): net: enetc: Remove setting of RX software timestamp Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.6.83 Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (4): Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Huacai Chen (1): LoongArch: Use polling play_dead() when resuming from hibernation Imre Deak (2): drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Lorenzo Bianconi (1): net: dsa: mt7530: Fix traffic flooding for MMIO devices Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Luca Weiss (3): net: ipa: Fix v4.7 resource group names net: ipa: Fix QSB data for v4.7 net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Lucas De Marchi (1): drm/i915/xe2lpd: Move D2D enable/disable Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Martyn Welch (1): net: enetc: Replace ifdef with IS_ENABLED Masami Hiramatsu (Google) (2): tracing: tprobe-events: Fix a memory leak when tprobe with $retval tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Snitzer (1): NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Miquel Sabaté Solà (1): riscv: Prevent a bad reference count on CPU nodes Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (5): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix out-of-bounds in parse_sec_desc() ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nick Child (2): ibmvnic: Perform tx CSO during send scrq direct ibmvnic: Inspect header requirements before using scrq direct Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Paul Fertser (1): hwmon: (peci/dimmtemp) Do not provide fake thresholds data Paulo Alcantara (1): smb: client: fix chmod(2) regression with ATTR_READONLY Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Peter Zijlstra (1): perf/core: Fix pmus_lock vs. pmus_srcu ordering Philipp Stanner (1): drm/sched: Fix preprocessor guard Prashanth K (3): usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Qiu-ji Chen (1): cdx: Fix possible UAF error in driver_override_show() Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (1): riscv: cacheinfo: Use of_property_present() for non-boolean properties Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roberto Sassu (1): ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ryan Roberts (3): mm: don't skip arch_sync_kernel_mappings() in error paths mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Samuel Holland (1): riscv: Fix enabling cbo.zero when running in M-mode Sean Christopherson (2): KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules Takashi Iwai (1): ALSA: seq: Avoid module auto-load handling at event delivery Thadeu Lima de Souza Cascardo (1): char: misc: deallocate static minor in error path Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Trond Myklebust (1): NFS: O_DIRECT writes must check and adjust the file length Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Vicki Pfau (1): HID: hid-steam: Fix use-after-free when detaching device Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (1): x86/speculation: Add __update_spec_ctrl() helper Wei Fang (1): net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoyao Li (1): KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yong-Xuan Wang (1): riscv: signal: fix signal_minsigstksz Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yunhui Cui (2): riscv: cacheinfo: remove the useless input parameter (node) of ci_leaf_init() riscv: cacheinfo: initialize cacheinfo's level and type from ACPI PPTT Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

6 months

1
1
0 0

Linux 6.1.131

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.131 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 arch/loongarch/kernel/machine_kexec.c | 4 arch/powerpc/kvm/e500_mmu_host.c | 21 + arch/s390/kernel/traps.c | 6 arch/x86/include/asm/spec-ctrl.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/bugs.c | 2 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/intel.c | 52 +++- arch/x86/kernel/cpu/sgx/ioctl.c | 7 arch/x86/kvm/svm/svm.c | 12 + arch/x86/kvm/svm/svm.h | 2 arch/x86/mm/init.c | 23 + block/partitions/efi.c | 2 drivers/base/core.c | 1 drivers/block/ublk_drv.c | 7 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/gpio/gpio-aggregator.c | 20 + drivers/gpio/gpio-rcar.c | 31 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 + drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 ++--- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 + drivers/idle/intel_idle.c | 4 drivers/iio/adc/at91-sama5d2_adc.c | 68 +++-- drivers/iio/dac/ad3552r.c | 6 drivers/iio/filter/admv8818.c | 14 - drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c | 6 drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/caif/caif_virtio.c | 2 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 21 + drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/nvme/target/tcp.c | 15 - drivers/of/of_reserved_mem.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/slimbus/messaging.c | 5 drivers/spi/spi-mxs.c | 3 drivers/usb/atm/cxacru.c | 13 - drivers/usb/core/hub.c | 33 ++ drivers/usb/core/quirks.c | 4 drivers/usb/dwc3/core.c | 85 ++++--- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 10 drivers/usb/gadget/composite.c | 17 + drivers/usb/host/xhci-mem.c | 3 drivers/usb/host/xhci-pci.c | 18 - drivers/usb/host/xhci.h | 2 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/virt/acrn/hsm.c | 6 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/nilfs2/dir.c | 24 -- fs/nilfs2/namei.c | 37 +-- fs/nilfs2/nilfs.h | 10 fs/ntfs3/record.c | 3 fs/smb/server/smb2pdu.c | 8 fs/smb/server/transport_ipc.c | 1 kernel/events/uprobes.c | 2 kernel/sched/fair.c | 6 mm/kmsan/hooks.c | 1 mm/memory.c | 6 mm/page_alloc.c | 1 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/bluetooth/mgmt.c | 5 net/ipv4/tcp_offload.c | 11 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/llc/llc_s_ac.c | 49 ++-- net/mptcp/pm_netlink.c | 18 + net/vmw_vsock/af_vsock.c | 77 ++++-- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 sound/pci/hda/Kconfig | 1 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_realtek.c | 99 ++++++++ sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 ++ sound/usb/usx2y/usbusx2yaudio.c | 27 -- 106 files changed, 968 insertions(+), 506 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Usyskin (1): mei: me: add panther lake P DID Andrew Cooper (1): x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Angelo Dureghello (1): iio: dac: ad3552r: clear reset status flag AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Arnd Bergmann (1): ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Claudiu Beznea (3): usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Eric Dumazet (1): llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (1): usb: typec: ucsi: increase timeout for PPM reset operations Greg Kroah-Hartman (5): Revert "KVM: e500: always restore irqs" Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Linux 6.1.131 Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (4): Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Heiko Carstens (1): s390/traps: Fix test_monitor_call() inline assembly Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Irui Wang (1): media: mediatek: vcodec: Handle invalid decoder vsi Jarkko Sakkinen (1): x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jiri Olsa (1): uprobes: Fix race in uprobe_free_utask Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform ALSA: hda/realtek: update ALC222 depop optimize Koichiro Den (1): gpio: aggregator: protect driver attr handlers against module unload Konstantin Komarov (1): fs/ntfs3: Add rough attr alloc_size check Krister Johansen (1): mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Luca Ceresoli (1): drivers: core: fix device leak in __fw_devlink_relax_cycles() Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michal Luczaj (3): bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (1): usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (4): ksmbd: fix type confusion via race condition when using ipc_msg_send_request ksmbd: fix use-after-free in smb2_lock ksmbd: fix bug on trap in smb2_lock exfat: fix soft lockup in exfat_clear_bitmap Nayab Sayed (1): iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Nick Child (2): ibmvnic: Perform tx CSO during send scrq direct ibmvnic: Inspect header requirements before using scrq direct Nikita Zhandarovich (2): wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Zijlstra (1): cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS Philipp Stanner (1): drm/sched: Fix preprocessor guard Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Ryan Roberts (1): mm: don't skip arch_sync_kernel_mappings() in error paths Ryusuke Konishi (3): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Salah Triki (1): bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Sam Winchenbach (1): iio: filter: admv8818: Force initialization of SDO Sean Christopherson (1): KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Sebastian Andrzej Siewior (1): dma: kmsan: export kmsan_handle_dma() for modules Thinh Nguyen (1): usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Weißschuh (1): kbuild: userprogs: use correct lld when linking through clang Tiezhu Yang (1): LoongArch: Convert unreachable() to BUG() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Tuo Li (1): scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Uday Shankar (1): ublk: set_params: properly check if parameters can be applied Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (1): x86/speculation: Add __update_spec_ctrl() helper Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

6 months

1
1
0 0

Linux 5.15.179

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.179 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/dev-tools/kfence.rst | 12 Documentation/devicetree/bindings/connector/usb-connector.yaml | 3 Documentation/devicetree/bindings/display/brcm,bcm2711-hdmi.yaml | 3 Documentation/devicetree/bindings/display/bridge/adi,adv7511.yaml | 5 Documentation/devicetree/bindings/display/bridge/synopsys,dw-hdmi.yaml | 5 Documentation/devicetree/bindings/display/panel/display-timings.yaml | 3 Documentation/devicetree/bindings/display/ste,mcde.yaml | 4 Documentation/devicetree/bindings/input/adc-joystick.yaml | 9 Documentation/devicetree/bindings/leds/cznic,turris-omnia-leds.yaml | 5 Documentation/devicetree/bindings/leds/leds-class-multicolor.yaml | 32 - Documentation/devicetree/bindings/leds/leds-lp50xx.yaml | 5 Documentation/devicetree/bindings/leds/leds-pwm-multicolor.yaml | 78 +++ Documentation/devicetree/bindings/leds/leds-qcom-lpg.yaml | 175 +++++++ Documentation/devicetree/bindings/mfd/google,cros-ec.yaml | 12 Documentation/devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Documentation/devicetree/bindings/mtd/rockchip,nand-controller.yaml | 3 Documentation/devicetree/bindings/net/ti,cpsw-switch.yaml | 3 Documentation/devicetree/bindings/phy/phy-stm32-usbphyc.yaml | 3 Documentation/devicetree/bindings/power/supply/sbs,sbs-manager.yaml | 4 Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml | 6 Documentation/devicetree/bindings/remoteproc/ti,k3-r5f-rproc.yaml | 3 Documentation/devicetree/bindings/soc/ti/ti,pruss.yaml | 15 Documentation/devicetree/bindings/sound/st,stm32-sai.yaml | 3 Documentation/devicetree/bindings/sound/tlv320adcx140.yaml | 13 Documentation/devicetree/bindings/spi/spi-controller.yaml | 69 --- Documentation/devicetree/bindings/spi/spi-peripheral-props.yaml | 87 +++ Documentation/devicetree/bindings/usb/st,stusb160x.yaml | 4 Documentation/kbuild/kconfig.rst | 9 Makefile | 7 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/dra7-l4.dtsi | 2 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm/mach-at91/pm.c | 31 - arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8516.dtsi | 38 - arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 arch/arm64/boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/include/asm/mman.h | 9 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/mips/loongson64/boardinfo.c | 2 arch/mips/math-emu/cp1emu.c | 2 arch/mips/mm/init.c | 2 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/powerpc/platforms/pseries/svm.c | 3 arch/s390/include/asm/futex.h | 2 arch/s390/kernel/smp.c | 2 arch/s390/kernel/traps.c | 6 arch/s390/kvm/vsie.c | 25 - arch/x86/Kconfig | 3 arch/x86/boot/compressed/Makefile | 1 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/mmu.h | 2 arch/x86/include/asm/mmu_context.h | 1 arch/x86/include/asm/msr-index.h | 3 arch/x86/include/asm/tlbflush.h | 1 arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/cpu/bugs.c | 20 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/cpu/sgx/encl.c | 108 +++- arch/x86/kernel/cpu/sgx/encl.h | 8 arch/x86/kernel/cpu/sgx/ioctl.c | 17 arch/x86/kernel/cpu/sgx/main.c | 31 - arch/x86/kernel/i8253.c | 11 arch/x86/kernel/static_call.c | 1 arch/x86/kvm/hyperv.c | 6 arch/x86/mm/init.c | 23 - arch/x86/mm/tlb.c | 35 + arch/x86/xen/mmu_pv.c | 79 ++- arch/x86/xen/p2m.c | 2 arch/x86/xen/xen-head.S | 5 block/Kconfig | 12 block/bdev.c | 9 block/blk-cgroup.c | 1 block/genhd.c | 28 + block/partitions/efi.c | 2 block/partitions/ldm.h | 2 block/partitions/mac.c | 18 crypto/testmgr.h | 227 +++++++-- drivers/acpi/apei/ghes.c | 10 drivers/acpi/fan.c | 10 drivers/base/arch_numa.c | 2 drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/bus/mhi/host/pci_generic.c | 5 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/tpm/eventlog/acpi.c | 16 drivers/char/tpm/eventlog/efi.c | 13 drivers/char/tpm/eventlog/of.c | 3 drivers/char/tpm/tpm-chip.c | 1 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/gcc-mdm9607.c | 2 drivers/clk/qcom/gcc-sm6350.c | 22 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/clocksource/i8253.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 + drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/hisilicon/sec2/sec.h | 3 drivers/crypto/hisilicon/sec2/sec_crypto.c | 182 +++---- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 drivers/crypto/ixp4xx_crypto.c | 3 drivers/crypto/qce/aead.c | 2 drivers/crypto/qce/core.c | 13 drivers/crypto/qce/sha.c | 2 drivers/crypto/qce/skcipher.c | 2 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/efi/sysfb_efi.c | 2 drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-bcm-kona.c | 71 ++- drivers/gpio/gpio-mxc.c | 3 drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-rcar.c | 31 - drivers/gpio/gpio-stmpe.c | 15 drivers/gpio/gpio-xilinx.c | 33 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/drm_dp_cec.c | 14 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_probe_helper.c | 116 +++-- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/gpu/drm/v3d/v3d_perfmon.c | 5 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-core.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-multitouch.c | 7 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hid/wacom_wac.c | 5 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 +- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/i2c/i2c-core-acpi.c | 22 drivers/idle/intel_idle.c | 4 drivers/iio/light/as73211.c | 24 - drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 6 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/devx.c | 1 drivers/infiniband/hw/mlx5/mr.c | 16 drivers/infiniband/hw/mlx5/odp.c | 61 +- drivers/infiniband/hw/mlx5/qp.c | 4 drivers/leds/leds-lp8860.c | 2 drivers/leds/leds-netxbig.c | 1 drivers/md/Kconfig | 4 drivers/md/dm-crypt.c | 27 - drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ccs/ccs-data.c | 14 drivers/media/i2c/imx412.c | 42 - drivers/media/i2c/ov5640.c | 1 drivers/media/i2c/ov9282.c | 2 drivers/media/platform/exynos4-is/mipi-csis.c | 10 drivers/media/platform/imx-jpeg/mxc-jpeg.c | 7 drivers/media/platform/marvell-ccic/mcam-core.c | 7 drivers/media/platform/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 drivers/media/usb/uvc/uvc_ctrl.c | 139 +++++- drivers/media/usb/uvc/uvc_driver.c | 105 ++-- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/usb/uvc/uvc_v4l2.c | 4 drivers/media/usb/uvc/uvcvideo.h | 20 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/memory/jedec_ddr.h | 47 ++ drivers/memory/jedec_ddr_data.c | 41 + drivers/memory/of_memory.c | 87 +++ drivers/memory/of_memory.h | 9 drivers/memory/tegra/Kconfig | 1 drivers/memory/tegra/tegra20-emc.c | 203 ++++++++ drivers/mfd/lpc_ich.c | 3 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-msm.c | 53 ++ drivers/mtd/hyperbus/hbmc-am654.c | 29 - drivers/mtd/hyperbus/hyperbus-core.c | 8 drivers/mtd/hyperbus/rpc-if.c | 5 drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/nand/raw/cadence-nand-controller.c | 44 + drivers/net/caif/caif_virtio.c | 2 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/broadcom/tg3.c | 58 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++---- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/enetc/enetc.c | 69 ++- drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 - drivers/net/ethernet/mellanox/mlx5/core/mr.c | 1 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/loopback.c | 14 drivers/net/netdevsim/ipsec.c | 12 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/ppp/ppp_generic.c | 28 - drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/gl620a.c | 4 drivers/net/usb/rtl8150.c | 22 drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 42 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 67 -- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 12 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++ drivers/nvme/host/core.c | 16 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/pci.c | 4 drivers/nvme/target/tcp.c | 15 drivers/nvmem/core.c | 2 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/base.c | 8 drivers/of/of_reserved_mem.c | 3 drivers/parport/parport_pc.c | 5 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pci/endpoint/pci-epf-core.c | 1 drivers/pci/quirks.c | 1 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/acer-wmi.c | 4 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/power/supply/da9150-fg.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 ++--- drivers/ptp/ptp_chardev.c | 4 drivers/ptp/ptp_clock.c | 8 drivers/ptp/ptp_ocp.c | 2 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/regulator/of_regulator.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/s390/char/sclp_early.c | 2 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 - drivers/scsi/scsi_lib.c | 60 +- drivers/scsi/storvsc_drv.c | 1 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/slimbus/messaging.c | 5 drivers/soc/mediatek/mtk-devapc.c | 36 - drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-mxs.c | 3 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/tee/optee/supp.c | 35 - drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/sh-sci.c | 25 + drivers/tty/serial/xilinx_uartps.c | 10 drivers/usb/atm/cxacru.c | 13 drivers/usb/chipidea/ci_hdrc_imx.c | 38 - drivers/usb/class/cdc-acm.c | 28 - drivers/usb/core/hub.c | 49 ++ drivers/usb/core/quirks.c | 10 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/core.c | 115 +++-- drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/drd.c | 4 drivers/usb/dwc3/gadget.c | 47 +- drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/f_midi.c | 10 drivers/usb/gadget/function/f_tcm.c | 66 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 18 drivers/usb/host/xhci-ring.c | 12 drivers/usb/host/xhci.c | 23 - drivers/usb/host/xhci.h | 11 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci.c | 13 drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/tcpm/tcpm.c | 10 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/vdpa/mlx5/core/resources.c | 1 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 drivers/virt/acrn/hsm.c | 6 fs/afs/cell.c | 1 fs/afs/dir.c | 7 fs/afs/internal.h | 23 - fs/afs/server.c | 1 fs/afs/server_list.c | 114 ++++ fs/afs/vl_alias.c | 2 fs/afs/volume.c | 40 - fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/binfmt_flat.c | 2 fs/btrfs/file.c | 6 fs/btrfs/inode.c | 4 fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/cifs/smb2ops.c | 4 fs/exfat/balloc.c | 10 fs/exfat/exfat_fs.h | 2 fs/exfat/fatent.c | 11 fs/f2fs/dir.c | 53 +- fs/f2fs/f2fs.h | 6 fs/f2fs/file.c | 13 fs/f2fs/inline.c | 5 fs/file_table.c | 47 +- fs/inode.c | 39 + fs/ksmbd/transport_ipc.c | 9 fs/nfs/flexfilelayout/flexfilelayout.c | 27 - fs/nfs/nfs42proc.c | 2 fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 8 fs/nilfs2/dir.c | 24 - fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/nilfs2/page.c | 55 +- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 - fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/overlayfs/copy_up.c | 44 + fs/overlayfs/dir.c | 100 ++-- fs/overlayfs/inode.c | 17 fs/overlayfs/namei.c | 6 fs/overlayfs/overlayfs.h | 92 ++-- fs/overlayfs/readdir.c | 32 - fs/overlayfs/super.c | 40 - fs/overlayfs/util.c | 18 fs/proc/proc_sysctl.c | 3 fs/pstore/blk.c | 4 fs/select.c | 4 fs/squashfs/inode.c | 5 fs/ubifs/debug.c | 22 fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_qm_bhv.c | 41 + fs/xfs/xfs_super.c | 11 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_probe_helper.h | 1 include/linux/cgroup-defs.h | 6 include/linux/efi.h | 1 include/linux/fs.h | 6 include/linux/i8253.h | 1 include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/memblock.h | 12 include/linux/mlx5/driver.h | 2 include/linux/mtd/hyperbus.h | 4 include/linux/netdevice.h | 8 include/linux/pci_ids.h | 4 include/linux/pps_kernel.h | 3 include/linux/sched.h | 4 include/linux/sched/sysctl.h | 14 include/linux/sched/task.h | 1 include/linux/sysctl.h | 6 include/linux/usb/hcd.h | 5 include/linux/usb/tcpm.h | 3 include/net/dst.h | 9 include/net/flow_dissector.h | 16 include/net/flow_offload.h | 6 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/net/netns/ipv4.h | 3 include/net/route.h | 9 include/trace/events/oom.h | 36 + include/uapi/linux/input-event-codes.h | 1 include/uapi/linux/seg6_iptunnel.h | 2 kernel/acct.c | 134 +++-- kernel/bpf/syscall.c | 18 kernel/cgroup/cgroup.c | 20 kernel/debug/kdb/kdb_io.c | 2 kernel/dma/swiotlb.c | 2 kernel/events/core.c | 17 kernel/hung_task.c | 81 +++ kernel/irq/internals.h | 9 kernel/padata.c | 45 + kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 10 kernel/sched/cpufreq_schedutil.c | 4 kernel/sched/fair.c | 23 - kernel/sched/stats.h | 22 kernel/sysctl.c | 146 ------ kernel/time/clocksource.c | 11 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 27 - lib/Kconfig.debug | 8 lib/Kconfig.kfence | 12 lib/cpumask.c | 2 mm/kfence/core.c | 51 ++ mm/memcontrol.c | 7 mm/memory.c | 6 mm/oom_kill.c | 14 mm/page_alloc.c | 1 mm/percpu.c | 8 mm/sparse.c | 2 mm/vmalloc.c | 4 net/8021q/vlan.c | 3 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 123 +++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/bluetooth/l2cap_core.c | 9 net/bluetooth/l2cap_sock.c | 7 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/dev.c | 37 + net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/flow_offload.c | 7 net/core/neighbour.c | 11 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 5 net/ethtool/netlink.c | 2 net/hsr/hsr_forward.c | 7 net/ipv4/arp.c | 6 net/ipv4/devinet.c | 3 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 102 +++- net/ipv4/tcp_cubic.c | 8 net/ipv4/tcp_minisocks.c | 10 net/ipv4/tcp_offload.c | 11 net/ipv4/udp.c | 4 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/ipv6/mcast.c | 14 net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 62 +- net/ipv6/seg6_iptunnel.c | 227 ++++++++- net/ipv6/udp.c | 4 net/llc/llc_s_ac.c | 49 +- net/mptcp/options.c | 13 net/mptcp/pm_netlink.c | 6 net/mptcp/protocol.c | 1 net/mptcp/protocol.h | 30 - net/ncsi/internal.h | 2 net/ncsi/ncsi-cmd.c | 3 net/ncsi/ncsi-manage.c | 38 + net/ncsi/ncsi-pkt.h | 10 net/ncsi/ncsi-rsp.c | 58 +- net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_flow_offload.c | 16 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 40 + net/rose/rose_timer.c | 15 net/sched/cls_flower.c | 8 net/sched/sch_api.c | 4 net/sched/sch_cake.c | 140 +++--- net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 - net/smc/smc_rx.h | 8 net/sunrpc/cache.c | 10 net/tipc/crypto.c | 4 net/vmw_vsock/af_vsock.c | 82 ++- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 samples/landlock/sandboxer.c | 7 scripts/Makefile.extrawarn | 5 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 scripts/kconfig/conf.c | 6 scripts/kconfig/confdata.c | 102 ++-- scripts/kconfig/lkc_proto.h | 2 scripts/kconfig/symbol.c | 10 security/landlock/fs.c | 86 +-- security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_realtek.c | 78 +++ sound/soc/codecs/es8328.c | 15 sound/soc/intel/boards/bytcr_rt5640.c | 17 sound/soc/sh/rz-ssi.c | 5 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/midi.c | 2 sound/usb/quirks.c | 3 sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/bootconfig/main.c | 4 tools/lib/bpf/linker.c | 22 tools/perf/bench/epoll-wait.c | 7 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/bpf-event.c | 10 tools/perf/util/env.c | 13 tools/perf/util/env.h | 4 tools/perf/util/header.c | 8 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/landlock/fs_test.c | 3 tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/pmtu.sh | 229 +++++++++- tools/testing/selftests/net/rtnetlink.sh | 4 tools/testing/selftests/net/udpgso.c | 26 + 607 files changed, 6983 insertions(+), 3348 deletions(-) Aharon Landau (1): RDMA/mlx5: Remove iova from struct mlx5_core_mkey Ahmad Fatoum (1): gpio: mxc: remove dead code after switch to DT-only Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Stein (1): usb: chipidea: ci_hdrc_imx: use dev_err_probe() Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alexander Usyskin (1): mei: me: add panther lake P DID Amir Goldstein (1): ovl: use wrappers to all vfs_*xattr() calls Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andrea Mayer (2): seg6: add support for SRv6 H.Encaps.Red behavior seg6: add support for SRv6 H.L2Encaps.Red behavior Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Andy Strohman (1): batman-adv: fix panic during interface removal AngeloGioacchino Del Regno (2): soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (2): net: avoid race between device unregistration and ethnl ops net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): efi: Avoid cold plugged memory for placing the kernel vmlinux.lds: Ensure that const vars with relocations are mapped R/O Armin Wolf (1): platform/x86: acer-wmi: Ignore AC events Arnaldo Carvalho de Melo (1): perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Arnd Bergmann (2): media: cxd2841er: fix 64-bit division on gcc-9 sunrpc: suppress warnings for unused procfs functions Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Badhri Jagan Sridharan (1): usb: dwc3: gadget: Prevent irq storm when TH re-executes Bartosz Golaszewski (3): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path gpio: xilinx: remove excess kernel doc Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Bjorn Andersson (1): dt-bindings: leds: Add Qualcomm Light Pulse Generator binding Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Caleb Sander Mateos (1): nvme/ioctl: add missing space in err message Calvin Owens (1): pps: Fix a use-after-free Carlos Galo (1): mm: update mark_victim tracepoints fields Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chao Yu (1): f2fs: fix to wait dio completion Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (4): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (7): regulator: dt-bindings: mt6315: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings arm64: dts: mediatek: mt8183: Disable DSI display output by default Chenghai Huang (1): crypto: hisilicon/sec2 - optimize the error return process Chengming Zhou (1): sched/psi: Use task->psi_flags to clear in CPU migration Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Brauner (3): acct: perform last write from workqueue acct: block access to kernel internal filesystems ovl: pass ofs to creation operations Christian Gmeiner (1): drm/v3d: Stop active perfmon if it is being destroyed Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Christoph Hellwig (2): block: deprecate autoloading based on dev_t scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command() Christophe Leroy (3): select: Fix unbalanced user_access_end() powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (6): ASoC: renesas: rz-ssi: Use only the proper amount of dividers serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Colin Ian King (1): afs: remove variable nr_servers Cong Wang (3): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Cosmin Tanislav (1): media: mc: fix endpoint iteration Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (7): rdma/cxgb4: Prevent potential integer overflow on 32bit tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() media: imx-jpeg: Fix potential error pointer dereference in detach_pm() ksmbd: fix integer overflows on 32 bit systems ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Lee (1): f2fs: Introduce linear search for dentries Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle Darrick J. Wong (2): xfs: report realtime block quota limits on realtime directories xfs: don't over-report free space or inodes in statvfs Dave Stevenson (1): media: i2c: ov9282: Correct the exposure offset David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (5): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call afs: Make it possible to find the volumes that are using a server afs: Fix the server_list to unuse a displaced server rather than putting it David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (4): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: cfg80211: adjust allocation of colocated AP data wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (6): arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: sc7280: correct sleep clock frequency arm64: dts: qcom: sm6125: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Osipenko (3): memory: Add LPDDR2-info helpers memory: tegra20-emc: Support matching timings by LPDDR2 configuration memory: tegra20-emc: Correct memory device mask Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Eddie James (1): tpm: Use managed allocation for bios event log Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Ekansh Gupta (1): misc: fastrpc: Fix registered buffer page address Elson Roy Serrao (1): usb: roles: set switch registered flag early on Eric Biggers (1): crypto: qce - fix priority to be less than ARMv8 CE Eric Dumazet (20): ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() team: better TEAM_OPTION_TYPE_STRING validation ipv4: add RCU protection to ip4_dst_hoplimit() net: add dev_net_rcu() helper ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in __ip_rt_update_pmtu() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() ipv6: mcast: add RCU protection to mld_newpack() llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Eugen Hristev (1): pstore/blk: trivial typo fixes Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabien Parent (1): arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (3): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection usb: typec: ucsi: increase timeout for PPM reset operations Filipe Manana (3): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: fix hole expansion when writing at an offset beyond EOF btrfs: avoid monopolizing a core when activating a swap file Florian Westphal (1): netfilter: nft_flow_offload: update tcp state flags under lock Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Geert Uytterhoeven (1): dt-bindings: leds: class-multicolor: Fix path to color definitions Georg Gottleuber (2): nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 5.15.179 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guillaume Nault (1): selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (2): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao Zhang (1): mm/page_alloc: fix uninitialized variable Hao-ran Zheng (1): btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Haoxiang Li (5): drm/komeda: Add check for komeda_get_layer_fourcc_list() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Haoyu Li (1): drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Hardik Gajjar (1): usb: xhci: Add timeout argument in address_device USB HCD callback Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. He Lugang (1): HID: multitouch: Add support for lenovo Y9000P Touchpad He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/traps: Fix test_monitor_call() inline assembly Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Howard Chu (1): perf trace: Fix runtime error of index out of bounds Hsin-Te Yuan (2): arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Yi Wang (1): arm64: dts: mt8183: set DMIC one-wire mode on Damu Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Ignat Korchagin (2): crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - some more fixes to RSA test vectors Ilan Peer (1): wifi: cfg80211: Handle specific BSSID in 6GHz scanning Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Koschel (1): rtlwifi: replace usage of found with dedicated list iterator variable Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (2): net: netdevsim: try to close UDP port harness races net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Sakkinen (2): tpm: Change to kvalloc() in eventlog/acpi.c x86/sgx: Fix size overflows in sgx_encl_create() Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: as73211: fix channel handling in only-color triggered buffer Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (4): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jinliang Zheng (1): fs: fix proc_handler for sysctl_nr_open Jiri Kosina (2): Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (10): ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Ogness (1): kdb: Do not assume write() callback available John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (3): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (7): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kai Ye (2): crypto: hisilicon/sec - add some comments for soft fallback crypto: hisilicon/sec - delete redundant blank lines Kailang Yang (2): ALSA: hda/realtek: Fixup ALC225 depop procedure ALSA: hda/realtek: update ALC222 depop optimize Kan Liang (1): perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Keisuke Nishimura (1): nvme: Add error check for xa_store in nvme_get_effects_log Kexy Biscuit (1): MIPS: Loongson64: remove ROM Size unit in boardinfo King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Koichiro Den (2): Revert "btrfs: avoid monopolizing a core when activating a swap file" gpio: aggregator: protect driver attr handlers against module unload Konrad Dybcio (2): arm64: dts: qcom: msm8996: Fix up USB3 interrupts arm64: dts: qcom: msm8994: Describe USB interrupts Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Karas (1): drm/i915/selftests: avoid using uninitialized context Krzysztof Kozlowski (6): dt-bindings: leds: class-multicolor: reference class directly in multi-led node arm64: dts: qcom: sm8350: Fix MPSS memory length soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path soc: mediatek: mtk-devapc: Fix leaking IO map on error paths soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kyle Tso (2): usb: dwc3: core: Defer the probe until USB power supply ready usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Lei He (2): crypto: testmgr - fix wrong key length for pkcs1pad crypto: testmgr - Fix wrong test case of RSA Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Lijo Lazar (1): drm/amd/pm: Mark MM activity as unsupported Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Luca Weiss (3): media: i2c: imx412: Add missing newline to prints clk: qcom: gcc-sm6350: Add missing parent_map for two clocks nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Luis Chamberlain (3): sysctl: share unsigned long const values fs: move inode sysctls to its own file fs: move fs stat sysctls to file_table.c Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Maarten Lankhorst (1): drm/modeset: Handle tiled displays in pan_display_atomic. Maciej S. Szmigiero (1): net: wwan: iosm: Fix hibernation by re-binding the driver around it Mahdi Arghavani (1): tcp_cubic: fix incorrect HyStart round start detection Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Glubokiy (1): net: extract port range fields from fl_flow_key Maksym Planeta (1): Grab mm lock before grabbing pt lock Manivannan Sadhasivam (1): bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Elver (2): kfence: allow use of a deferrable timer kfence: skip __GFP_THISNODE allocations on NUMA systems Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Marek Vasut (2): clk: imx8mp: Fix clkout1/2 support USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Masahiro Yamada (7): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST kconfig: require a space after '#' for valid input kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() kconfig: deduplicate code in conf_read_simple() kconfig: fix memory leak in sym_warn_unmet_dep() Mateusz Jończyk (1): mips/math-emu: fix emulation of the prefx instruction Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Matti Vaittinen (1): dt-bindings: mfd: bd71815: Fix rsense and typos Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maxime Ripard (1): drm/probe-helper: Create a HPD IRQ event helper for a single connector Mehdi Djait (1): media: ccs: Fix cleanup order in ccs_probe() Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michael Guralnik (2): RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults RDMA/mlx5: Fix indirect mkey ODP page count Michal Luczaj (4): vsock: Allow retrying on connect() failure bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (2): usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mickaël Salaün (3): landlock: Move filesystem helpers and add a new one landlock: Handle weird files selftests/landlock: Fix error message Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mike Rapoport (2): xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer memblock: drop memblock_free_early_nid() and memblock_free_early() Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Milos Reljin (1): net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Mingwei Zheng (1): spi: zynq-qspi: Add check for clk_enable() Miri Korenblit (1): wifi: iwlwifi: avoid memory leak Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Namjae Jeon (1): exfat: fix soft lockup in exfat_clear_bitmap Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 arm64: Handle .ARM.attributes section in linker scripts Neil Armstrong (2): dt-bindings: mmc: controller: clarify the address-cells description arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties NeilBrown (1): md: select BLOCK_LEGACY_AUTOLOAD Nicolas Ferre (1): ARM: at91: pm: change BU Power Switch to automatic mode Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (6): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() usbnet: gl620a: fix endpoint checking in genelink_bind() wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Niravkumar L Rabara (4): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single mtd: rawnand: cadence: fix unchecked dereference Octavian Purdila (1): team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (2): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Oliver Neukum (1): media: rc: iguanair: handle timeouts Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pablo Neira Ayuso (1): netfilter: nf_tables: reject mismatching sum of field_len with set key length Paolo Abeni (3): mptcp: consolidate suboption status mptcp: prevent excessive coalescing on receive mptcp: always handle address removal under msk socket lock Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Patrisious Haddad (1): RDMA/mlx5: Fix bind QP error cleanup flow Paul Fertser (3): net/ncsi: fix locking in Get MAC Address handling net/ncsi: wait for the last response to Deselect Package before configuring channel net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Pawel Laszczak (1): usb: hub: lack of clearing xHC resources Peiyang Wang (1): net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Peter Delevoryas (1): net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Peter Zijlstra (1): sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Philipp Stanner (1): drm/sched: Fix preprocessor guard Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Pratyush Yadav (1): spi: dt-bindings: add schema listing peripheral-specific properties Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quentin Monnet (1): libbpf: Fix segfault due to libelf functions not setting errno Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Randy Dunlap (2): partitions: ldm: remove the initial kernel-doc notation efi: sysfb_efi: fix W=1 warnings when EFI is not set Reinette Chatre (4): x86/sgx: Support loading enclave page without VMA permissions check x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() x86/sgx: Export sgx_encl_{grow,shrink}() x86/sgx: Support VA page allocation without reclaiming Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (10): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Set error_idx during ctrl_commit errors media: uvcvideo: Refactor iterators media: uvcvideo: Only save async fh if success media: uvcvideo: Avoid invalid memory access media: uvcvideo: Avoid returning invalid controls media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Remove dangling pointers Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rik van Riel (1): x86/mm/tlb: Only trim the mm_cpumask once a second Rob Herring (1): dt-bindings: Another pass removing cases of 'allOf' containing a '$ref' Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Romain Naour (1): ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryan Roberts (1): mm: don't skip arch_sync_kernel_mappings() in error paths Ryusuke Konishi (6): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Sakari Ailus (2): media: ccs: Clean up parsed CCS static data on parse failure media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Satya Priya Kakitapalli (1): clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Sean Anderson (3): gpio: xilinx: Convert gpio_lock to raw spinlock tty: xilinx_uartps: split sysrq handling net: cadence: macb: Synchronize stats calculations Sean Christopherson (3): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Sergey Senozhatsky (2): kconfig: add warn-unknown-symbols sanity check kconfig: WERROR unmet symbol dependency Shakeel Butt (1): cgroup: fix race between fork and cgroup.kill Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Stas Sergeev (1): tun: fix group permission check Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Sumit Garg (1): tee: optee: Fix supplicant wait loop Sven Eckelmann (3): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop initialization of flexible ethtool_link_ksettings batman-adv: Drop unmanaged ELP metric worker Sven Schwermer (2): dt-bindings: leds: Optional multi-led unit address dt-bindings: leds: Add multicolor PWM LED bindings Takashi Iwai (2): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (10): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (7): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice usb: dwc3: Set SUSPENDENABLE soon after phy init Thomas Gleixner (3): genirq: Make handle_enforce_irqctx() unconditionally available sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Thomas Weißschuh (4): padata: fix sysfs store callback check ptp: Properly handle compat ioctls ptp: Ensure info->enable callback is always set kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Toke Høiland-Jørgensen (1): sched: sch_cake: add bounds checks to host bulk flow fairness counts Tomi Valkeinen (1): drm/tidss: Fix issue in irq handling causing irq-flood issue Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Uwe Kleine-König (4): mtd: hyperbus: Make hyperbus_unregister_device() return void mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Val Packett (4): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Ville Syrjälä (1): drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Vladimir Vdovin (1): net: ipv4: Cache pmtu for all packet paths if multipath enabled Vladimir Zapolskiy (1): arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wang Hai (1): tcp: Defer ts_recent changes until req is owned WangYuli (2): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wei Fang (3): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead icv error crypto: hisilicon/sec2 - fix for aead invalid authsize Wentao Liang (4): PM: hibernate: Add error handling for syscore_suspend() xfs: Add error handling for xfs_reflink_cancel_cow_range gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Wesley Cheng (1): usb: dwc3: Increase DWC3 controller halt timeout Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xiaoming Ni (2): hung_task: move hung_task sysctl interface to hung_task.c sysctl: use const for typically used max/min proc sysctls Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yan Zhai (2): udp: gso: do not drop small packets when PMTU reduces bpf: skip non exist keys in generic_map_lookup_batch Yang Erkun (1): block: retry call probe after request_module in blk_request_module Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Ye Bin (1): scsi: core: Clear driver private data when retrying request Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Yury Norov (1): clocksource: Replace cpumask_weight() with cpumask_empty() Zecheng Li (1): sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zichen Xie (1): samples/landlock: Fix possible NULL dereference in parse_path() Zijun Hu (7): of: reserved-memory: Do not make kmemleak ignore freed address PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() huangshaobo (1): kfence: enable check kfence canary on panic via boot param lei he (1): crypto: testmgr - fix version number of RSA tests pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null xu xin (2): Namespaceify min_pmtu sysctl Namespaceify mtu_expires sysctl

6 months

1
1
0 0

Linux 5.10.235

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.235 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Makefile | 7 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 - arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/mediatek/mt8516.dtsi | 38 - arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8994.dtsi | 2 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/include/asm/mman.h | 9 arch/arm64/kernel/cacheinfo.c | 12 arch/arm64/kernel/vdso/vdso.lds.S | 1 arch/arm64/kernel/vmlinux.lds.S | 1 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/include/asm/futex.h | 2 arch/s390/kernel/traps.c | 6 arch/s390/kvm/vsie.c | 25 - arch/x86/Kconfig | 3 arch/x86/boot/compressed/Makefile | 1 arch/x86/events/intel/core.c | 5 arch/x86/include/asm/msr-index.h | 3 arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/cpu/bugs.c | 20 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/i8253.c | 11 arch/x86/kernel/static_call.c | 1 arch/x86/mm/init.c | 23 - arch/x86/xen/mmu_pv.c | 79 ++- arch/x86/xen/xen-head.S | 5 block/blk-cgroup.c | 1 block/partitions/efi.c | 2 block/partitions/ldm.h | 2 block/partitions/mac.c | 18 crypto/testmgr.h | 227 +++++++--- drivers/acpi/apei/ghes.c | 10 drivers/acpi/fan.c | 10 drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/char/tpm/eventlog/acpi.c | 16 drivers/char/tpm/eventlog/efi.c | 13 drivers/char/tpm/eventlog/of.c | 3 drivers/char/tpm/tpm-chip.c | 1 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/imx/clk-imx8mp.c | 5 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 drivers/clocksource/i8253.c | 13 drivers/cpufreq/acpi-cpufreq.c | 36 + drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/hisilicon/qm.c | 46 +- drivers/crypto/qce/core.c | 13 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/firmware/efi/efi.c | 6 drivers/firmware/efi/libstub/Makefile | 2 drivers/firmware/efi/libstub/randomalloc.c | 3 drivers/firmware/efi/libstub/relocate.c | 3 drivers/firmware/efi/mokvar-table.c | 41 - drivers/gpio/gpio-aggregator.c | 20 drivers/gpio/gpio-bcm-kona.c | 71 ++- drivers/gpio/gpio-pca953x.c | 19 drivers/gpio/gpio-rcar.c | 7 drivers/gpio/gpio-stmpe.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/drm_dp_cec.c | 14 drivers/gpu/drm/drm_fb_helper.c | 14 drivers/gpu/drm/drm_probe_helper.c | 116 +++-- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/gpu/drm/tidss/tidss_dispc.c | 22 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-core.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-sensor-hub.c | 21 drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hid/wacom_wac.c | 5 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 +- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/i2c/i2c-core-acpi.c | 22 drivers/idle/intel_idle.c | 4 drivers/iio/light/as73211.c | 24 - drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 6 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/leds/leds-lp8860.c | 2 drivers/leds/leds-netxbig.c | 1 drivers/md/dm-crypt.c | 27 - drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ov5640.c | 1 drivers/media/platform/exynos4-is/mipi-csis.c | 10 drivers/media/platform/marvell-ccic/mcam-core.c | 7 drivers/media/platform/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 drivers/media/usb/dvb-usb-v2/lmedm04.c | 14 drivers/media/usb/uvc/uvc_ctrl.c | 85 +++ drivers/media/usb/uvc/uvc_driver.c | 63 +- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvcvideo.h | 9 drivers/media/v4l2-core/v4l2-mc.c | 2 drivers/mfd/lpc_ich.c | 3 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/fastrpc.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 2 drivers/mmc/host/sdhci-msm.c | 53 ++ drivers/mtd/hyperbus/hbmc-am654.c | 19 drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/mtd/nand/raw/cadence-nand-controller.c | 44 + drivers/net/caif/caif_virtio.c | 2 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 drivers/net/ethernet/broadcom/bgmac.h | 3 drivers/net/ethernet/broadcom/tg3.c | 58 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++---- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 - drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/loopback.c | 14 drivers/net/netdevsim/ipsec.c | 12 drivers/net/netdevsim/netdevsim.h | 1 drivers/net/netdevsim/udp_tunnels.c | 23 - drivers/net/ppp/ppp_generic.c | 28 - drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/gl620a.c | 4 drivers/net/usb/rtl8150.c | 28 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/mediatek/mt76/usb.c | 4 drivers/net/wireless/realtek/rtlwifi/base.c | 42 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 67 -- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 drivers/net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 drivers/net/wireless/realtek/rtlwifi/usb.c | 13 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 16 drivers/nvme/host/pci.c | 66 ++ drivers/nvme/target/tcp.c | 15 drivers/nvmem/core.c | 2 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/of/base.c | 8 drivers/parport/parport_pc.c | 5 drivers/pci/controller/pcie-rcar-ep.c | 2 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/pci/quirks.c | 1 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/power/supply/da9150-fg.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 ++--- drivers/ptp/ptp_clock.c | 8 drivers/pwm/pwm-stm32.c | 7 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/regulator/of_regulator.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_dfs.c | 124 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 drivers/scsi/qla2xxx/qla_init.c | 28 - drivers/scsi/storvsc_drv.c | 1 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/slimbus/messaging.c | 5 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-mxs.c | 3 drivers/spi/spi-zynq-qspi.c | 13 drivers/staging/media/imx/imx-media-of.c | 8 drivers/tee/optee/supp.c | 35 - drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/sh-sci.c | 25 + drivers/usb/atm/cxacru.c | 13 drivers/usb/class/cdc-acm.c | 28 - drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 10 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 37 + drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/f_midi.c | 22 drivers/usb/gadget/function/f_tcm.c | 66 +- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 17 drivers/usb/host/xhci-ring.c | 12 drivers/usb/host/xhci.c | 23 - drivers/usb/host/xhci.h | 11 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 fs/afs/dir.c | 7 fs/afs/xdr_fs.h | 2 fs/afs/yfsclient.c | 5 fs/binfmt_flat.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/locking.c | 68 ++ fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/cifs/smb2ops.c | 4 fs/f2fs/file.c | 13 fs/nfs/flexfilelayout/flexfilelayout.c | 27 - fs/nfs/nfs42xdr.c | 2 fs/nfsd/nfs2acl.c | 2 fs/nfsd/nfs3acl.c | 2 fs/nfsd/nfs4callback.c | 8 fs/nilfs2/dir.c | 24 - fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/nilfs2/page.c | 55 +- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 - fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/select.c | 4 fs/squashfs/inode.c | 5 fs/ubifs/debug.c | 22 fs/udf/super.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/drm/drm_probe_helper.h | 1 include/linux/efi.h | 1 include/linux/i8253.h | 1 include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/mlx5/driver.h | 1 include/linux/netdevice.h | 6 include/linux/pci_ids.h | 4 include/linux/pps_kernel.h | 3 include/linux/usb/hcd.h | 5 include/net/dst.h | 23 - include/net/flow_dissector.h | 16 include/net/flow_offload.h | 6 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/trace/events/oom.h | 36 + include/uapi/linux/input-event-codes.h | 1 kernel/acct.c | 141 +++--- kernel/bpf/syscall.c | 18 kernel/debug/kdb/kdb_io.c | 2 kernel/events/core.c | 17 kernel/irq/internals.h | 9 kernel/padata.c | 45 + kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 8 kernel/sched/cpufreq_schedutil.c | 12 kernel/time/clocksource.c | 79 +++ kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 27 - lib/Kconfig.debug | 8 mm/memcontrol.c | 7 mm/oom_kill.c | 14 mm/page_alloc.c | 1 net/8021q/vlan.c | 3 net/8021q/vlan.h | 2 net/8021q/vlan_dev.c | 15 net/8021q/vlan_netlink.c | 7 net/batman-adv/bat_v.c | 3 net/batman-adv/bat_v_elp.c | 124 +++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/bat_v_ogm.c | 1 net/batman-adv/fragmentation.c | 2 net/batman-adv/hard-interface.c | 1 net/batman-adv/icmp_socket.c | 1 net/batman-adv/main.c | 1 net/batman-adv/netlink.c | 1 net/batman-adv/tp_meter.c | 1 net/batman-adv/types.h | 3 net/bluetooth/l2cap_core.c | 9 net/bluetooth/l2cap_sock.c | 7 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/flow_offload.c | 7 net/core/neighbour.c | 11 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 5 net/hsr/hsr_forward.c | 7 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/ip_input.c | 1 net/ipv4/ip_output.c | 1 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 8 net/ipv4/tcp_minisocks.c | 10 net/ipv4/tcp_offload.c | 11 net/ipv4/udp.c | 4 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/ipv6/ip6_output.c | 1 net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/rpl_iptunnel.c | 67 +- net/ipv6/seg6_iptunnel.c | 2 net/ipv6/udp.c | 4 net/llc/llc_s_ac.c | 49 +- net/mptcp/pm_netlink.c | 6 net/mptcp/protocol.c | 1 net/ncsi/ncsi-manage.c | 13 net/netfilter/nf_tables_api.c | 8 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 40 + net/rose/rose_timer.c | 15 net/sched/cls_flower.c | 8 net/sched/sch_api.c | 4 net/sched/sch_cake.c | 140 +++--- net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/smc/af_smc.c | 2 net/smc/smc_rx.c | 37 - net/smc/smc_rx.h | 8 net/sunrpc/cache.c | 10 net/tipc/crypto.c | 4 net/vmw_vsock/af_vsock.c | 82 ++- net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 net/wireless/scan.c | 35 + net/xfrm/xfrm_replay.c | 10 scripts/Makefile.extrawarn | 5 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 security/integrity/ima/ima_api.c | 16 security/integrity/ima/ima_template_lib.c | 17 security/safesetid/securityfs.c | 3 security/tomoyo/common.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_realtek.c | 78 +++ sound/soc/codecs/es8328.c | 15 sound/soc/intel/boards/bytcr_rt5640.c | 17 sound/soc/sunxi/sun4i-spdif.c | 7 sound/usb/midi.c | 2 sound/usb/usx2y/usbusx2y.c | 11 sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/bootconfig/main.c | 4 tools/perf/bench/epoll-wait.c | 7 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/bpf-event.c | 10 tools/perf/util/cs-etm.c | 2 tools/perf/util/dso.c | 14 tools/perf/util/env.c | 28 - tools/perf/util/env.h | 8 tools/perf/util/header.c | 29 - tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/drivers/net/netdevsim/udp_tunnel_nic.sh | 16 tools/testing/selftests/kselftest_harness.h | 24 - tools/testing/selftests/net/ipsec.c | 3 tools/testing/selftests/net/rtnetlink.sh | 4 tools/testing/selftests/net/udpgso.c | 26 + 434 files changed, 4053 insertions(+), 2023 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Alexander Usyskin (1): mei: me: add panther lake P DID Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrew Cooper (1): x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Andy Strohman (1): batman-adv: fix panic during interface removal AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Ard Biesheuvel (2): efi: Avoid cold plugged memory for placing the kernel vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnaldo Carvalho de Melo (2): perf env: Conditionally compile BPF support code on having HAVE_LIBBPF_SUPPORT perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Arnd Bergmann (2): media: cxd2841er: fix 64-bit division on gcc-9 sunrpc: suppress warnings for unused procfs functions Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Bartosz Golaszewski (2): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path Ben Hutchings (2): perf cs-etm: Add missing variable in cs_etm__process_queues() udf: Fix use of check_add_overflow() with mixed type arguments Bitterblue Smith (1): wifi: rtlwifi: rtl8821ae: Fix media status report Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Brian Vazquez (2): net: use indirect call helpers for dst_input net: use indirect call helpers for dst_output Calvin Owens (1): pps: Fix a use-after-free Carlos Galo (1): mm: update mark_victim tracepoints fields Carlos Llamas (1): lockdep: Fix upper limit for LOCKDEP_*_BITS configs Casey Chen (1): nvme-pci: fix multiple races in nvme_setup_io_queues Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chao Yu (1): f2fs: fix to wait dio completion Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (4): padata: fix UAF in padata_reorder padata: add pd get/put refcnt helper padata: avoid UAF for reorder_work memcg: fix soft lockup in the OOM process Chen-Yu Tsai (4): arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Brauner (2): acct: block access to kernel internal filesystems acct: perform last write from workqueue Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Christophe Leroy (3): select: Fix unbalanced user_access_end() powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (5): serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Cody Eksal (1): clk: sunxi-ng: a100: enable MMC clock reparenting Colin Ian King (1): rtlwifi: remove redundant assignment to variable err Cong Wang (3): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Cosmin Tanislav (1): media: mc: fix endpoint iteration Dai Ngo (1): NFSD: fix hang in nfsd4_shutdown_callback Dan Carpenter (4): rdma/cxgb4: Prevent potential integer overflow on 32bit tipc: re-order conditions in tipc_crypto_key_rcv() binfmt_flat: Fix integer overflow bug on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (3): afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY afs: Fix directory format encoding struct afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Davidlohr Bueso (1): usb/gadget: f_midi: Replace tasklet with work Devarsh Thakkar (1): drm/tidss: Clear the interrupt status for interrupts being disabled Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (4): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: cfg80211: adjust allocation of colocated AP data wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry Baryshkov (3): arm64: dts: qcom: msm8916: correct sleep clock frequency arm64: dts: qcom: msm8994: correct sleep clock frequency arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Eddie James (1): tpm: Use managed allocation for bios event log Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo C6400 Edward Adam Davis (1): media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Ekansh Gupta (1): misc: fastrpc: Fix registered buffer page address Elson Roy Serrao (1): usb: roles: set switch registered flag early on Emil Renner Berthing (1): net: usb: rtl8150: use new tasklet API Eric Dumazet (17): ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: hsr: fix fill_frame_info() regression vs VLAN packets net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() team: better TEAM_OPTION_TYPE_STRING validation net: add dev_net_rcu() helper ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabien Parent (1): arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (3): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection usb: typec: ucsi: increase timeout for PPM reset operations Filipe Manana (3): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: avoid monopolizing a core when activating a swap file btrfs: bring back the incorrectly removed extent buffer lock recursion support Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gautham R. Shenoy (1): cpufreq: ACPI: Fix max-frequency computation Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 5.10.235 Guangguan Wang (1): net/smc: fix data error when recvmsg with MSG_PEEK flag Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hangbin Liu (2): netdevsim: print human readable IP address selftests: rtnetlink: update netdevsim ipsec output format Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (2): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (5): drm/komeda: Add check for komeda_get_layer_fourcc_list() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Hardik Gajjar (1): usb: xhci: Add timeout argument in address_device USB HCD callback Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (2): s390/futex: Fix FUTEX_OP_ANDN implementation s390/traps: Fix test_monitor_call() inline assembly Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Hou Tao (2): dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() dm-crypt: track tag_offset in convert_context Howard Chu (1): perf trace: Fix runtime error of index out of bounds Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Hui Su (1): kernel/acct.c: use #elif instead of #end and #elif Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Ignat Korchagin (2): crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - some more fixes to RSA test vectors Ilan Peer (1): wifi: cfg80211: Handle specific BSSID in 6GHz scanning Illia Ostapyshyn (1): Input: allocate keycode for phone linking Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jacob Moroni (1): net: atlantic: fix warning during hot unplug Jakob Koschel (1): rtlwifi: replace usage of found with dedicated list iterator variable Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jakub Kicinski (2): net: netdevsim: try to close UDP port harness races net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jarkko Sakkinen (1): tpm: Change to kvalloc() in eventlog/acpi.c Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Javier Carrasco (1): iio: light: as73211: fix channel handling in only-color triggered buffer Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jian Shen (1): net: hns3: fix oops when unload drivers paralleling Jianbo Liu (1): xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (4): media: marvell: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (7): ACPI: fan: cleanup resources in the error path of .probe() leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() regulator: of: Implement the unwind path of of_regulator_match() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() mtd: hyperbus: hbmc-am654: fix an OF node reference leak staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Ogness (1): kdb: Do not assume write() callback available John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (3): x86/xen: fix xen_hypercall_hvm() to not clobber %rbx x86/xen: add FRAME_END to xen_hypercall_hvm() x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (5): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (2): ALSA: hda/realtek: Fixup ALC225 depop procedure ALSA: hda/realtek: update ALC222 depop optimize Kan Liang (1): perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Keisuke Nishimura (1): nvme: Add error check for xa_store in nvme_get_effects_log King Dix (1): PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Koichiro Den (2): Revert "btrfs: avoid monopolizing a core when activating a swap file" gpio: aggregator: protect driver attr handlers against module unload Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Kozlowski (2): soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Lei He (2): crypto: testmgr - fix wrong key length for pkcs1pad crypto: testmgr - Fix wrong test case of RSA Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leo Stone (1): safesetid: check size of policy writes Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Lingfeng (1): nfsd: clear acl_access/acl_default after releasing them Li Zetao (1): neighbour: delete redundant judgment statements Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Liu Ye (1): selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Luca Weiss (1): nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Yifan (1): tools/bootconfig: Fix the wrong format specifier Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Maarten Lankhorst (1): drm/modeset: Handle tiled displays in pan_display_atomic. Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Glubokiy (1): net: extract port range fields from fl_flow_key Maksym Planeta (1): Grab mm lock before grabbing pt lock Malcolm Priestley (1): media: lmedm04: Use GFP_KERNEL for URB allocation/submission. Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Marek Vasut (2): clk: imx8mp: Fix clkout1/2 support USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Mark Tomlinson (1): gpio: pca953x: Improve interrupt support Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Masahiro Yamada (2): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Maxime Ripard (1): drm/probe-helper: Create a HPD IRQ event helper for a single connector Meir Elisha (1): nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michal Luczaj (4): vsock: Allow retrying on connect() failure bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release Michal Pecio (2): usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mike Snitzer (1): pnfs/flexfiles: retry getting layout segment for reads Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Mingwei Zheng (2): spi: zynq-qspi: Add check for clk_enable() pwm: stm32: Add check for clk_enable() Murad Masimov (1): ALSA: usx2y: validate nrpacks module parameter on probe Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (4): efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kbuild: Move -Wenum-enum-conversion to W=2 x86/boot: Use '-std=gnu11' to fix build with GCC 15 arm64: Handle .ARM.attributes section in linker scripts Neil Armstrong (1): dt-bindings: mmc: controller: clarify the address-cells description Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (6): net/rose: prevent integer overflows in rose_setsockopt() net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() usbnet: gl620a: fix endpoint checking in genelink_bind() wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Niravkumar L Rabara (4): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single mtd: rawnand: cadence: fix unchecked dereference Octavian Purdila (1): team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Olga Kornievskaia (1): NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Oliver Neukum (1): media: rc: iguanair: handle timeouts Olivier Gayot (1): block: fix conversion of GPT partition name to 7-bit Oscar Maes (1): vlan: enforce underlying device type Pablo Neira Ayuso (1): netfilter: nf_tables: reject mismatching sum of field_len with set key length Paolo Abeni (2): mptcp: prevent excessive coalescing on receive mptcp: always handle address removal under msk socket lock Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Patrisious Haddad (1): RDMA/mlx5: Fix bind QP error cleanup flow Paul E. McKenney (1): clocksource: Limit number of CPUs checked for clock synchronization Paul Fertser (1): net/ncsi: wait for the last response to Deselect Package before configuring channel Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Philipp Stanner (1): drm/sched: Fix preprocessor guard Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Quinn Tran (1): scsi: qla2xxx: Move FCE Trace buffer allocation to user control Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafael J. Wysocki (1): cpufreq: schedutil: Simplify sugov_update_next_freq() Rafał Miłecki (2): ARM: dts: mediatek: mt7623: fix IR nodename bgmac: reduce max frame size to support just MTU 1500 Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randolph Ha (1): i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Randy Dunlap (1): partitions: ldm: remove the initial kernel-doc notation Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (5): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Only save async fh if success media: uvcvideo: Remove dangling pointers Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Roger Quadros (1): net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryusuke Konishi (6): nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Sean Christopherson (2): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (2): module: Extend the preempt disabled section in dereference_symbol_descriptor(). clocksource: Replace deprecated CPU-hotplug functions. Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev (1): tun: fix group permission check Stefan Berger (1): ima: Fix use-after-free on a dentry's dname.name Stefan Eichenberger (1): usb: core: fix pipe creation for get_bMaxPacketSize0 Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sultan Alsawaf (unemployed) (1): cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Sumit Garg (1): tee: optee: Fix supplicant wait loop Sven Eckelmann (4): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Add new include for min/max helpers batman-adv: Drop initialization of flexible ethtool_link_ksettings batman-adv: Drop unmanaged ELP metric worker Takashi Iwai (2): PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (10): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: destroy workqueue at rtl_deinit_core wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Thinh Nguyen (6): usb: gadget: f_tcm: Fix Get/SetInterface return value usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Gleixner (3): genirq: Make handle_enforce_irqctx() unconditionally available sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Thomas Weißschuh (3): padata: fix sysfs store callback check ptp: Ensure info->enable callback is always set kbuild: userprogs: use correct lld when linking through clang Thomas Zimmermann (2): m68k: vga: Fix I/O defines drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Toke Høiland-Jørgensen (1): sched: sch_cake: add bounds checks to host bulk flow fairness counts Tomi Valkeinen (1): drm/tidss: Fix issue in irq handling causing irq-flood issue Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Vadim Fedorenko (1): net/mlx5: use do_aux_work for PHC overflow checks Val Packett (4): arm64: dts: mediatek: mt8516: fix GICv2 range arm64: dts: mediatek: mt8516: fix wdt irq type arm64: dts: mediatek: mt8516: add i2c clock-div property arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() Waiman Long (2): clocksource: Use pr_info() for "Checking clocksource synchronization" message clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Wang Hai (1): tcp: Defer ts_recent changes until req is owned WangYuli (2): wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Weili Qian (1): crypto: hisilicon/qm - inject error before stopping queue Wentao Liang (3): PM: hibernate: Add error handling for syscore_suspend() gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Wesley Cheng (1): usb: dwc3: Increase DWC3 controller halt timeout Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xin Long (2): vlan: introduce vlan_dev_free_egress_priority vlan: move dev_put into vlan_dev_uninit Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yan Zhai (2): udp: gso: do not drop small packets when PMTU reduces bpf: skip non exist keys in generic_map_lookup_batch Yang Yang (1): kernel/acct.c: use dedicated helper to access rlimit values Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Yuanjie Yang (1): mmc: sdhci-msm: Correctly set the load for the regulator Yury Norov (1): clocksource: Replace cpumask_weight() with cpumask_empty() Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zheng Yongjun (1): net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh() Zhongqiu Han (3): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zijun Hu (5): PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() blk-cgroup: Fix class @block_class's subsystem refcount leakage of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' lei he (1): crypto: testmgr - fix version number of RSA tests pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null

6 months

1
1
0 0

Linux 5.4.291

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.291 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/mmc/mmc-controller.yaml | 2 Makefile | 7 arch/alpha/include/uapi/asm/ptrace.h | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/alpha/kernel/entry.S | 24 - arch/alpha/kernel/traps.c | 2 arch/alpha/mm/fault.c | 4 arch/arm/boot/dts/mt7623.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 arch/arm64/kernel/cacheinfo.c | 12 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/kernel/traps.c | 4 arch/m68k/include/asm/vga.h | 8 arch/mips/kernel/ftrace.c | 2 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/powerpc/platforms/pseries/eeh_pseries.c | 6 arch/s390/include/asm/futex.h | 2 arch/s390/kvm/vsie.c | 25 - arch/x86/kernel/amd_nb.c | 4 arch/x86/kernel/cpu/cacheinfo.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/i8253.c | 11 arch/x86/mm/init.c | 32 - arch/x86/xen/mmu_pv.c | 79 +++ block/partitions/ldm.h | 2 block/partitions/mac.c | 18 crypto/testmgr.h | 227 +++++++---- drivers/acpi/apei/ghes.c | 10 drivers/base/bus.c | 2 drivers/base/regmap/regmap-irq.c | 2 drivers/block/nbd.c | 1 drivers/char/ipmi/ipmb_dev_int.c | 3 drivers/clk/analogbits/wrpll-cln28hpc.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clocksource/i8253.c | 13 drivers/cpufreq/s3c64xx-cpufreq.c | 11 drivers/crypto/qce/core.c | 13 drivers/dma/ti/edma.c | 3 drivers/firmware/Kconfig | 2 drivers/gpio/gpio-bcm-kona.c | 71 ++- drivers/gpio/gpio-rcar.c | 7 drivers/gpio/gpio-stmpe.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 16 drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c | 4 drivers/gpu/drm/drm_dp_cec.c | 14 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 drivers/gpu/drm/radeon/r300.c | 3 drivers/gpu/drm/radeon/radeon_asic.h | 1 drivers/gpu/drm/radeon/rs400.c | 18 drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 drivers/hid/hid-appleir.c | 2 drivers/hid/hid-core.c | 2 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-multitouch.c | 5 drivers/hid/hid-sensor-hub.c | 21 - drivers/hid/intel-ish-hid/ishtp-hid.c | 4 drivers/hid/wacom_wac.c | 5 drivers/hwmon/ad7314.c | 10 drivers/hwmon/ntc_thermistor.c | 66 +-- drivers/hwmon/pmbus/pmbus.c | 2 drivers/hwmon/xgene-hwmon.c | 2 drivers/hwtracing/intel_th/pci.c | 15 drivers/infiniband/hw/cxgb4/device.c | 6 drivers/infiniband/hw/mlx4/main.c | 6 drivers/leds/leds-lp8860.c | 2 drivers/media/dvb-frontends/cxd2841er.c | 8 drivers/media/i2c/ov5640.c | 1 drivers/media/platform/exynos4-is/mipi-csis.c | 10 drivers/media/platform/s3c-camif/camif-core.c | 13 drivers/media/rc/iguanair.c | 4 drivers/media/usb/dvb-usb-v2/lmedm04.c | 14 drivers/media/usb/uvc/uvc_ctrl.c | 85 +++- drivers/media/usb/uvc/uvc_queue.c | 3 drivers/media/usb/uvc/uvc_status.c | 1 drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvcvideo.h | 9 drivers/mfd/lpc_ich.c | 3 drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 drivers/misc/fastrpc.c | 2 drivers/mmc/core/sdio.c | 2 drivers/mtd/nand/onenand/onenand_base.c | 1 drivers/net/caif/caif_virtio.c | 2 drivers/net/can/c_can/c_can_platform.c | 5 drivers/net/ethernet/broadcom/tg3.c | 58 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/davicom/dm9000.c | 3 drivers/net/ethernet/emulex/benet/be.h | 2 drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++----- drivers/net/ethernet/emulex/benet/be_main.c | 2 drivers/net/ethernet/freescale/fec_main.c | 31 + drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/renesas/sh_eth.c | 4 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/loopback.c | 14 drivers/net/ppp/ppp_generic.c | 28 - drivers/net/team/team.c | 11 drivers/net/tun.c | 2 drivers/net/usb/gl620a.c | 4 drivers/net/usb/rtl8150.c | 28 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/realtek/rtlwifi/base.c | 36 - drivers/net/wireless/realtek/rtlwifi/base.h | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 65 --- drivers/net/wireless/realtek/rtlwifi/rtl8192se/dm.c | 42 +- drivers/net/wireless/realtek/rtlwifi/rtl8192se/fw.c | 40 - drivers/net/wireless/realtek/rtlwifi/rtl8192se/hw.c | 157 +++---- drivers/net/wireless/realtek/rtlwifi/rtl8192se/led.c | 10 drivers/net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 211 +++++----- drivers/net/wireless/realtek/rtlwifi/rtl8192se/rf.c | 70 +-- drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 11 drivers/net/wireless/realtek/rtlwifi/rtl8192se/trx.c | 10 drivers/net/wireless/realtek/rtlwifi/usb.c | 2 drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 - drivers/net/wireless/ti/wlcore/main.c | 10 drivers/nvme/host/core.c | 8 drivers/nvmem/core.c | 2 drivers/of/base.c | 8 drivers/parport/parport_pc.c | 5 drivers/pci/endpoint/pci-epc-core.c | 2 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/thinkpad_acpi.c | 1 drivers/power/supply/da9150-fg.c | 4 drivers/pps/clients/pps-gpio.c | 4 drivers/pps/clients/pps-ktimer.c | 4 drivers/pps/clients/pps-ldisc.c | 6 drivers/pps/clients/pps_parport.c | 4 drivers/pps/kapi.c | 10 drivers/pps/kc.c | 10 drivers/pps/pps.c | 127 +++--- drivers/ptp/ptp_clock.c | 8 drivers/rapidio/devices/rio_mport_cdev.c | 3 drivers/rapidio/rio-scan.c | 5 drivers/regulator/of_regulator.c | 14 drivers/rtc/rtc-pcf85063.c | 11 drivers/scsi/mpt3sas/mpt3sas_base.c | 3 drivers/scsi/storvsc_drv.c | 1 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/slimbus/messaging.c | 5 drivers/soc/qcom/smem_state.c | 3 drivers/soc/qcom/socinfo.c | 2 drivers/spi/spi-mxs.c | 3 drivers/staging/media/imx/imx-media-of.c | 8 drivers/tee/optee/supp.c | 35 - drivers/tty/serial/8250/8250.h | 2 drivers/tty/serial/8250/8250_dma.c | 16 drivers/tty/serial/8250/8250_pci.c | 10 drivers/tty/serial/8250/8250_port.c | 9 drivers/tty/serial/sh-sci.c | 25 + drivers/usb/atm/cxacru.c | 13 drivers/usb/class/cdc-acm.c | 28 + drivers/usb/core/hub.c | 13 drivers/usb/core/quirks.c | 10 drivers/usb/dwc2/gadget.c | 1 drivers/usb/dwc3/gadget.c | 37 + drivers/usb/gadget/composite.c | 17 drivers/usb/gadget/function/f_midi.c | 22 - drivers/usb/gadget/function/f_tcm.c | 56 -- drivers/usb/gadget/udc/renesas_usb3.c | 2 drivers/usb/host/pci-quirks.c | 9 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-pci.c | 8 drivers/usb/host/xhci-ring.c | 12 drivers/usb/host/xhci.c | 23 - drivers/usb/host/xhci.h | 9 drivers/usb/renesas_usbhs/common.c | 6 drivers/usb/renesas_usbhs/mod_gadget.c | 2 drivers/usb/roles/class.c | 5 drivers/usb/serial/option.c | 49 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/vfio/pci/vfio_pci_rdwr.c | 1 drivers/vfio/platform/vfio_platform_common.c | 10 drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 fs/afs/xdr_fs.h | 2 fs/binfmt_flat.c | 2 fs/btrfs/inode.c | 4 fs/btrfs/relocation.c | 14 fs/btrfs/super.c | 2 fs/btrfs/transaction.c | 4 fs/nfsd/nfs4callback.c | 1 fs/nilfs2/dir.c | 24 - fs/nilfs2/inode.c | 10 fs/nilfs2/mdt.c | 6 fs/nilfs2/namei.c | 37 - fs/nilfs2/nilfs.h | 10 fs/nilfs2/page.c | 55 +- fs/nilfs2/page.h | 4 fs/nilfs2/segment.c | 4 fs/ocfs2/dir.c | 25 + fs/ocfs2/quota_global.c | 5 fs/ocfs2/super.c | 2 fs/ocfs2/symlink.c | 5 fs/orangefs/orangefs-debugfs.c | 4 fs/squashfs/inode.c | 5 fs/ubifs/debug.c | 22 - fs/udf/super.c | 2 include/linux/i8253.h | 1 include/linux/interrupt.h | 28 + include/linux/kallsyms.h | 2 include/linux/kvm_host.h | 9 include/linux/netdevice.h | 6 include/linux/overflow.h | 101 ++-- include/linux/pci_ids.h | 4 include/linux/pps_kernel.h | 3 include/linux/usb/hcd.h | 5 include/net/flow_dissector.h | 16 include/net/flow_offload.h | 6 include/net/l3mdev.h | 2 include/net/net_namespace.h | 15 include/trace/events/oom.h | 36 + kernel/acct.c | 141 ++++-- kernel/events/core.c | 17 kernel/padata.c | 2 kernel/power/hibernate.c | 7 kernel/printk/printk.c | 2 kernel/sched/core.c | 8 kernel/softirq.c | 18 kernel/trace/bpf_trace.c | 2 kernel/trace/ftrace.c | 27 - mm/memcontrol.c | 7 mm/oom_kill.c | 14 mm/page_alloc.c | 1 net/8021q/vlan.c | 3 net/8021q/vlan.h | 2 net/8021q/vlan_dev.c | 15 net/8021q/vlan_netlink.c | 7 net/batman-adv/bat_v.c | 2 net/batman-adv/bat_v_elp.c | 116 +++-- net/batman-adv/bat_v_elp.h | 2 net/batman-adv/types.h | 3 net/bluetooth/l2cap_sock.c | 3 net/can/j1939/socket.c | 4 net/can/j1939/transport.c | 5 net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/flow_offload.c | 7 net/core/neighbour.c | 11 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 5 net/ipv4/arp.c | 4 net/ipv4/devinet.c | 3 net/ipv4/ipmr_base.c | 3 net/ipv4/route.c | 8 net/ipv4/tcp_offload.c | 11 net/ipv4/udp.c | 4 net/ipv4/udp_offload.c | 8 net/ipv6/ila/ila_lwt.c | 4 net/ipv6/ndisc.c | 24 - net/ipv6/route.c | 7 net/ipv6/udp.c | 4 net/llc/llc_s_ac.c | 49 +- net/ncsi/ncsi-manage.c | 13 net/nfc/nci/hci.c | 2 net/openvswitch/datapath.c | 12 net/rose/af_rose.c | 24 - net/rose/rose_timer.c | 15 net/sched/cls_flower.c | 8 net/sched/sch_api.c | 4 net/sched/sch_cake.c | 140 +++--- net/sched/sch_fifo.c | 3 net/sched/sch_netem.c | 2 net/sunrpc/cache.c | 10 net/vmw_vsock/af_vsock.c | 5 net/wireless/nl80211.c | 5 net/wireless/reg.c | 3 scripts/Makefile.extrawarn | 5 scripts/genksyms/genksyms.c | 11 scripts/genksyms/genksyms.h | 2 scripts/genksyms/parse.y | 18 security/integrity/ima/ima_api.c | 16 security/integrity/ima/ima_template_lib.c | 17 security/tomoyo/common.c | 2 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_realtek.c | 86 ++++ sound/soc/codecs/es8328.c | 15 sound/soc/intel/boards/bytcr_rt5640.c | 17 sound/soc/sunxi/sun4i-spdif.c | 7 tools/perf/bench/epoll-wait.c | 7 tools/perf/builtin-report.c | 2 tools/perf/builtin-top.c | 2 tools/perf/builtin-trace.c | 6 tools/perf/util/cs-etm.c | 2 tools/perf/util/env.c | 5 tools/perf/util/env.h | 2 tools/perf/util/header.c | 8 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 15 tools/testing/ktest/ktest.pl | 7 tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 tools/testing/selftests/kselftest_harness.h | 42 +- tools/testing/selftests/net/udpgso.c | 26 + 305 files changed, 3051 insertions(+), 1673 deletions(-) Ahmed S. Darwish (3): x86/cacheinfo: Validate CPUID leaf 0x2 EDX output x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Alan Stern (2): HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections USB: hub: Ignore non-compliant devices with too many configs or interfaces Alex Deucher (2): drm/amdgpu: skip BAR resizing if the bios already did it drm/amdgpu: disable BAR resize on Dell G5 SE Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alexander Hölzl (1): can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Alexander Shishkin (2): intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Panther Lake-P/U support Alexander Sverdlin (1): leds: lp8860: Write full EEPROM, not only half of it Allen Pais (1): usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API Anastasia Belova (1): clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Andreas Kemnade (1): wifi: wlcore: fix unbalanced pm_runtime calls Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow Andy Shevchenko (2): xhci: pci: Fix indentation in the PCI device ID definitions eeprom: digsy_mtc: Make GPIO lookup table match the device Andy Strohman (1): batman-adv: fix panic during interface removal AngeloGioacchino Del Regno (1): usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Antoine Tenart (1): net: gso: fix ownership in __udp_gso_segment Arnaldo Carvalho de Melo (1): perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Arnd Bergmann (2): media: cxd2841er: fix 64-bit division on gcc-9 sunrpc: suppress warnings for unused procfs functions Artur Weber (3): gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ gpio: bcm-kona: Add missing newline to dev_err format string BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Ba Jing (1): ktest.pl: Remove unused declarations in run_bisect_test function Bartosz Golaszewski (2): crypto: qce - fix goto jump in error path crypto: qce - unregister previously registered algos in error path Ben Hutchings (2): perf cs-etm: Add missing variable in cs_etm__process_queues() udf: Fix use of check_add_overflow() with mixed type arguments Bo Gan (1): clk: analogbits: Fix incorrect calculation of vco rate delta Borislav Petkov (1): APEI: GHES: Have GHES honor the panic= setting Calvin Owens (1): pps: Fix a use-after-free Carlos Galo (1): mm: update mark_victim tracepoints fields Charles Han (2): ipmi: ipmb: Add check devm_kasprintf() returned value HID: multitouch: Add NULL check in mt_input_configured Chen Ni (1): media: lmedm04: Handle errors for lme2510_int_read Chen Ridong (1): memcg: fix soft lockup in the OOM process Chen-Yu Tsai (2): arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chenyuan Yang (1): net: davicom: fix UAF in dm9000_drv_remove Chester A. Unal (1): USB: serial: option: add MeiG Smart SLM828 Christian Brauner (2): acct: block access to kernel internal filesystems acct: perform last write from workqueue Christian Heusel (1): Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Christophe Leroy (2): powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chuck Lever (1): NFSD: Reset cb_seq_status after NFS4ERR_DELAY Claudiu Beznea (5): serial: sh-sci: Drop __initdata macro for port_cfg serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use usb: renesas_usbhs: Call clk_put() usb: renesas_usbhs: Use devm_usb_get_phy() usb: renesas_usbhs: Flush the notify_hotplug_work Cong Wang (3): netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Dan Carpenter (3): rdma/cxgb4: Prevent potential integer overflow on 32bit binfmt_flat: Fix integer overflow bug on 32 bit systems NFC: nci: Add bounds checking in nci_hci_create_pipe() Daniel Wagner (1): nvme: handle connectivity loss in nvme_set_queue_count Daniil Dulov (1): HID: appleir: Fix potential NULL dereference at raw event handle David Hildenbrand (1): KVM: s390: vsie: fix some corner-cases when grabbing vsie pages David Howells (1): afs: Fix directory format encoding struct David Woodhouse (1): x86/i8253: Disable PIT timer 0 when not in use Davidlohr Bueso (1): usb/gadget: f_midi: Replace tasklet with work Dheeraj Reddy Jonnalagadda (1): net: fec: implement TSO descriptor cleanup Dmitry Antipov (3): wifi: rtlwifi: remove unused timer and related code wifi: rtlwifi: remove unused dualmac control leftovers wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Dmitry V. Levin (1): selftests: harness: fix printing of mismatch values in __EXPECT() Ekansh Gupta (1): misc: fastrpc: Fix registered buffer page address Elson Roy Serrao (1): usb: roles: set switch registered flag early on Emil Renner Berthing (1): net: usb: rtl8150: use new tasklet API Eric Dumazet (16): ipmr: do not call mr_mfc_uses_dev() for unres entries net: rose: fix timer races against user threads net: rose: lock the socket in rose_bind() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() vrf: use RCU protection in l3mdev_l3_out() team: better TEAM_OPTION_TYPE_STRING validation net: add dev_net_rcu() helper ipv4: use RCU protection in rt_is_expired() ipv4: use RCU protection in inet_select_addr() ipv6: use RCU protection in ip6_default_advmss() ndisc: use RCU protection in ndisc_alloc_skb() neighbour: use RCU protection in __neigh_notify() arp: use RCU protection in arp_xmit() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ndisc: extend RCU protection in ndisc_send_skb() llc: do not use skb_get() before dev_queue_xmit() Erik Schumacher (1): hwmon: (ad7314) Validate leading zero bits and return error Even Xu (1): HID: Wacom: Add PCI Wacom device support Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: fix Telit Cinterion FN990A name Fabrice Gasnier (1): usb: dwc2: gadget: remove of_node reference upon udc_stop Fabrizio Castro (1): gpio: rcar: Fix missing of_node_put() call Fedor Pchelkin (2): Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc usb: typec: ucsi: increase timeout for PPM reset operations Filipe Manana (2): btrfs: fix use-after-free when attempting to join an aborted transaction btrfs: avoid monopolizing a core when activating a swap file Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix alpha mode configuration Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order George Lander (1): ASoC: sun4i-spdif: Add clock multiplier settings Greg Kroah-Hartman (1): Linux 5.4.291 Guixin Liu (1): scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Guo Ren (1): usb: gadget: udc: renesas_usb3: Fix compiler warning Hans Verkuil (1): gpu: drm_dp_cec: fix broken CEC adapter properties check Hans de Goede (2): mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Hao Zhang (1): mm/page_alloc: fix uninitialized variable Haoxiang Li (4): drm/komeda: Add check for komeda_get_layer_fourcc_list() nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() rapidio: add check for rio_add_net() in rio_scan_alloc_net() rapidio: fix an API misues when rio_add_net() fails Hardik Gajjar (1): usb: xhci: Add timeout argument in address_device USB HCD callback Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. He Rongguang (1): cpupower: fix TSC MHz calculation Heiko Carstens (1): s390/futex: Fix FUTEX_OP_ANDN implementation Heiko Stuebner (1): HID: hid-sensor-hub: don't use stale platform-data on remove Heming Zhao (1): ocfs2: fix incorrect CPU endianness conversion causing mount failure Hoku Ishibe (1): ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Howard Chu (1): perf trace: Fix runtime error of index out of bounds Huacai Chen (1): USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Hui Su (1): kernel/acct.c: use #elif instead of #end and #elif Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Ignat Korchagin (2): crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - some more fixes to RSA test vectors Ivan Kokshaysky (3): alpha: make stack 16-byte aligned (most cases) alpha: align stack for page fault and user unaligned trap handlers alpha: replace hardcoded stack offsets with autogenerated ones Ivan Stepchenko (2): drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table mtd: onenand: Fix uninitialized retlen in do_otp_read() Jakob Koschel (1): rtlwifi: replace usage of found with dedicated list iterator variable Jakob Unterwurzacher (1): arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Jamal Hadi Salim (1): net: sched: Disallow replacing of child qdisc from one parent to another Jann Horn (3): usb: cdc-acm: Check control transfer buffer size before access usb: cdc-acm: Fix handling of oversized fragments partitions: mac: fix handling of bogus partition table Jason Xing (1): net-timestamp: support TCP GSO case for a few missing flags Jennifer Berringer (1): nvmem: core: improve range check for nvmem_cell_write() Jiachen Zhang (1): perf report: Fix misleading help message about --demangle Jiaqing Zhao (3): can: ems_pci: move ASIX AX99100 ids to pci_ids.h serial: 8250_pci: add support for ASIX AX99100 parport_pc: add support for ASIX AX99100 Jiasheng Jiang (3): media: mipi-csis: Add check for clk_enable() media: camif-core: Add check for clk_enable() regmap-irq: Add missing kfree() Jiayuan Chen (1): ppp: Fix KMSAN uninit-value warning with bpf Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jiri Pirko (1): net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Joe Hattori (4): regulator: of: Implement the unwind path of of_regulator_match() fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() dmaengine: ti: edma: fix OF node reference leaks in edma_driver Johan Hovold (1): USB: serial: option: drop MeiG Smart defines Johannes Berg (1): wifi: iwlwifi: limit printed string from FW file John Keeping (2): usb: gadget: f_midi: fix MIDI Streaming descriptor lengths serial: 8250: Fix fifo underflow on flush John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Jos Wang (1): usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Josef Bacik (1): btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Juergen Gross (1): x86/xen: allow larger contiguous memory regions in PV guests Justin Iurman (2): net: ipv6: fix dst ref loop in ila lwtunnel net: ipv6: fix missing dst ref drop in ila lwtunnel Kailang Yang (3): ALSA: hda/realtek - Add type for ALC287 ALSA: hda/realtek: Fixup ALC225 depop procedure ALSA: hda/realtek: update ALC222 depop optimize Kan Liang (1): perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Kees Cook (3): overflow: Add __must_check attribute to check_*() helpers overflow: Allow mixed type arguments selftests/harness: Display signed values correctly Keith Busch (1): overflow: Correct check_shl_overflow() comment Koichiro Den (1): Revert "btrfs: avoid monopolizing a core when activating a swap file" Kory Maincent (1): net: sh_eth: Fix missing rtnl lock in suspend/resume path Krzysztof Kozlowski (2): soc: qcom: smem_state: fix missing of_node_put in error path can: c_can: fix unbalanced runtime PM disable in error path Kuan-Wei Chiu (2): printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX perf bench: Fix undefined behavior in cmpworker() Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Larry Finger (1): rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg Laurent Pinchart (1): media: uvcvideo: Fix double free in error path Lei He (2): crypto: testmgr - fix wrong key length for pkcs1pad crypto: testmgr - Fix wrong test case of RSA Lei Huang (1): USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Lenny Szubowicz (1): tg3: Disable tg3 PCIe AER on system reboot Leon Romanovsky (1): RDMA/mlx4: Avoid false error about access to uninitialized gids array Li Zetao (1): neighbour: delete redundant judgment statements Lin Yujun (1): hexagon: Fix unbalanced spinlock in die() Liu Jian (1): net: let net.core.dev_weight always be non-zero Long Li (1): scsi: storvsc: Set correct data length for sending SCSI command without payload Ma Jun (1): drm/amdgpu: Check extended configuration space register when system uses large bar Maher Sanalla (1): net/mlxfw: Drop hard coded max FW flash image size Maksym Glubokiy (1): net: extract port range fields from fl_flow_key Maksym Planeta (1): Grab mm lock before grabbing pt lock Malcolm Priestley (1): media: lmedm04: Use GFP_KERNEL for URB allocation/submission. Marcel Hamer (1): wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Marco Leogrande (1): tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Marek Szyprowski (1): usb: gadget: Fix setting self-powered state on suspend Marek Vasut (1): USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Masahiro Yamada (2): genksyms: fix memory leak when the same symbol is added from source genksyms: fix memory leak when the same symbol is read from *.symref file Mathias Nyman (1): USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Matthew Wilcox (Oracle) (1): ocfs2: handle a symlink read error correctly Maud Spierings (1): hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Miao Li (1): usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Michal Luczaj (1): vsock: Allow retrying on connect() failure Michal Pecio (1): usb: xhci: Fix NULL pointer dereference on certain command aborts Mike Marshall (1): orangefs: fix a oob in orangefs_debug_write Mingcong Bai (1): platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Narayana Murty N (1): powerpc/pseries/eeh: Fix get PE state translation Nathan Chancellor (1): kbuild: Move -Wenum-enum-conversion to W=2 Neil Armstrong (1): dt-bindings: mmc: controller: clarify the address-cells description Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (5): net: usb: rtl8150: enable basic endpoint checking nilfs2: fix possible int overflows in nilfs_fiemap() usbnet: gl620a: fix endpoint checking in genelink_bind() wifi: cfg80211: regulatory: improve invalid hints checking usb: atm: cxacru: fix a flaw in existing endpoint checks Nikolay Aleksandrov (1): be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Octavian Purdila (1): team: prevent adding a device which is already a team device lower Oleksij Rempel (1): rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Oliver Neukum (1): media: rc: iguanair: handle timeouts Oscar Maes (1): vlan: enforce underlying device type Paul Fertser (1): net/ncsi: wait for the last response to Deselect Package before configuring channel Paul Menzel (1): scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Pawel Chmielewski (1): intel_th: pci: Add Arrow Lake support Petr Tesarik (1): xen: remove a confusing comment on auto-translated guest I/O Philipp Stanner (1): drm/sched: Fix preprocessor guard Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Prasad Pandit (1): firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Prashanth K (2): usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: gadget: Check bmAttributes only if configuration is valid Puranjay Mohan (1): bpf: Send signals asynchronously if !preemptible Qu Wenruo (1): btrfs: output the reason for open_ctree() failure Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Radu Rendec (1): arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Rafał Miłecki (1): ARM: dts: mediatek: mt7623: fix IR nodename Ralf Schlatterbeck (1): spi-mxs: Fix chipselect glitch Ramesh Thomas (1): vfio/pci: Enable iowrite64 and ioread64 for vfio pci Randy Dunlap (1): partitions: ldm: remove the initial kernel-doc notation Ricardo B. Marliere (1): ktest.pl: Check kernelrelease return in get_version Ricardo Ribalda (5): media: uvcvideo: Propagate buf->error to userspace media: uvcvideo: Only save async fh if success media: uvcvideo: Remove dangling pointers media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: uvcvideo: Remove redundant NULL assignment Richard Thier (1): drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Rob Herring (Arm) (1): Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Romain Perier (1): tasklet: Introduce new initialization API Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryusuke Konishi (6): nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: handle errors that nilfs_prepare_chunk() may return nilfs2: do not output warnings when clearing dirty buffers nilfs2: do not force clear folio if buffer is referenced nilfs2: protect access to buffers with no active references Sam Bobrowicz (1): media: ov5640: fix get_light_freq on auto Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Sean Christopherson (1): KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Sean Rhodes (1): drivers/card_reader/rtsx_usb: Restore interrupt based detection Sebastian Andrzej Siewior (1): module: Extend the preempt disabled section in dereference_symbol_descriptor(). Selvarasu Ganesan (1): usb: dwc3: Fix timeout issue during controller enter/exit from halt state Shawn Lin (1): mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev (1): tun: fix group permission check Stefan Berger (1): ima: Fix use-after-free on a dentry's dname.name Stephan Gerhold (1): soc: qcom: socinfo: Avoid out of bounds read of serial number Su Yue (2): ocfs2: mark dquot as inactive if failed to start trans while releasing dquot ocfs2: check dir i_size in ocfs2_find_entry Sui Jingfeng (1): drm/etnaviv: Fix page property being used for non writecombine buffers Suleiman Souhlal (1): sched: Don't try to catch up excess steal time. Sumit Garg (1): tee: optee: Fix supplicant wait loop Sven Eckelmann (2): batman-adv: Ignore neighbor throughput metrics in error case batman-adv: Drop unmanaged ELP metric worker Tetsuo Handa (1): tomoyo: don't emit warning in tomoyo_write_control() Thadeu Lima de Souza Cascardo (6): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: remove unused check_buddy_priv wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thinh Nguyen (5): usb: gadget: f_tcm: Don't free command immediately usb: gadget: f_tcm: Translate error to sense usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Don't prepare BOT write request twice Thomas Gleixner (1): sched/core: Prevent rescheduling when interrupts are disabled Thomas Weißschuh (3): padata: fix sysfs store callback check kbuild: userprogs: use correct lld when linking through clang ptp: Ensure info->enable callback is always set Thomas Zimmermann (1): m68k: vga: Fix I/O defines Titus Rwantare (1): hwmon: (pmbus) Initialise page count in pmbus_identify() Toke Høiland-Jørgensen (1): sched: sch_cake: add bounds checks to host bulk flow fairness counts Viresh Kumar (1): cpufreq: s3c64xx: Fix compilation warning Visweswara Tanuku (1): slimbus: messaging: Free transaction ID in delayed interrupt scenario Vitaliy Shevtsov (2): wifi: nl80211: reject cooked mode if it is set along with other flags caif_virtio: fix wrong pointer check in cfv_probe() WangYuli (1): MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Wentao Liang (2): PM: hibernate: Add error handling for syscore_suspend() gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Wesley Cheng (1): usb: dwc3: Increase DWC3 controller halt timeout Willem de Bruijn (2): hexagon: fix using plain integer as NULL pointer warning in cmpxchg tun: revert fix group permission check Xi Ruoyao (1): x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Xin Long (2): vlan: introduce vlan_dev_free_egress_priority vlan: move dev_put into vlan_dev_uninit Xinghuo Chen (1): hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Yan Zhai (1): udp: gso: do not drop small packets when PMTU reduces Yang Yang (1): kernel/acct.c: use dedicated helper to access rlimit values Yazen Ghannam (1): x86/amd_nb: Restrict init function to AMD-based systems Yu Kuai (1): nbd: don't allow reconnect after disconnect Yu-Chun Lin (1): HID: google: fix unused variable warning under !CONFIG_ACPI Zhang Lixu (1): HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhongqiu Han (2): perf header: Fix one memory leakage in process_bpf_btf() perf header: Fix one memory leakage in process_bpf_prog_info() Zijun Hu (5): PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() of: Correct child specifier used as input of the 2nd nexus node of: Fix of_find_node_opts_by_path() handling of alias+path+options of: reserved-memory: Fix using wrong number of cells to get property 'alignment' driver core: bus: Fix double free in driver API bus_register() lei he (1): crypto: testmgr - fix version number of RSA tests pangliyuan (1): ubifs: skip dumping tnc tree when zroot is null

6 months

1
1
0 0

[PATCH v3 0/3] media: uvcvideo: Introduce V4L2_META_FMT_UVC_CUSTOM + other meta fixes

by Ricardo Ribalda

This series introduces a new metadata format for UVC cameras and adds a couple of improvements to the UVC metadata handling. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v3: - Fix doc syntax errors. - Link to v2: https://lore.kernel.org/r/20250306-uvc-metadata-v2-0-7e939857cad5@chromium.… Changes in v2: - Add metadata invalid fix - Move doc note to a separate patch - Introuce V4L2_META_FMT_UVC_CUSTOM (thanks HdG!). - Link to v1: https://lore.kernel.org/r/20250226-uvc-metadata-v1-1-6cd6fe5ec2cb@chromium.… --- Ricardo Ribalda (3): media: uvcvideo: Do not mark valid metadata as invalid media: Documentation: Add note about UVCH length field media: uvcvideo: Introduce V4L2_META_FMT_UVC_CUSTOM .../userspace-api/media/v4l/meta-formats.rst | 1 + .../userspace-api/media/v4l/metafmt-uvc-custom.rst | 31 +++++++++++++++++ .../userspace-api/media/v4l/metafmt-uvc.rst | 4 ++- MAINTAINERS | 1 + drivers/media/usb/uvc/uvc_metadata.c | 40 ++++++++++++++++++---- drivers/media/usb/uvc/uvc_video.c | 12 +++---- drivers/media/v4l2-core/v4l2-ioctl.c | 1 + include/uapi/linux/videodev2.h | 1 + 8 files changed, 78 insertions(+), 13 deletions(-) --- base-commit: 36cef585e2a31e4ddf33a004b0584a7a572246de change-id: 20250226-uvc-metadata-2e7e445966de Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

6 months

1
1
0 0

[PATCH v3 2/2] regulator: check that dummy regulator has been probed before using it

by Christian Eggers

Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it. Cc: stable(a)vger.kernel.org Signed-off-by: Christian Eggers <ceggers(a)arri.de> --- v2: - return -EPROBE_DEFER rather than using BUG_ON() v3: - move dev_warn() below returning -EPROBE_DEFER drivers/regulator/core.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 4ddf0efead68..4d0f13899e6b 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -2069,6 +2069,10 @@ static int regulator_resolve_supply(struct regulator_dev *rdev) if (have_full_constraints()) { r = dummy_regulator_rdev; + if (!r) { + ret = -EPROBE_DEFER; + goto out; + } get_device(&r->dev); } else { dev_err(dev, "Failed to resolve %s-supply for %s\n", @@ -2086,6 +2090,10 @@ static int regulator_resolve_supply(struct regulator_dev *rdev) goto out; } r = dummy_regulator_rdev; + if (!r) { + ret = -EPROBE_DEFER; + goto out; + } get_device(&r->dev); } @@ -2211,8 +2219,10 @@ struct regulator *_regulator_get_common(struct regulator_dev *rdev, struct devic * enabled, even if it isn't hooked up, and just * provide a dummy. */ - dev_warn(dev, "supply %s not found, using dummy regulator\n", id); rdev = dummy_regulator_rdev; + if (!rdev) + return ERR_PTR(-EPROBE_DEFER); + dev_warn(dev, "supply %s not found, using dummy regulator\n", id); get_device(&rdev->dev); break; -- 2.44.1

6 months

2
1
0 0

[PATCH] s390/vfio-ap: lock mdev object when handling mdev remove request

by Anthony Krowiak

The vfio_ap_mdev_request function in drivers/s390/crypto/vfio_ap_ops.c accesses fields of an ap_matrix_mdev object without ensuring that the object is accessed by only one thread at a time. This patch adds the lock necessary to secure access to the ap_matrix_mdev object. Fixes: 2e3d8d71e285 ("s390/vfio-ap: wire in the vfio_device_ops request callback") Signed-off-by: Anthony Krowiak <akrowiak(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> --- drivers/s390/crypto/vfio_ap_ops.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/s390/crypto/vfio_ap_ops.c b/drivers/s390/crypto/vfio_ap_ops.c index a52c2690933f..a2784d3357d9 100644 --- a/drivers/s390/crypto/vfio_ap_ops.c +++ b/drivers/s390/crypto/vfio_ap_ops.c @@ -2045,6 +2045,7 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) struct ap_matrix_mdev *matrix_mdev; matrix_mdev = container_of(vdev, struct ap_matrix_mdev, vdev); + mutex_lock(&matrix_dev->mdevs_lock); if (matrix_mdev->req_trigger) { if (!(count % 10)) @@ -2057,6 +2058,8 @@ static void vfio_ap_mdev_request(struct vfio_device *vdev, unsigned int count) dev_notice(dev, "No device request registered, blocked until released by user\n"); } + + mutex_unlock(&matrix_dev->mdevs_lock); } static int vfio_ap_mdev_get_device_info(unsigned long arg) -- 2.47.1

6 months

2
3
0 0

[PATCH 6.12.y 00/60] `alloc`, `#[expect]` and "Custom FFI"

by Miguel Ojeda

Hi Greg, Sasha, Please consider this series for 6.12.y. It should apply cleanly on top of v6.12.18. These are the patches to backport the `alloc` series for Rust, which will be useful for Rust Android Binder and others. It also means that, with this applied, we will not rely on the standard library `alloc` (and the unstable `cfg` option we used) anymore in any stable kernel that supports several Rust versions, so e.g. upstream Rust could consider removing that `cfg` if they needed. The entire series of cherry-picks apply almost cleanly (only 2 trivial conflicts) -- to achieve that, I included the `#[expect]` support, which will make future backports that use that feature easier anyway. That series also enabled some Clippy warnings. We could reduce the series, but the end result is warning-free and Clippy is opt-in anyway. Out-of-tree code could, of course, see some warnings if they use it. I also included a bunch of Clippy warnings cleanups for the DRM QR Code to have this series clean up to Rust 1.85.0 (the latest stable), but I could send them separately if needed. Finally, I included the "Custom FFI" series backport, which in turn solves the arm64 + Rust 1.85.0 + `CONFIG_RUST_FW_LOADER_ABSTRACTIONS=y` issue. It will also make future patches easier to backport, since we will have the same `ffi::` types. I tested that the entire series builds between every commit for x86_64 `LLVM=1` with the latest stable and minimum supported Rust compiler versions. I also ran my usual stable kernel tests on the end result; that is, boot-tested in QEMU for several architectures etc. In v6.12.18 for loongarch there is an unrelated error that was not there in v6.12.17 when I did a previous test run -- reported separately. Things could still break, so extra tests on the next -rc from users in Cc here would be welcome -- thanks! Cheers, Miguel Asahi Lina (1): rust: alloc: Fix `ArrayLayout` allocations Benno Lossin (1): rust: alloc: introduce `ArrayLayout` Danilo Krummrich (28): rust: alloc: add `Allocator` trait rust: alloc: separate `aligned_size` from `krealloc_aligned` rust: alloc: rename `KernelAllocator` to `Kmalloc` rust: alloc: implement `ReallocFunc` rust: alloc: make `allocator` module public rust: alloc: implement `Allocator` for `Kmalloc` rust: alloc: add module `allocator_test` rust: alloc: implement `Vmalloc` allocator rust: alloc: implement `KVmalloc` allocator rust: alloc: add __GFP_NOWARN to `Flags` rust: alloc: implement kernel `Box` rust: treewide: switch to our kernel `Box` type rust: alloc: remove extension of std's `Box` rust: alloc: add `Box` to prelude rust: alloc: implement kernel `Vec` type rust: alloc: implement `IntoIterator` for `Vec` rust: alloc: implement `collect` for `IntoIter` rust: treewide: switch to the kernel `Vec` type rust: alloc: remove `VecExt` extension rust: alloc: add `Vec` to prelude rust: error: use `core::alloc::LayoutError` rust: error: check for config `test` in `Error::name` rust: alloc: implement `contains` for `Flags` rust: alloc: implement `Cmalloc` in module allocator_test rust: str: test: replace `alloc::format` rust: alloc: update module comment of alloc.rs kbuild: rust: remove the `alloc` crate and `GlobalAlloc` MAINTAINERS: add entry for the Rust `alloc` module Ethan D. Twardy (1): rust: kbuild: expand rusttest target for macros Filipe Xavier (2): rust: error: make conversion functions public rust: error: optimize error type to use nonzero Gary Guo (3): rust: fix size_t in bindgen prototypes of C builtins rust: map `__kernel_size_t` and friends also to usize/isize rust: use custom FFI integer types Miguel Ojeda (17): rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]` rust: sort global Rust flags rust: types: avoid repetition in `{As,From}Bytes` impls rust: enable `clippy::undocumented_unsafe_blocks` lint rust: enable `clippy::unnecessary_safety_comment` lint rust: enable `clippy::unnecessary_safety_doc` lint rust: enable `clippy::ignored_unit_patterns` lint rust: enable `rustdoc::unescaped_backticks` lint rust: init: remove unneeded `#[allow(clippy::disallowed_names)]` rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]` rust: introduce `.clippy.toml` rust: replace `clippy::dbg_macro` with `disallowed_macros` rust: provide proper code documentation titles rust: enable Clippy's `check-private-items` Documentation: rust: add coding guidelines on lints rust: start using the `#[expect(...)]` attribute Documentation: rust: discuss `#[expect(...)]` in the guidelines Thomas Böhler (7): drm/panic: avoid reimplementing Iterator::find drm/panic: remove unnecessary borrow in alignment_pattern drm/panic: prefer eliding lifetimes drm/panic: remove redundant field when assigning value drm/panic: correctly indent continuation of line in list item drm/panic: allow verbose boolean for clarity drm/panic: allow verbose version check .clippy.toml | 9 + .gitignore | 1 + Documentation/rust/coding-guidelines.rst | 148 ++++ MAINTAINERS | 8 + Makefile | 15 +- drivers/block/rnull.rs | 4 +- drivers/gpu/drm/drm_panic_qr.rs | 23 +- mm/kasan/kasan_test_rust.rs | 3 +- rust/Makefile | 92 +-- rust/bindgen_parameters | 5 + rust/bindings/bindings_helper.h | 1 + rust/bindings/lib.rs | 6 + rust/exports.c | 1 - rust/ffi.rs | 13 + rust/helpers/helpers.c | 1 + rust/helpers/slab.c | 6 + rust/helpers/vmalloc.c | 9 + rust/kernel/alloc.rs | 150 +++- rust/kernel/alloc/allocator.rs | 208 ++++-- rust/kernel/alloc/allocator_test.rs | 95 +++ rust/kernel/alloc/box_ext.rs | 89 --- rust/kernel/alloc/kbox.rs | 456 +++++++++++ rust/kernel/alloc/kvec.rs | 913 +++++++++++++++++++++++ rust/kernel/alloc/layout.rs | 91 +++ rust/kernel/alloc/vec_ext.rs | 185 ----- rust/kernel/block/mq/operations.rs | 18 +- rust/kernel/block/mq/raw_writer.rs | 2 +- rust/kernel/block/mq/tag_set.rs | 2 +- rust/kernel/error.rs | 79 +- rust/kernel/init.rs | 127 ++-- rust/kernel/init/__internal.rs | 13 +- rust/kernel/init/macros.rs | 18 +- rust/kernel/ioctl.rs | 2 +- rust/kernel/lib.rs | 5 +- rust/kernel/list.rs | 1 + rust/kernel/list/arc_field.rs | 2 +- rust/kernel/net/phy.rs | 16 +- rust/kernel/prelude.rs | 5 +- rust/kernel/print.rs | 5 +- rust/kernel/rbtree.rs | 49 +- rust/kernel/std_vendor.rs | 12 +- rust/kernel/str.rs | 46 +- rust/kernel/sync/arc.rs | 25 +- rust/kernel/sync/arc/std_vendor.rs | 2 + rust/kernel/sync/condvar.rs | 7 +- rust/kernel/sync/lock.rs | 8 +- rust/kernel/sync/lock/mutex.rs | 4 +- rust/kernel/sync/lock/spinlock.rs | 4 +- rust/kernel/sync/locked_by.rs | 2 +- rust/kernel/task.rs | 8 +- rust/kernel/time.rs | 4 +- rust/kernel/types.rs | 140 ++-- rust/kernel/uaccess.rs | 23 +- rust/kernel/workqueue.rs | 29 +- rust/macros/lib.rs | 14 +- rust/macros/module.rs | 8 +- rust/uapi/lib.rs | 6 + samples/rust/rust_minimal.rs | 4 +- samples/rust/rust_print.rs | 1 + scripts/Makefile.build | 4 +- scripts/generate_rust_analyzer.py | 11 +- 61 files changed, 2482 insertions(+), 756 deletions(-) create mode 100644 .clippy.toml create mode 100644 rust/ffi.rs create mode 100644 rust/helpers/vmalloc.c create mode 100644 rust/kernel/alloc/allocator_test.rs delete mode 100644 rust/kernel/alloc/box_ext.rs create mode 100644 rust/kernel/alloc/kbox.rs create mode 100644 rust/kernel/alloc/kvec.rs create mode 100644 rust/kernel/alloc/layout.rs delete mode 100644 rust/kernel/alloc/vec_ext.rs -- 2.48.1

6 months

5
71
0 0

[PATCH v3 1/2] regulator: dummy: force synchronous probing

by Christian Eggers

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously. Cc: stable(a)vger.kernel.org Fixes: 259b93b21a9f ("regulator: Set PROBE_PREFER_ASYNCHRONOUS for drivers that existed in 4.14") Signed-off-by: Christian Eggers <ceggers(a)arri.de> --- v2: - no changes v3: - no changes drivers/regulator/dummy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/regulator/dummy.c b/drivers/regulator/dummy.c index 5b9b9e4e762d..9f59889129ab 100644 --- a/drivers/regulator/dummy.c +++ b/drivers/regulator/dummy.c @@ -60,7 +60,7 @@ static struct platform_driver dummy_regulator_driver = { .probe = dummy_regulator_probe, .driver = { .name = "reg-dummy", - .probe_type = PROBE_PREFER_ASYNCHRONOUS, + .probe_type = PROBE_FORCE_SYNCHRONOUS, }, }; -- 2.44.1

6 months

1
0
0 0

[PATCH] media: v4l2-dev: fix error handling in __video_register_device()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: baa057e29b58 ("media: v4l2-dev: use pr_foo() for printing messages") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/media/v4l2-core/v4l2-dev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c index 5bcaeeba4d09..1619614e96bf 100644 --- a/drivers/media/v4l2-core/v4l2-dev.c +++ b/drivers/media/v4l2-core/v4l2-dev.c @@ -1060,6 +1060,7 @@ int __video_register_device(struct video_device *vdev, if (ret < 0) { mutex_unlock(&videodev_lock); pr_err("%s: device_register failed\n", __func__); + put_device(&vdev->dev); goto cleanup; } /* Register the release callback that will be called when the last -- 2.25.1

6 months

2
1
0 0

[PATCH] [SCSI] iscsi: fix error handling in iscsi_add_session()

by Ma Ke

Once device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 8434aa8b6fe5 ("[SCSI] iscsi: break up session creation into two stages") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/scsi/scsi_transport_iscsi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c index 9c347c64c315..74333e182612 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -2114,6 +2114,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) release_dev: device_del(&session->dev); release_ida: + put_device(&session->dev); if (session->ida_used) ida_free(&iscsi_sess_ida, session->target_id); destroy_wq: -- 2.25.1

6 months

2
1
0 0

[PATCH] Bluetooth: fix error handling in hci_register_dev()

by Ma Ke

Once device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 54506918059a ("Bluetooth: Move SMP initialization after HCI init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- net/bluetooth/hci_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index e7ec12437c8b..c03fd16d3c46 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -2641,6 +2641,7 @@ int hci_register_dev(struct hci_dev *hdev) return id; err_wqueue: + put_device(&hdev->dev); debugfs_remove_recursive(hdev->debugfs); destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); -- 2.25.1

6 months

2
1
0 0

[PATCH] Input: fix error handling in input_register_device()

by Ma Ke

Once device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 0cd587735205 ("Input: preallocate memory to hold event values") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/input/input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/input.c b/drivers/input/input.c index c9e3ac64bcd0..2e70f346dadc 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -2424,6 +2424,7 @@ int input_register_device(struct input_dev *dev) err_device_del: device_del(&dev->dev); err_devres_free: + put_device(&dev->dev); devres_free(devres); return error; } -- 2.25.1

6 months

2
1
0 0

[PATCH] net-sysfs: fix error handling in netdev_register_kobject()

by Ma Ke

Once device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 8ed633b9baf9 ("Revert "net-sysfs: Fix memory leak in netdev_register_kobject"") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- net/core/net-sysfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c index 07cb99b114bd..f443eacc9237 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c @@ -2169,6 +2169,7 @@ int netdev_register_kobject(struct net_device *ndev) error = device_add(dev); if (error) + put_device(dev); return error; error = register_queue_kobjects(ndev); -- 2.25.1

6 months

3
3
0 0

[PATCH] mtd: fix error handling in uif_init()

by Ma Ke

Once cdev_device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 493cfaeaa0c9 ("mtd: utilize new cdev_device_add helper function") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/mtd/ubi/build.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index ef6a22f372f9..ca4c54cf9fd4 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -486,6 +486,7 @@ static int uif_init(struct ubi_device *ubi) kill_volumes(ubi); cdev_device_del(&ubi->cdev, &ubi->dev); out_unreg: + put_device(&ubi->dev); unregister_chrdev_region(ubi->cdev.dev, ubi->vtbl_slots + 1); ubi_err(ubi, "cannot initialize UBI %s, error %d", ubi->ubi_name, err); -- 2.25.1

6 months

2
1
0 0

[PATCH] [POWERPC] ps3: fix error handling in ps3_system_bus_device_register()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_register() says, 'NOTE: _Never_ directly free @dev after calling this function, even if it returned an error! Always use put_device() to give up the reference initialized in this function instead.' Found by code review. Cc: stable(a)vger.kernel.org Fixes: a3d4d6435b56 ("[POWERPC] ps3: add ps3 platform system bus support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- arch/powerpc/platforms/ps3/system-bus.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/platforms/ps3/system-bus.c b/arch/powerpc/platforms/ps3/system-bus.c index afbaabf182d0..c477d0ee523a 100644 --- a/arch/powerpc/platforms/ps3/system-bus.c +++ b/arch/powerpc/platforms/ps3/system-bus.c @@ -769,6 +769,9 @@ int ps3_system_bus_device_register(struct ps3_system_bus_device *dev) pr_debug("%s:%d add %s\n", __func__, __LINE__, dev_name(&dev->core)); result = device_register(&dev->core); + if (result) + put_device(&dev->core); + return result; } -- 2.25.1

6 months

2
1
0 0

[PATCH 6.6.y] zram: fix NULL pointer in comp_algorithm_show()

by jianqi.ren.cn＠windriver.com

From: Liu Shixin <liushixin2(a)huawei.com> [ Upstream commit f364cdeb38938f9d03061682b8ff3779dd1730e5 ] LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_strcmp+0x24/0x140 lr : zcomp_available_show+0x60/0x100 [zram] sp : ffff800088b93b90 x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0 x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000 x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900 x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280 x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000 Call trace: __pi_strcmp+0x24/0x140 comp_algorithm_show+0x40/0x70 [zram] dev_attr_show+0x28/0x80 sysfs_kf_seq_show+0x90/0x140 kernfs_seq_show+0x34/0x48 seq_read_iter+0x1d4/0x4e8 kernfs_fop_read_iter+0x40/0x58 new_sync_read+0x9c/0x168 vfs_read+0x1a8/0x1f8 ksys_read+0x74/0x108 __arm64_sys_read+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x138 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 The zram->comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if comp_algorithm_set() has not been called. User can access the zram device by sysfs after device_add_disk(), so there is a time window to trigger the NULL pointer dereference. Move it ahead device_add_disk() to make sure when user can access the zram device, it is ready. comp_algorithm_set() is protected by zram->init_lock in other places and no such problem. Link: https://lkml.kernel.org/r/20241108100147.3776123-1-liushixin2@huawei.com Fixes: 7ac07a26dea7 ("zram: preparation for multi-zcomp support") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [This fix does not backport zram_comp_params_reset which was introduced after v6.6, in commit f2bac7ad187d ("zram: introduce zcomp_params structure")] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/block/zram/zram_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index b73038ad86f7..44cf0e51d7db 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2247,6 +2247,8 @@ static int zram_add(void) zram->disk->private_data = zram; snprintf(zram->disk->disk_name, 16, "zram%d", device_id); + comp_algorithm_set(zram, ZRAM_PRIMARY_COMP, default_compressor); + /* Actual capacity set using sysfs (/sys/block/zram<id>/disksize */ set_capacity(zram->disk, 0); /* zram devices sort of resembles non-rotational disks */ @@ -2281,8 +2283,6 @@ static int zram_add(void) if (ret) goto out_cleanup_disk; - comp_algorithm_set(zram, ZRAM_PRIMARY_COMP, default_compressor); - zram_debugfs_register(zram); pr_info("Added device: %s\n", zram->disk->disk_name); return device_id; -- 2.25.1

6 months

2
1
0 0

[PATCH 5.15.y] fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super

by Miguel García

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> commit 91a4b1ee78cb ("fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super") This patch is a backport and fixes an UBSAN warning about shift-out-of-bounds in ntfs_fill_super() function of the NTFS3 driver. The original code incorrectly calculated MFT record size, causing undefined behavior when performing bit shifts with values that exceed type limits. The fix has been verified by executing the syzkaller reproducer test case. After applying this patch, the system successfully handles the test case without kernel panic or UBSAN warnings. Bug: https://syzkaller.appspot.com/bug?extid=010986becd65dbf9464b Reported-by: syzbot+010986becd65dbf9464b(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Miguel Garcia Roman <miguelgarciaroman8(a)gmail.com> (cherry picked from commit 91a4b1ee78cb100b19b70f077c247f211110348f) --- fs/ntfs3/ntfs_fs.h | 2 ++ fs/ntfs3/super.c | 63 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 50 insertions(+), 15 deletions(-) diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 7b46926e920c..c5ef0e0cdf59 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -43,9 +43,11 @@ enum utf16_endian; #define MINUS_ONE_T ((size_t)(-1)) /* Biggest MFT / smallest cluster */ #define MAXIMUM_BYTES_PER_MFT 4096 +#define MAXIMUM_SHIFT_BYTES_PER_MFT 12 #define NTFS_BLOCKS_PER_MFT_RECORD (MAXIMUM_BYTES_PER_MFT / 512) #define MAXIMUM_BYTES_PER_INDEX 4096 +#define MAXIMUM_SHIFT_BYTES_PER_INDEX 12 #define NTFS_BLOCKS_PER_INODE (MAXIMUM_BYTES_PER_INDEX / 512) /* NTFS specific error code when fixup failed. */ diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 78b086527331..abab388e413f 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -680,7 +680,7 @@ static u32 true_sectors_per_clst(const struct NTFS_BOOT *boot) * ntfs_init_from_boot - Init internal info from on-disk boot sector. */ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, - u64 dev_size) + u64 dev_size) { struct ntfs_sb_info *sbi = sb->s_fs_info; int err; @@ -705,12 +705,12 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* 0x55AA is not mandaroty. Thanks Maxim Suhanov*/ /*if (0x55 != boot->boot_magic[0] || 0xAA != boot->boot_magic[1]) - * goto out; + * goto out; */ boot_sector_size = (u32)boot->bytes_per_sector[1] << 8; if (boot->bytes_per_sector[0] || boot_sector_size < SECTOR_SIZE || - !is_power_of_2(boot_sector_size)) { + !is_power_of_2(boot_sector_size)) { goto out; } @@ -733,15 +733,49 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, /* Check MFT record size. */ if ((boot->record_size < 0 && - SECTOR_SIZE > (2U << (-boot->record_size))) || - (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + SECTOR_SIZE > (2U << (-boot->record_size))) || + (boot->record_size >= 0 && !is_power_of_2(boot->record_size))) { + goto out; + } + + /* Calculate cluster size */ + sbi->cluster_size = boot_sector_size * sct_per_clst; + sbi->cluster_bits = blksize_bits(sbi->cluster_size); + + if (boot->record_size >= 0) { + record_size = (u32)boot->record_size << sbi->cluster_bits; + } else if (-boot->record_size <= MAXIMUM_SHIFT_BYTES_PER_MFT) { + record_size = 1u << (-boot->record_size); + } else { + ntfs_err(sb, "%s: invalid record size %d.", "NTFS", + boot->record_size); + goto out; + } + + sbi->record_size = record_size; + sbi->record_bits = blksize_bits(record_size); + sbi->attr_size_tr = (5 * record_size >> 4); // ~320 bytes + + if (record_size > MAXIMUM_BYTES_PER_MFT) { + ntfs_err(sb, "Unsupported bytes per MFT record %u.", + record_size); + goto out; + } + + if (boot->index_size >= 0) { + sbi->index_size = (u32)boot->index_size << sbi->cluster_bits; + } else if (-boot->index_size <= MAXIMUM_SHIFT_BYTES_PER_INDEX) { + sbi->index_size = 1u << (-boot->index_size); + } else { + ntfs_err(sb, "%s: invalid index size %d.", "NTFS", + boot->index_size); goto out; } /* Check index record size. */ if ((boot->index_size < 0 && - SECTOR_SIZE > (2U << (-boot->index_size))) || - (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { + SECTOR_SIZE > (2U << (-boot->index_size))) || + (boot->index_size >= 0 && !is_power_of_2(boot->index_size))) { goto out; } @@ -762,9 +796,6 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, dev_size += sector_size - 1; } - sbi->cluster_size = boot_sector_size * sct_per_clst; - sbi->cluster_bits = blksize_bits(sbi->cluster_size); - sbi->mft.lbo = mlcn << sbi->cluster_bits; sbi->mft.lbo2 = mlcn2 << sbi->cluster_bits; @@ -785,9 +816,9 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, sbi->cluster_mask = sbi->cluster_size - 1; sbi->cluster_mask_inv = ~(u64)sbi->cluster_mask; sbi->record_size = record_size = boot->record_size < 0 - ? 1 << (-boot->record_size) - : (u32)boot->record_size - << sbi->cluster_bits; + ? 1 << (-boot->record_size) + : (u32)boot->record_size + << sbi->cluster_bits; if (record_size > MAXIMUM_BYTES_PER_MFT || record_size < SECTOR_SIZE) goto out; @@ -801,8 +832,8 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, ALIGN(sizeof(enum ATTR_TYPE), 8); sbi->index_size = boot->index_size < 0 - ? 1u << (-boot->index_size) - : (u32)boot->index_size << sbi->cluster_bits; + ? 1u << (-boot->index_size) + : (u32)boot->index_size << sbi->cluster_bits; sbi->volume.ser_num = le64_to_cpu(boot->serial_num); @@ -879,6 +910,8 @@ static int ntfs_init_from_boot(struct super_block *sb, u32 sector_size, return err; } + + /* * ntfs_fill_super - Try to mount. */ -- 2.34.1

6 months

4
7
0 0

FAILED: patch "[PATCH] mm: fix kernel BUG when userfaultfd_move encounters swapcache" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x c50f8e6053b0503375c2975bf47f182445aebb4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030926-tapestry-rabid-7392@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c50f8e6053b0503375c2975bf47f182445aebb4c Mon Sep 17 00:00:00 2001 From: Barry Song <baohua(a)kernel.org> Date: Wed, 26 Feb 2025 13:14:00 +1300 Subject: [PATCH] mm: fix kernel BUG when userfaultfd_move encounters swapcache userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio's index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 If KSM is enabled, Peter Xu also discovered that do_swap_page() may trigger an unexpected CoW operation for small folios because ksm_might_need_to_copy() allocates a new folio when the folio index does not match linear_page_index(vma, addr). This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we directly return -EBUSY since split_folio() will return -EBUSY regardless if the folio is under writeback or unmapped. This is not an urgent issue, so a follow-up patch may address it separately. [v-songbaohua(a)oppo.com: minor cleanup according to Peter Xu] Link: https://lkml.kernel.org/r/20250226024411.47092-1-21cnbao@gmail.com Link: https://lkml.kernel.org/r/20250226001400.9129-1-21cnbao@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index af3dfc3633db..c45b672e10d1 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1076,16 +1077,14 @@ static int move_present_pte(struct mm_struct *mm, return err; } -static int move_swap_pte(struct mm_struct *mm, +static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, - spinlock_t *dst_ptl, spinlock_t *src_ptl) + spinlock_t *dst_ptl, spinlock_t *src_ptl, + struct folio *src_folio) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1094,6 +1093,16 @@ static int move_swap_pte(struct mm_struct *mm, return -EAGAIN; } + /* + * The src_folio resides in the swapcache, requiring an update to its + * index and mapping to align with the dst_vma, where a swap-in may + * occur and hit the swapcache after moving the PTE. + */ + if (src_folio) { + folio_move_anon_rmap(src_folio, dst_vma); + src_folio->index = linear_page_index(dst_vma, dst_addr); + } + orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); @@ -1141,6 +1150,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1322,6 +1332,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, dst_ptl, src_ptl, src_folio); } else { + struct folio *folio = NULL; + entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { @@ -1335,9 +1347,53 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; + goto out; + } + /* + * Verify the existence of the swapcache. If present, the folio's + * index and mapping must be updated even when the PTE is a swap + * entry. The anon_vma lock is not taken during this process since + * the folio has already been unmapped, and the swap entry is + * exclusive, preventing rmap walks. + * + * For large folios, return -EBUSY immediately, as split_folio() + * also returns -EBUSY when attempting to split unmapped large + * folios in the swapcache. This issue needs to be resolved + * separately to allow proper handling. + */ + if (!src_folio) + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(folio)) { + if (folio_test_large(folio)) { + err = -EBUSY; + folio_put(folio); + goto out; + } + src_folio = folio; + src_folio_pte = orig_src_pte; + if (!folio_trylock(src_folio)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + put_swap_device(si); + si = NULL; + /* now we can block and wait */ + folio_lock(src_folio); + goto retry; + } + } + err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + dst_ptl, src_ptl, src_folio); } out: @@ -1354,6 +1410,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, if (src_pte) pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; }

6 months

3
2
0 0

[PATCH 6.1.y 1/1] hrtimer: Use and report correct timerslack values for realtime tasks

by Felix Moessbauer

commit ed4fb6d7ef68111bb539283561953e5c6e9a6e38 upstream. The timerslack_ns setting is used to specify how much the hardware timers should be delayed, to potentially dispatch multiple timers in a single interrupt. This is a performance optimization. Timers of realtime tasks (having a realtime scheduling policy) should not be delayed. This logic was inconsitently applied to the hrtimers, leading to delays of realtime tasks which used timed waits for events (e.g. condition variables). Due to the downstream override of the slack for rt tasks, the procfs reported incorrect (non-zero) timerslack_ns values. This is changed by setting the timer_slack_ns task attribute to 0 for all tasks with a rt policy. By that, downstream users do not need to specially handle rt tasks (w.r.t. the slack), and the procfs entry shows the correct value of "0". Setting non-zero slack values (either via procfs or PR_SET_TIMERSLACK) on tasks with a rt policy is ignored, as stated in "man 2 PR_SET_TIMERSLACK": Timer slack is not applied to threads that are scheduled under a real-time scheduling policy (see sched_setscheduler(2)). The special handling of timerslack on rt tasks in downstream users is removed as well. Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Link: https://lore.kernel.org/all/20240814121032.368444-2-felix.moessbauer@siemen… --- fs/proc/base.c | 9 +++++---- fs/select.c | 11 ++++------- kernel/sched/core.c | 8 ++++++++ kernel/sys.c | 2 ++ kernel/time/hrtimer.c | 18 +++--------------- 5 files changed, 22 insertions(+), 26 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index ecc45389ea793..82e4a8805bae6 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2633,10 +2633,11 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, } task_lock(p); - if (slack_ns == 0) - p->timer_slack_ns = p->default_timer_slack_ns; - else - p->timer_slack_ns = slack_ns; + if (task_is_realtime(p)) + slack_ns = 0; + else if (slack_ns == 0) + slack_ns = p->default_timer_slack_ns; + p->timer_slack_ns = slack_ns; task_unlock(p); out: diff --git a/fs/select.c b/fs/select.c index 3f730b8581f65..e66b6189845ea 100644 --- a/fs/select.c +++ b/fs/select.c @@ -77,19 +77,16 @@ u64 select_estimate_accuracy(struct timespec64 *tv) { u64 ret; struct timespec64 now; + u64 slack = current->timer_slack_ns; - /* - * Realtime tasks get a slack of 0 for obvious reasons. - */ - - if (rt_task(current)) + if (slack == 0) return 0; ktime_get_ts64(&now); now = timespec64_sub(*tv, now); ret = __estimate_accuracy(&now); - if (ret < current->timer_slack_ns) - return current->timer_slack_ns; + if (ret < slack) + return slack; return ret; } diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0a483fd9f5de5..9be8a509b5f3f 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7380,6 +7380,14 @@ static void __setscheduler_params(struct task_struct *p, else if (fair_policy(policy)) p->static_prio = NICE_TO_PRIO(attr->sched_nice); + /* rt-policy tasks do not have a timerslack */ + if (task_is_realtime(p)) { + p->timer_slack_ns = 0; + } else if (p->timer_slack_ns == 0) { + /* when switching back to non-rt policy, restore timerslack */ + p->timer_slack_ns = p->default_timer_slack_ns; + } + /* * __sched_setscheduler() ensures attr->sched_priority == 0 when * !rt_policy. Always setting this ensures that things like diff --git a/kernel/sys.c b/kernel/sys.c index d06eda1387b69..06a9a87a8d3e0 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2477,6 +2477,8 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = current->timer_slack_ns; break; case PR_SET_TIMERSLACK: + if (task_is_realtime(current)) + break; if (arg2 <= 0) current->timer_slack_ns = current->default_timer_slack_ns; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 8db65e2db14c7..f6d799646dd9c 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -2090,14 +2090,9 @@ long hrtimer_nanosleep(ktime_t rqtp, const enum hrtimer_mode mode, struct restart_block *restart; struct hrtimer_sleeper t; int ret = 0; - u64 slack; - - slack = current->timer_slack_ns; - if (dl_task(current) || rt_task(current)) - slack = 0; hrtimer_init_sleeper_on_stack(&t, clockid, mode); - hrtimer_set_expires_range_ns(&t.timer, rqtp, slack); + hrtimer_set_expires_range_ns(&t.timer, rqtp, current->timer_slack_ns); ret = do_nanosleep(&t, mode); if (ret != -ERESTART_RESTARTBLOCK) goto out; @@ -2278,7 +2273,7 @@ void __init hrtimers_init(void) /** * schedule_hrtimeout_range_clock - sleep until timeout * @expires: timeout value (ktime_t) - * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks + * @delta: slack in expires timeout (ktime_t) * @mode: timer mode * @clock_id: timer clock to be used */ @@ -2305,13 +2300,6 @@ schedule_hrtimeout_range_clock(ktime_t *expires, u64 delta, return -EINTR; } - /* - * Override any slack passed by the user if under - * rt contraints. - */ - if (rt_task(current)) - delta = 0; - hrtimer_init_sleeper_on_stack(&t, clock_id, mode); hrtimer_set_expires_range_ns(&t.timer, *expires, delta); hrtimer_sleeper_start_expires(&t, mode); @@ -2331,7 +2319,7 @@ EXPORT_SYMBOL_GPL(schedule_hrtimeout_range_clock); /** * schedule_hrtimeout_range - sleep until timeout * @expires: timeout value (ktime_t) - * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks + * @delta: slack in expires timeout (ktime_t) * @mode: timer mode * * Make the current task sleep until the given expiry time has -- 2.47.2

6 months

2
1
0 0

[PATCH 5.4 0/4] sctp: sysctl: fix argument passed to container_of

by Magali Lemes

Patches "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" and "sctp: sysctl: auth_enable: avoid using current->nsproxy" have been mixed up when backported to 5.4. The `member` argument passed to `container_of` has been swapped in both proc_sctp_do_auth() and proc_sctp_do_hmac_alg(). For instance, accessing /proc/sys/net/sctp/cookie_hmac_alg can now cause a kernel oops. Fix this by reverting the wrong backports and re-applying them correctly. Magali Lemes (2): Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" Matthieu Baerts (NGI0) (2): sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy sctp: sysctl: auth_enable: avoid using current->nsproxy net/sctp/sysctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.48.1

6 months

2
8
0 0

[PATCH stable 5.15] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..9db35305f257 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

6 months

2
1
0 0

[PATCH 6.6.y 1/1] hrtimer: Use and report correct timerslack values for realtime tasks

by Felix Moessbauer

commit ed4fb6d7ef68111bb539283561953e5c6e9a6e38 upstream. The timerslack_ns setting is used to specify how much the hardware timers should be delayed, to potentially dispatch multiple timers in a single interrupt. This is a performance optimization. Timers of realtime tasks (having a realtime scheduling policy) should not be delayed. This logic was inconsitently applied to the hrtimers, leading to delays of realtime tasks which used timed waits for events (e.g. condition variables). Due to the downstream override of the slack for rt tasks, the procfs reported incorrect (non-zero) timerslack_ns values. This is changed by setting the timer_slack_ns task attribute to 0 for all tasks with a rt policy. By that, downstream users do not need to specially handle rt tasks (w.r.t. the slack), and the procfs entry shows the correct value of "0". Setting non-zero slack values (either via procfs or PR_SET_TIMERSLACK) on tasks with a rt policy is ignored, as stated in "man 2 PR_SET_TIMERSLACK": Timer slack is not applied to threads that are scheduled under a real-time scheduling policy (see sched_setscheduler(2)). The special handling of timerslack on rt tasks in downstream users is removed as well. Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Link: https://lore.kernel.org/all/20240814121032.368444-2-felix.moessbauer@siemen… --- fs/proc/base.c | 9 +++++---- fs/select.c | 11 ++++------- kernel/sched/core.c | 8 ++++++++ kernel/sys.c | 2 ++ kernel/time/hrtimer.c | 18 +++--------------- 5 files changed, 22 insertions(+), 26 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 699f085d4de7d..91fe20b7657c0 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2633,10 +2633,11 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, } task_lock(p); - if (slack_ns == 0) - p->timer_slack_ns = p->default_timer_slack_ns; - else - p->timer_slack_ns = slack_ns; + if (task_is_realtime(p)) + slack_ns = 0; + else if (slack_ns == 0) + slack_ns = p->default_timer_slack_ns; + p->timer_slack_ns = slack_ns; task_unlock(p); out: diff --git a/fs/select.c b/fs/select.c index 3f730b8581f65..e66b6189845ea 100644 --- a/fs/select.c +++ b/fs/select.c @@ -77,19 +77,16 @@ u64 select_estimate_accuracy(struct timespec64 *tv) { u64 ret; struct timespec64 now; + u64 slack = current->timer_slack_ns; - /* - * Realtime tasks get a slack of 0 for obvious reasons. - */ - - if (rt_task(current)) + if (slack == 0) return 0; ktime_get_ts64(&now); now = timespec64_sub(*tv, now); ret = __estimate_accuracy(&now); - if (ret < current->timer_slack_ns) - return current->timer_slack_ns; + if (ret < slack) + return slack; return ret; } diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 784a4f8409453..3d6dc03e4a7d3 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -7530,6 +7530,14 @@ static void __setscheduler_params(struct task_struct *p, else if (fair_policy(policy)) p->static_prio = NICE_TO_PRIO(attr->sched_nice); + /* rt-policy tasks do not have a timerslack */ + if (task_is_realtime(p)) { + p->timer_slack_ns = 0; + } else if (p->timer_slack_ns == 0) { + /* when switching back to non-rt policy, restore timerslack */ + p->timer_slack_ns = p->default_timer_slack_ns; + } + /* * __sched_setscheduler() ensures attr->sched_priority == 0 when * !rt_policy. Always setting this ensures that things like diff --git a/kernel/sys.c b/kernel/sys.c index 44b5759903332..355de0b65c235 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2535,6 +2535,8 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = current->timer_slack_ns; break; case PR_SET_TIMERSLACK: + if (task_is_realtime(current)) + break; if (arg2 <= 0) current->timer_slack_ns = current->default_timer_slack_ns; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index e99b1305e1a5f..5db6912b8f6e1 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -2093,14 +2093,9 @@ long hrtimer_nanosleep(ktime_t rqtp, const enum hrtimer_mode mode, struct restart_block *restart; struct hrtimer_sleeper t; int ret = 0; - u64 slack; - - slack = current->timer_slack_ns; - if (rt_task(current)) - slack = 0; hrtimer_init_sleeper_on_stack(&t, clockid, mode); - hrtimer_set_expires_range_ns(&t.timer, rqtp, slack); + hrtimer_set_expires_range_ns(&t.timer, rqtp, current->timer_slack_ns); ret = do_nanosleep(&t, mode); if (ret != -ERESTART_RESTARTBLOCK) goto out; @@ -2281,7 +2276,7 @@ void __init hrtimers_init(void) /** * schedule_hrtimeout_range_clock - sleep until timeout * @expires: timeout value (ktime_t) - * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks + * @delta: slack in expires timeout (ktime_t) * @mode: timer mode * @clock_id: timer clock to be used */ @@ -2308,13 +2303,6 @@ schedule_hrtimeout_range_clock(ktime_t *expires, u64 delta, return -EINTR; } - /* - * Override any slack passed by the user if under - * rt contraints. - */ - if (rt_task(current)) - delta = 0; - hrtimer_init_sleeper_on_stack(&t, clock_id, mode); hrtimer_set_expires_range_ns(&t.timer, *expires, delta); hrtimer_sleeper_start_expires(&t, mode); @@ -2334,7 +2322,7 @@ EXPORT_SYMBOL_GPL(schedule_hrtimeout_range_clock); /** * schedule_hrtimeout_range - sleep until timeout * @expires: timeout value (ktime_t) - * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks + * @delta: slack in expires timeout (ktime_t) * @mode: timer mode * * Make the current task sleep until the given expiry time has -- 2.47.2

6 months

2
1
0 0

[PATCH v2] x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

by Florent Revest

Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditonally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type 'unsigned long[512]' [...] Call Trace: dump_stack+0xdb/0x143 __ubsan_handle_out_of_bounds+0xf5/0x120 load_microcode_amd+0x58f/0x6b0 request_microcode_amd+0x17c/0x250 reload_store+0x174/0x2b0 kernfs_fop_write_iter+0x227/0x2d0 vfs_write+0x322/0x510 ksys_write+0xb5/0x160 do_syscall_64+0x6b/0xa0 entry_SYSCALL_64_after_hwframe+0x67/0xd1 This changes the iteration to only loop on NUMA nodes which have CPUs before attempting to update their microcodes. Fixes: 7ff6edf4fef3 ("x86/microcode/AMD: Fix mixed steppings support") Signed-off-by: Florent Revest <revest(a)chromium.org> Cc: stable(a)vger.kernel.org --- arch/x86/kernel/cpu/microcode/amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 95ac1c6a84fbe..d1e74bfe130f8 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -1068,7 +1068,7 @@ static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t siz if (ret != UCODE_OK) return ret; - for_each_node(nid) { + for_each_node_with_cpus(nid) { cpu = cpumask_first(cpumask_of_node(nid)); c = &cpu_data(cpu); -- 2.49.0.rc0.332.g42c0ae87b1-goog

6 months

3
2
0 0

[PATCH 6.12.y 6.13.y] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq

by Uladzislau Rezki (Sony)

commit dfd3df31c9db752234d7d2e09bef2aeabb643ce4 upstream. Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Closes: https://lore.kernel.org/all/Z7iqJtCjHKfo8Kho@kbusch-mbp/ Cc: stable(a)vger.kernel.org Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> --- kernel/rcu/tree.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index 3e486ccaa4ca..8e52c1dd0628 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -3191,6 +3191,8 @@ void call_rcu(struct rcu_head *head, rcu_callback_t func) } EXPORT_SYMBOL_GPL(call_rcu); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -3519,10 +3521,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -3620,7 +3622,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -3708,7 +3710,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -5662,6 +5664,10 @@ static void __init kfree_rcu_batch_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) { -- 2.39.5

6 months

2
1
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030901-banshee-unwomanly-f19e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

6 months

3
2
0 0

[PATCH RFC 5.15] smb: client: fix potential UAF in cifs_stats_proc_write()

by Xiangyu Chen

From: Paulo Alcantara <pc(a)manguebit.com> commit d3da25c5ac84430f89875ca7485a3828150a7e0a upstream. Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [ cifs_debug.c was moved from fs/cifs to fs/smb/client since 38c8a9a52082 ("smb: move client and server files to common directory fs/smb"). The cifs_ses_exiting() was introduced to cifs_debug.c since ca545b7f0823 ("smb: client: fix potential UAF in cifs_debug_files_proc_show()"). and the SES_EXITING in cifs_ses_exiting() instead of CifsExiting since dd3cd8709ed5 ("cifs: use new enum for ses_status"). The ses_lock in cifs_ses_exiting() was introduced in commmit d7d7a66aacd6 ("cifs: avoid use of global locks for high contention data"), on 5.15/5.10, there is a global lock take care of ses->status. So use "if (ses->status == CifsExiting)" instead of "if (cifs_ses_exiting(ses))" ] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Try to merge commit d3da25c5ac84430f89875ca7485a3828150a7e0a to 5.15 Verified the code compile on linux 5.15 --- fs/cifs/cifs_debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index e7501533c2ec..ce02cc71e117 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -528,6 +528,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, list_for_each(tmp2, &server->smb_ses_list) { ses = list_entry(tmp2, struct cifs_ses, smb_ses_list); + if (ses->status == CifsExiting) + continue; list_for_each(tmp3, &ses->tcon_list) { tcon = list_entry(tmp3, struct cifs_tcon, -- 2.25.1

6 months

2
1
0 0

[PATCH for-stable-6.x 0/2] Stable backport of c00b413a96261fae

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> This is the stable backport of commit c00b413a96261fae ("x86/boot: Sanitize boot params before parsing command line") to the v6.6 and v6.1 trees. Patch #2 can be applied to both v6.1 and v6.6. Patch #1 is a prerequisite that is already present in v6.1 but was not backported to v6.6 yet for reasons that are unclear to me, and so it needs to be applied to v6.6 first. Ard Biesheuvel (2): x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' x86/boot: Sanitize boot params before parsing command line arch/x86/boot/compressed/acpi.c | 14 +++++------ arch/x86/boot/compressed/cmdline.c | 4 +-- arch/x86/boot/compressed/ident_map_64.c | 7 +++--- arch/x86/boot/compressed/kaslr.c | 26 ++++++++++---------- arch/x86/boot/compressed/mem.c | 6 ++--- arch/x86/boot/compressed/misc.c | 26 ++++++++++---------- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 11 +++++---- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/include/asm/boot.h | 2 ++ drivers/firmware/efi/libstub/x86-stub.c | 2 +- drivers/firmware/efi/libstub/x86-stub.h | 2 -- 12 files changed, 52 insertions(+), 51 deletions(-) -- 2.49.0.rc0.332.g42c0ae87b1-goog

6 months

3
4
0 0

[PATCH 6.1.y] fs/ntfs3: Add rough attr alloc_size check

by bin.lan.cn＠windriver.com

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit c4a8ba334262e9a5c158d618a4820e1b9c12495c ] Reported-by: syzbot+c6d94bedd910a8216d25(a)syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- fs/ntfs3/record.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index b2b98631a000..bfb1f4c2f271 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -325,6 +325,9 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) } else { if (attr->nres.c_unit) return NULL; + + if (alloc_size > mi->sbi->volume.size) + return NULL; } return attr; -- 2.34.1

6 months

2
1
0 0

[PATCH 6.12.y] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq

by Uladzislau Rezki (Sony)

Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Closes: https://lore.kernel.org/all/Z7iqJtCjHKfo8Kho@kbusch-mbp/ Cc: stable(a)vger.kernel.org Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- kernel/rcu/tree.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index 3e486ccaa4ca..8e52c1dd0628 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -3191,6 +3191,8 @@ void call_rcu(struct rcu_head *head, rcu_callback_t func) } EXPORT_SYMBOL_GPL(call_rcu); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -3519,10 +3521,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -3620,7 +3622,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -3708,7 +3710,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -5662,6 +5664,10 @@ static void __init kfree_rcu_batch_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) { -- 2.39.5

6 months

2
1
0 0

FAILED: patch "[PATCH] mm: fix kernel BUG when userfaultfd_move encounters swapcache" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c50f8e6053b0503375c2975bf47f182445aebb4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030928-bonanza-unscrew-4f1c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c50f8e6053b0503375c2975bf47f182445aebb4c Mon Sep 17 00:00:00 2001 From: Barry Song <baohua(a)kernel.org> Date: Wed, 26 Feb 2025 13:14:00 +1300 Subject: [PATCH] mm: fix kernel BUG when userfaultfd_move encounters swapcache userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio's index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 If KSM is enabled, Peter Xu also discovered that do_swap_page() may trigger an unexpected CoW operation for small folios because ksm_might_need_to_copy() allocates a new folio when the folio index does not match linear_page_index(vma, addr). This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we directly return -EBUSY since split_folio() will return -EBUSY regardless if the folio is under writeback or unmapped. This is not an urgent issue, so a follow-up patch may address it separately. [v-songbaohua(a)oppo.com: minor cleanup according to Peter Xu] Link: https://lkml.kernel.org/r/20250226024411.47092-1-21cnbao@gmail.com Link: https://lkml.kernel.org/r/20250226001400.9129-1-21cnbao@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index af3dfc3633db..c45b672e10d1 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1076,16 +1077,14 @@ static int move_present_pte(struct mm_struct *mm, return err; } -static int move_swap_pte(struct mm_struct *mm, +static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, - spinlock_t *dst_ptl, spinlock_t *src_ptl) + spinlock_t *dst_ptl, spinlock_t *src_ptl, + struct folio *src_folio) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1094,6 +1093,16 @@ static int move_swap_pte(struct mm_struct *mm, return -EAGAIN; } + /* + * The src_folio resides in the swapcache, requiring an update to its + * index and mapping to align with the dst_vma, where a swap-in may + * occur and hit the swapcache after moving the PTE. + */ + if (src_folio) { + folio_move_anon_rmap(src_folio, dst_vma); + src_folio->index = linear_page_index(dst_vma, dst_addr); + } + orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); @@ -1141,6 +1150,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1322,6 +1332,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, dst_ptl, src_ptl, src_folio); } else { + struct folio *folio = NULL; + entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { @@ -1335,9 +1347,53 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, goto out; } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; + goto out; + } + /* + * Verify the existence of the swapcache. If present, the folio's + * index and mapping must be updated even when the PTE is a swap + * entry. The anon_vma lock is not taken during this process since + * the folio has already been unmapped, and the swap entry is + * exclusive, preventing rmap walks. + * + * For large folios, return -EBUSY immediately, as split_folio() + * also returns -EBUSY when attempting to split unmapped large + * folios in the swapcache. This issue needs to be resolved + * separately to allow proper handling. + */ + if (!src_folio) + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(folio)) { + if (folio_test_large(folio)) { + err = -EBUSY; + folio_put(folio); + goto out; + } + src_folio = folio; + src_folio_pte = orig_src_pte; + if (!folio_trylock(src_folio)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + put_swap_device(si); + si = NULL; + /* now we can block and wait */ + folio_lock(src_folio); + goto retry; + } + } + err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + dst_ptl, src_ptl, src_folio); } out: @@ -1354,6 +1410,8 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, if (src_pte) pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; }

6 months

3
2
0 0

[PATCH stable 6.1] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..9db35305f257 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -5,6 +5,7 @@ #include <linux/elf.h> #include <linux/kernel.h> #include <linux/pagemap.h> +#include <linux/secretmem.h> #define BUILD_ID 3 @@ -157,6 +158,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

6 months

2
1
0 0

[PATCH 6.13.y] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq

by Uladzislau Rezki (Sony)

Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Closes: https://lore.kernel.org/all/Z7iqJtCjHKfo8Kho@kbusch-mbp/ Cc: stable(a)vger.kernel.org Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- kernel/rcu/tree.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c index ff98233d4aa5..4703b08fb882 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -3191,6 +3191,8 @@ void call_rcu(struct rcu_head *head, rcu_callback_t func) } EXPORT_SYMBOL_GPL(call_rcu); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -3519,10 +3521,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -3620,7 +3622,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -3708,7 +3710,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -5654,6 +5656,10 @@ static void __init kfree_rcu_batch_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) { -- 2.39.5

6 months

4
3
0 0

[PATCH 0/2] ARM: Fix ARM_VECTORS with CONFIG_LD_DEAD_CODE_DATA_ELIMINATION

by Nathan Chancellor

Hi all, Christian sent a fix [1] for ARM_VECTORS with CONFIG_LD_DEAD_CODE_DATA_ELIMINATION that exposed a deficiency in ld.lld with regards to KEEP() within an OVERLAY description. I have fixed that in ld.lld [2] and added a patch before Christian's to disallow CONFIG_LD_DEAD_CODE_DATA_ELIMINATION when KEEP() cannot be used within OVERLAY to keep everything working for all linkers. [1]: https://lore.kernel.org/20250221125520.14035-1-ceggers@arri.de/ [2]: https://github.com/llvm/llvm-project/commit/381599f1fe973afad3094e55ec99b16… --- Christian Eggers (1): ARM: add KEEP() keyword to ARM_VECTORS Nathan Chancellor (1): ARM: Require linker to support KEEP within OVERLAY for DCE arch/arm/Kconfig | 2 +- arch/arm/include/asm/vmlinux.lds.h | 12 +++++++++--- init/Kconfig | 5 +++++ 3 files changed, 15 insertions(+), 4 deletions(-) --- base-commit: 80e54e84911a923c40d7bee33a34c1b4be148d7a change-id: 20250311-arm-fix-vectors-with-linker-dce-83475b0b8f5b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

6 months

2
4
0 0

[PATCH V4] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v3 -> v4: Improve commit message and add code comments (Philipp) v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..da00572d7d42 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,16 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + /* + * Adding callback above failed. + * dma_fence_put() checks for NULL. + */ + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

6 months

2
1
0 0

[PATCH v2 1/2] regulator: dummy: force synchronous probing

by Christian Eggers

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously. Cc: stable(a)vger.kernel.org Fixes: 259b93b21a9f ("regulator: Set PROBE_PREFER_ASYNCHRONOUS for drivers that existed in 4.14") Signed-off-by: Christian Eggers <ceggers(a)arri.de> --- v2: - no changes drivers/regulator/dummy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/regulator/dummy.c b/drivers/regulator/dummy.c index 5b9b9e4e762d..9f59889129ab 100644 --- a/drivers/regulator/dummy.c +++ b/drivers/regulator/dummy.c @@ -60,7 +60,7 @@ static struct platform_driver dummy_regulator_driver = { .probe = dummy_regulator_probe, .driver = { .name = "reg-dummy", - .probe_type = PROBE_PREFER_ASYNCHRONOUS, + .probe_type = PROBE_FORCE_SYNCHRONOUS, }, }; -- 2.44.1

6 months

3
6
0 0

[PATCH] wifi: mt76: mt792x: re-register CHANCTX_STA_CSA only for the mt7921 series

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> CSA is currently not supported on mt7925, so CSA is only registered for the mt7921 series Cc: stable(a)vger.kernel.org Fixes: 8aa2f59260eb ("wifi: mt76: mt7921: introduce CSA support") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt792x_core.c b/drivers/net/wireless/mediatek/mt76/mt792x_core.c index 8799627f6292..0f7806f6338d 100644 --- a/drivers/net/wireless/mediatek/mt76/mt792x_core.c +++ b/drivers/net/wireless/mediatek/mt76/mt792x_core.c @@ -665,7 +665,8 @@ int mt792x_init_wiphy(struct ieee80211_hw *hw) ieee80211_hw_set(hw, SUPPORTS_DYNAMIC_PS); ieee80211_hw_set(hw, SUPPORTS_VHT_EXT_NSS_BW); ieee80211_hw_set(hw, CONNECTION_MONITOR); - ieee80211_hw_set(hw, CHANCTX_STA_CSA); + if (is_mt7921(&dev->mt76)) + ieee80211_hw_set(hw, CHANCTX_STA_CSA); if (dev->pm.enable) ieee80211_hw_set(hw, CONNECTION_MONITOR); -- 2.45.2

6 months

1
0
0 0

Get back

by Gloria

Hello..... Good day to you I am writing this message to you to seek your consent regarding onward investment plan, in any country of yours. My name is Ms Gloria Johson., I'm the CEO of AMP Resources LTD. We are involved in all sectors of oil and gas production. Our operation range from crude extraction , transportation, retail and distribution. I am a Canadian born Russian resident in Saint Petersburg Russia. Because of the war in Russia , I want to start moving my funds to a trusted person. funds out of countries i mentioned as I can't no longer stand the hard sanctions, over my funds in Holland and Paris and UK Base on.russian sanctions is facing as a result of Putin and his stubbornness. I have deposits i would like to move, each of the deposit is 20m l need a trusted person to manage the heritage. Best regards, Ms Gloria Johson. Send your response to my above email.

6 months

1
0
0 0

+ mm-contig_alloc-fix-alloc_contig_range-when-__gfp_comp-and-order-max_order.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/contig_alloc: fix alloc_contig_range when __GFP_COMP and order < MAX_ORDER has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-contig_alloc-fix-alloc_contig_range-when-__gfp_comp-and-order-max_order.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjiang Tu <tujinjiang(a)huawei.com> Subject: mm/contig_alloc: fix alloc_contig_range when __GFP_COMP and order < MAX_ORDER Date: Wed, 12 Mar 2025 16:47:05 +0800 When calling alloc_contig_range() with __GFP_COMP and the order of requested pfn range is pageblock_order, less than MAX_ORDER, I triggered WARNING as follows: PFN range: requested [2150105088, 2150105600), allocated [2150105088, 2150106112) WARNING: CPU: 3 PID: 580 at mm/page_alloc.c:6877 alloc_contig_range+0x280/0x340 alloc_contig_range() marks pageblocks of the requested pfn range to be isolated, migrate these pages if they are in use and will be freed to MIGRATE_ISOLATED freelist. Suppose two alloc_contig_range() calls at the same time and the requested pfn range are [0x80280000, 0x80280200) and [0x80280200, 0x80280400) respectively. Suppose the two memory range are in use, then alloc_contig_range() will migrate and free these pages to MIGRATE_ISOLATED freelist. __free_one_page() will merge MIGRATE_ISOLATE buddy to larger buddy, resulting in a MAX_ORDER buddy. Finally, find_large_buddy() in alloc_contig_range() returns a MAX_ORDER buddy and results in WARNING. To fix it, call free_contig_range() to free the excess pfn range. Link: https://lkml.kernel.org/r/20250312084705.2938220-1-tujinjiang@huawei.com Fixes: e98337d11bbd ("mm/contig_alloc: support __GFP_COMP") Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/mm/page_alloc.c~mm-contig_alloc-fix-alloc_contig_range-when-__gfp_comp-and-order-max_order +++ a/mm/page_alloc.c @@ -6528,7 +6528,8 @@ int alloc_contig_range_noprof(unsigned l goto done; } - if (!(gfp_mask & __GFP_COMP)) { + if (!(gfp_mask & __GFP_COMP) || + (is_power_of_2(end - start) && ilog2(end - start) < MAX_PAGE_ORDER)) { split_free_pages(cc.freepages, gfp_mask); /* Free head and tail (if any) */ @@ -6536,7 +6537,15 @@ int alloc_contig_range_noprof(unsigned l free_contig_range(outer_start, start - outer_start); if (end != outer_end) free_contig_range(end, outer_end - end); - } else if (start == outer_start && end == outer_end && is_power_of_2(end - start)) { + + outer_start = start; + outer_end = end; + + if (!(gfp_mask & __GFP_COMP)) + goto done; + } + + if (start == outer_start && end == outer_end && is_power_of_2(end - start)) { struct page *head = pfn_to_page(start); int order = ilog2(end - start); _ Patches currently in -mm which might be from tujinjiang(a)huawei.com are mm-hugetlb-fix-surplus-pages-in-dissolve_free_huge_page.patch mm-contig_alloc-fix-alloc_contig_range-when-__gfp_comp-and-order-max_order.patch mm-hugetlb-fix-set_max_huge_pages-when-there-are-surplus-pages.patch

6 months, 1 week

1
0
0 0

+ mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hwpoison: do not send SIGBUS to processes with recovered clean pages has been added to the -mm mm-unstable branch. Its filename is mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Date: Wed, 12 Mar 2025 19:28:51 +0800 When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. - Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. - Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). - Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. If the CMCI wins that race, the page is marked poisoned when uc_decode_notifier() calls memory_failure(). For dirty pages, memory_failure() invokes try_to_unmap() with the TTU_HWPOISON flag, converting the PTE to a hwpoison entry. As a result, kill_accessing_process(): - call walk_page_range() and return 1 regardless of whether try_to_unmap() succeeds or fails, - call kill_proc() to make sure a SIGBUS is sent - return -EHWPOISON to indicate that SIGBUS is already sent to the process and kill_me_maybe() doesn't have to send it again. However, for clean pages, the TTU_HWPOISON flag is cleared, leaving the PTE unchanged and not converted to a hwpoison entry. Conversely, for clean pages where PTE entries are not marked as hwpoison, kill_accessing_process() returns -EFAULT, causing kill_me_maybe() to send a SIGBUS. Console log looks like this: Memory failure: 0x827ca68: corrupted page was clean: dropped without side effects Memory failure: 0x827ca68: recovery action for clean LRU page: Recovered Memory failure: 0x827ca68: already hardware poisoned mce: Memory error not recovered To fix it, return 0 for "corrupted page was clean", preventing an unnecessary SIGBUS to user process. [1] https://lore.kernel.org/lkml/20250217063335.22257-1-xueshuai@linux.alibaba.… Link: https://lkml.kernel.org/r/20250312112852.82415-3-xueshuai@linux.alibaba.com Fixes: 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Tested-by: Tony Luck <tony.luck(a)intel.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages +++ a/mm/memory-failure.c @@ -881,12 +881,17 @@ static int kill_accessing_process(struct mmap_read_lock(p->mm); ret = walk_page_range(p->mm, 0, TASK_SIZE, &hwpoison_walk_ops, (void *)&priv); + /* + * ret = 1 when CMCI wins, regardless of whether try_to_unmap() + * succeeds or fails, then kill the process with SIGBUS. + * ret = 0 when poison page is a clean page and it's dropped, no + * SIGBUS is needed. + */ if (ret == 1 && priv.tk.addr) kill_proc(&priv.tk, pfn, flags); - else - ret = 0; mmap_read_unlock(p->mm); - return ret > 0 ? -EHWPOISON : -EFAULT; + + return ret > 0 ? -EHWPOISON : 0; } /* _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch mm-memory-failure-enhance-comments-for-return-value-of-memory_failure.patch

6 months, 1 week

1
0
0 0

+ x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: x86/mce: use is_copy_from_user() to determine copy-from-user context has been added to the -mm mm-unstable branch. Its filename is x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shuai Xue <xueshuai(a)linux.alibaba.com> Subject: x86/mce: use is_copy_from_user() to determine copy-from-user context Date: Wed, 12 Mar 2025 19:28:50 +0800 Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. ## 1. What am I trying to do: This patchset resolves two critical regressions related to memory failure handling that have appeared in the upstream kernel since version 5.17, as compared to 5.10 LTS. - copyin case: poison found in user page while kernel copying from user space - instr case: poison found while instruction fetching in user space ## 2. What is the expected outcome and why - For copyin case: Kernel can recover from poison found where kernel is doing get_user() or copy_from_user() if those places get an error return and the kernel return -EFAULT to the process instead of crashing. More specifily, MCE handler checks the fixup handler type to decide whether an in kernel #MC can be recovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space. - For instr case: If a poison found while instruction fetching in user space, full recovery is possible. User process takes #PF, Linux allocates a new page and fills by reading from storage. ## 3. What actually happens and why - For copyin case: kernel panic since v5.17 Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS handling when posion found in get_user() or copy_from_user(). - For instr case: user process is killed by a SIGBUS signal due to #CMCI and #MCE race When an uncorrected memory error is consumed there is a race between the CMCI from the memory controller reporting an uncorrected error with a UCNA signature, and the core reporting and SRAR signature machine check when the data is about to be consumed. ### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1] Prior to Icelake memory controllers reported patrol scrub events that detected a previously unseen uncorrected error in memory by signaling a broadcast machine check with an SRAO (Software Recoverable Action Optional) signature in the machine check bank. This was overkill because it's not an urgent problem that no core is on the verge of consuming that bad data. It's also found that multi SRAO UCE may cause nested MCE interrupts and finally become an IERR. Hence, Intel downgrades the machine check bank signature of patrol scrub from SRAO to UCNA (Uncorrected, No Action required), and signal changed to #CMCI. Just to add to the confusion, Linux does take an action (in uc_decode_notifier()) to try to offline the page despite the UC*NA* signature name. ### Background: why #CMCI and #MCE race when poison is consuming in Intel platform [1] Having decided that CMCI/UCNA is the best action for patrol scrub errors, the memory controller uses it for reads too. But the memory controller is executing asynchronously from the core, and can't tell the difference between a "real" read and a speculative read. So it will do CMCI/UCNA if an error is found in any read. Thus: 1) Core is clever and thinks address A is needed soon, issues a speculative read. 2) Core finds it is going to use address A soon after sending the read request 3) The CMCI from the memory controller is in a race with MCE from the core that will soon try to retire the load from address A. Quite often (because speculation has got better) the CMCI from the memory controller is delivered before the core is committed to the instruction reading address A, so the interrupt is taken, and Linux offlines the page (marking it as poison). ## Why user process is killed for instr case Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not recovered"") tries to fix noise message "Memory error not recovered" and skips duplicate SIGBUSs due to the race. But it also introduced a bug that kill_accessing_process() return -EHWPOISON for instr case, as result, kill_me_maybe() send a SIGBUS to user process. # 4. The fix, in my opinion, should be: - For copyin case: The key point is whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check() will try fixup_exception() first. - For instr case: let kill_accessing_process() return 0 to prevent a SIGBUS. - For patch 3: The return value of memory_failure() is quite important while discussed instr case regression with Tony and Miaohe for patch 2, so add comment about the return value. This patch (of 3): Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a ("x86/futex: Remove .fixup usage") updated the extable fixup type for copy-from-user operations, changing it from EX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no longer functions as an in-kernel recovery context. Consequently, the error context for copy-from-user operations no longer functions as an in-kernel recovery context, resulting in kernel panics with the message: "Machine check: Data load in unrecoverable area of kernel." To address this, it is crucial to identify if an error context involves a read operation from user memory. The function is_copy_from_user() can be utilized to determine: - the current operation is copy - when reading user memory When these conditions are met, is_copy_from_user() will return true, confirming that it is indeed a direct copy from user memory. This check is essential for correctly handling the context of errors in these operations without relying on the extable fixup types that previously allowed for in-kernel recovery. So, use is_copy_from_user() to determine if a context is copy user directly. Link: https://lkml.kernel.org/r/20250312112852.82415-1-xueshuai@linux.alibaba.com Link: https://lkml.kernel.org/r/20250312112852.82415-2-xueshuai@linux.alibaba.com Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage") Signed-off-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Suggested-by: Peter Zijlstra <peterz(a)infradead.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Tony Luck <tony.luck(a)intel.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Ruidong Tian <tianruidong(a)linux.alibaba.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Yazen Ghannam <yazen.ghannam(a)amd.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/kernel/cpu/mce/severity.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) --- a/arch/x86/kernel/cpu/mce/severity.c~x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context +++ a/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; + return IN_KERNEL_RECOV; + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV; _ Patches currently in -mm which might be from xueshuai(a)linux.alibaba.com are x86-mce-use-is_copy_from_user-to-determine-copy-from-user-context.patch mm-hwpoison-do-not-send-sigbus-to-processes-with-recovered-clean-pages.patch mm-memory-failure-enhance-comments-for-return-value-of-memory_failure.patch

6 months, 1 week

1
0
0 0

+ mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock has been added to the -mm mm-unstable branch. Its filename is mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Subject: mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Date: Wed, 12 Mar 2025 10:10:13 -0400 The PGDAT_RECLAIM_LOCKED bit is used to provide mutual exclusion of node reclaim for struct pglist_data using a single bit. It is "locked" with a test_and_set_bit (similarly to a try lock) which provides full ordering with respect to loads and stores done within __node_reclaim(). It is "unlocked" with clear_bit(), which does not provide any ordering with respect to loads and stores done before clearing the bit. The lack of clear_bit() memory ordering with respect to stores within __node_reclaim() can cause a subsequent CPU to fail to observe stores from a prior node reclaim. This is not an issue in practice on TSO (e.g. x86), but it is an issue on weakly-ordered architectures (e.g. arm64). Fix this by using clear_bit_unlock rather than clear_bit to clear PGDAT_RECLAIM_LOCKED with a release memory ordering semantic. This provides stronger memory ordering (release rather than relaxed). Link: https://lkml.kernel.org/r/20250312141014.129725-1-mathieu.desnoyers@efficio… Fixes: d773ed6b856a ("mm: test and set zone reclaim lock before starting reclaim") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Andrea Parri <parri.andrea(a)gmail.com> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Jade Alglave <j.alglave(a)ucl.ac.uk> Cc: Luc Maranget <luc.maranget(a)inria.fr> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmscan.c~mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock +++ a/mm/vmscan.c @@ -7581,7 +7581,7 @@ int node_reclaim(struct pglist_data *pgd return NODE_RECLAIM_NOSCAN; ret = __node_reclaim(pgdat, gfp_mask, order); - clear_bit(PGDAT_RECLAIM_LOCKED, &pgdat->flags); + clear_bit_unlock(PGDAT_RECLAIM_LOCKED, &pgdat->flags); if (ret) count_vm_event(PGSCAN_ZONE_RECLAIM_SUCCESS); _ Patches currently in -mm which might be from mathieu.desnoyers(a)efficios.com are mm-add-missing-release-barrier-on-pgdat_reclaim_locked-unlock.patch mm-lock-pgdat_reclaim_locked-with-acquire-memory-ordering.patch

6 months, 1 week

1
0
0 0

+ mm-userfaultfd-fix-release-hang-over-concurrent-gup.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/userfaultfd: Fix release hang over concurrent GUP has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-userfaultfd-fix-release-hang-over-concurrent-gup.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: Fix release hang over concurrent GUP Date: Wed, 12 Mar 2025 10:51:31 -0400 This patch should fix a possible userfaultfd release() hang during concurrent GUP. This problem was initially reported by Dimitris Siakavaras in July 2023 [1] in a firecracker use case. Firecracker has a separate process handling page faults remotely, and when the process releases the userfaultfd it can race with a concurrent GUP from KVM trying to fault in a guest page during the secondary MMU page fault process. A similar problem was reported recently again by Jinjiang Tu in March 2025 [2], even though the race happened this time with a mlockall() operation, which does GUP in a similar fashion. In 2017, commit 656710a60e36 ("userfaultfd: non-cooperative: closing the uffd without triggering SIGBUS") was trying to fix this issue. AFAIU, that fixes well the fault paths but may not work yet for GUP. In GUP, the issue is NOPAGE will be almost treated the same as "page fault resolved" in faultin_page(), then the GUP will follow page again, seeing page missing, and it'll keep going into a live lock situation as reported. This change makes core mm return RETRY instead of NOPAGE for both the GUP and fault paths, proactively releasing the mmap read lock. This should guarantee the other release thread make progress on taking the write lock and avoid the live lock even for GUP. When at it, rearrange the comments to make sure it's uptodate. [1] https://lore.kernel.org/r/79375b71-db2e-3e66-346b-254c90d915e2@cslab.ece.nt… [2] https://lore.kernel.org/r/20250307072133.3522652-1-tujinjiang@huawei.com Link: https://lkml.kernel.org/r/20250312145131.1143062-1-peterx@redhat.com Signed-off-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Jinjiang Tu <tujinjiang(a)huawei.com> Cc: Dimitris Siakavaras <jimsiak(a)cslab.ece.ntua.gr> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 51 ++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 26 deletions(-) --- a/fs/userfaultfd.c~mm-userfaultfd-fix-release-hang-over-concurrent-gup +++ a/fs/userfaultfd.c @@ -396,32 +396,6 @@ vm_fault_t handle_userfault(struct vm_fa goto out; /* - * If it's already released don't get it. This avoids to loop - * in __get_user_pages if userfaultfd_release waits on the - * caller of handle_userfault to release the mmap_lock. - */ - if (unlikely(READ_ONCE(ctx->released))) { - /* - * Don't return VM_FAULT_SIGBUS in this case, so a non - * cooperative manager can close the uffd after the - * last UFFDIO_COPY, without risking to trigger an - * involuntary SIGBUS if the process was starting the - * userfaultfd while the userfaultfd was still armed - * (but after the last UFFDIO_COPY). If the uffd - * wasn't already closed when the userfault reached - * this point, that would normally be solved by - * userfaultfd_must_wait returning 'false'. - * - * If we were to return VM_FAULT_SIGBUS here, the non - * cooperative manager would be instead forced to - * always call UFFDIO_UNREGISTER before it can safely - * close the uffd. - */ - ret = VM_FAULT_NOPAGE; - goto out; - } - - /* * Check that we can return VM_FAULT_RETRY. * * NOTE: it should become possible to return VM_FAULT_RETRY @@ -457,6 +431,31 @@ vm_fault_t handle_userfault(struct vm_fa if (vmf->flags & FAULT_FLAG_RETRY_NOWAIT) goto out; + if (unlikely(READ_ONCE(ctx->released))) { + /* + * If a concurrent release is detected, do not return + * VM_FAULT_SIGBUS or VM_FAULT_NOPAGE, but instead always + * return VM_FAULT_RETRY with lock released proactively. + * + * If we were to return VM_FAULT_SIGBUS here, the non + * cooperative manager would be instead forced to + * always call UFFDIO_UNREGISTER before it can safely + * close the uffd, to avoid involuntary SIGBUS triggered. + * + * If we were to return VM_FAULT_NOPAGE, it would work for + * the fault path, in which the lock will be released + * later. However for GUP, faultin_page() does nothing + * special on NOPAGE, so GUP would spin retrying without + * releasing the mmap read lock, causing possible livelock. + * + * Here only VM_FAULT_RETRY would make sure the mmap lock + * be released immediately, so that the thread concurrently + * releasing the userfault would always make progress. + */ + release_fault_lock(vmf); + goto out; + } + /* take the reference before dropping the mmap_lock */ userfaultfd_ctx_get(ctx); _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-userfaultfd-fix-release-hang-over-concurrent-gup.patch

6 months, 1 week

1
0
0 0

Get premium contact lists

by Kevin Martin

Hi there, Hope you're having a great day! Would you be interested in a recently verified list of NetApp clients to support your outreach? Let me know, and I'll be happy to share the details. Best regards, Kevin Martin Demand Consultant If you wish to stop receiving emails, reply with Abolish.

6 months, 1 week

1
0
0 0

[PATCH 6.13 000/197] 6.13.7-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.7 release. There are 197 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 13 Mar 2025 14:41:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.7-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.7-rc2 Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: Fix a C2HTermReq error message Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: fix wrong scale available Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: adi-axi-adc: fix ad7606 pwm-names Ricardo Ribalda <ribalda(a)chromium.org> iio: hid-sensor-prox: Split difference from multiple channels Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Markus Burri <markus.burri(a)mt.com> iio: adc: ad7192: fix channel select Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: apds9306: fix max_scale_nano values Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: deallocate static minor in error path Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Qiu-ji Chen <chenqiuji666(a)gmail.com> cdx: Fix possible UAF error in driver_override_show() Xiaoyao Li <xiaoyao.li(a)intel.com> KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL in common x86 Sean Christopherson <seanjc(a)google.com> KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Sean Christopherson <seanjc(a)google.com> KVM: SVM: Save host DR masks on CPUs with DebugSwap Sean Christopherson <seanjc(a)google.com> KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Christian A. Ehrhardt <lk(a)c--e.de> acpi: typec: ucsi: Introduce a ->poll_cci method Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: Fix NULL pointer access Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix host controllers "dying" after suspend and resume Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Marc Zyngier <maz(a)kernel.org> xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Matt Johnston <matt(a)codeconstruct.com.au> mctp i3c: handle NULL header address Takashi Iwai <tiwai(a)suse.de> drm/bochs: Fix DPMS regression Lorenzo Bianconi <lorenzo(a)kernel.org> net: dsa: mt7530: Fix traffic flooding for MMIO devices Dan Carpenter <dan.carpenter(a)linaro.org> nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Eric Sandeen <sandeen(a)redhat.com> exfat: short-circuit zero-byte writes in exfat_file_write_iter Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix just enough dentries but allocate a new cluster to dir Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Jakub Kicinski <kuba(a)kernel.org> net: ethtool: plumb PHY stats to PHY drivers Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix QSB data for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix v4.7 resource group names Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Fix use-after-free when detaching device Maarten Lankhorst <dev(a)lankhorst.se> drm/xe: Remove double pageflip Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix timestamps in firmware traces Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Herbert Xu <herbert(a)gondor.apana.org.au> cred: Fix RCU warnings in override/revert_creds Christian Brauner <brauner(a)kernel.org> cred: return old creds from revert_creds_light() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix pmus_lock vs. pmus_srcu ordering Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Remove (revert) duplicate Ally X config Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: add basic support for the C2HTermReq PDU Maurizio Lombardi <mlombard(a)redhat.com> nvmet: remove old function prototype Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Dave Airlie <airlied(a)redhat.com> drm/nouveau: select FW caching Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix vendor-specific inheritance Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix MLE non-inheritance parsing Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Support parsing EPCS ML element Keith Busch <kbusch(a)kernel.org> nvme-ioctl: fix leaked requests on mapping error Kees Cook <kees(a)kernel.org> coredump: Only sort VMAs when core_sort_vma sysctl is set Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Fix A-MSDU TSO preparation Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Free pages allocated when failing to build A-MSDU Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't try to talk to a dead firmware Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't dump the firmware state upon RFKILL while suspend Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: log error for failures after D3 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: clean up ROC on failure Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: fw: avoid using an uninitialized variable Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-hotplug: check folio ref count first in do_migrate_range Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Brian Geffon <bgeffon(a)google.com> mm: fix finish_fault() handling for large folios Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-failure: update ttu flag inside unmap_poisoned_folio Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: abort vma_modify() on merge out of memory failure Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Qi Zheng <zhengqi.arch(a)bytedance.com> arm: pgtable: fix NULL pointer dereference issue Suren Baghdasaryan <surenb(a)google.com> userfaultfd: do not block on locking a large folio with raised refcount Mike Snitzer <snitzer(a)kernel.org> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota: make real expectation of quota exceeds SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/userptr: Unmap userptrs in the mmu notifier Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: properly setup pfn_flags_mask Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Fix fault mode invalidation with unbind Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Fix GT "for each engine" workarounds Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Validate userptr during gpu vma prefetching Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Fix a misplaced #endif Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Don't dereference struct page pointers without notifier lock Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Style- and include fixes Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add staging tree for VM binds Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Sanitize boot params before parsing command line Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e John Hubbard <jhubbard(a)nvidia.com> Revert "selftests/mm: remove local __NR_* definitions" Gabriel Krisman Bertazi <krisman(a)suse.de> Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Brendan King <Brendan.King(a)imgtec.com> drm/imagination: only init job done fences once Brendan King <Brendan.King(a)imgtec.com> drm/imagination: Hold drm_gem_gpuva lock for unmap Brendan King <Brendan.King(a)imgtec.com> drm/imagination: avoid deadlock on fence release Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: always allow ih interrupt from fw Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Paul Fertser <fercerpav(a)gmail.com> hwmon: (peci/dimmtemp) Do not provide fake thresholds data Nikunj A Dadhania <nikunj(a)amd.com> virt: sev-guest: Allocate request data dynamically Haoxiang Li <haoxiang_li2024(a)163.com> btrfs: fix a leaked chunk map issue in read_one_chunk() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix extent range end unlock in cow_file_range() Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Avoid module auto-load handling at event delivery Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Stuart Hayhurst <stuart.a.hayhurst(a)gmail.com> HID: corsair-void: Update power supply values with a unified work handler Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix GPA size issue about VM Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Reload guest CSR registers after sleep Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add interrupt checking for AVEC Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set max_pfn with the PFN of the last page Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set hugetlb mmap base address aligned with pmd size Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use polling play_dead() when resuming from hibernation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Philipp Stanner <phasta(a)kernel.org> stmmac: loongson: Pass correct arg to PCI function Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Reject invalid tracepoint name Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix a memory leak when tprobe with $retval Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Peter Zijlstra <peterz(a)infradead.org> loongarch: Use ASM_REACHABLE Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add some forgotten models to the SHA check Steve French <stfrench(a)microsoft.com> smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Pali Rohár <pali(a)kernel.org> cifs: Remove symlink member from cifs_open_info_data union Yutaro Ohno <yutaro.ono.418(a)gmail.com> rust: block: fix formatting in GenDisk doc Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() ------------- Diffstat: Documentation/admin-guide/sysctl/kernel.rst | 11 ++ .../devicetree/bindings/iio/adc/adi,ad7606.yaml | 1 + Makefile | 9 +- arch/arm/mm/fault-armv.c | 37 ++-- arch/arm64/include/asm/hugetlb.h | 4 +- arch/arm64/mm/hugetlbpage.c | 59 +++--- arch/loongarch/include/asm/bug.h | 13 +- arch/loongarch/include/asm/hugetlb.h | 6 +- arch/loongarch/kernel/machine_kexec.c | 4 +- arch/loongarch/kernel/setup.c | 3 + arch/loongarch/kernel/smp.c | 47 ++++- arch/loongarch/kvm/exit.c | 6 + arch/loongarch/kvm/main.c | 7 + arch/loongarch/kvm/vcpu.c | 2 +- arch/loongarch/kvm/vm.c | 6 +- arch/loongarch/mm/mmap.c | 6 +- arch/mips/include/asm/hugetlb.h | 6 +- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 +- arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 18 +- arch/s390/kernel/traps.c | 6 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/x86/boot/compressed/pgtable_64.c | 2 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 ++++-- arch/x86/kernel/cpu/microcode/amd.c | 6 + arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/svm/svm.c | 49 +++++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/kvm/svm/vmenter.S | 10 +- arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/vmx/vmx.h | 2 - arch/x86/kvm/x86.c | 2 + block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/cdx/cdx.c | 6 +- drivers/char/misc.c | 2 +- drivers/gpio/gpio-aggregator.c | 20 ++- drivers/gpio/gpio-rcar.c | 31 ++-- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 +- drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 +- drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 +- drivers/gpu/drm/imagination/pvr_queue.c | 18 +- drivers/gpu/drm/imagination/pvr_queue.h | 4 + drivers/gpu/drm/imagination/pvr_vm.c | 134 +++++++++++--- drivers/gpu/drm/imagination/pvr_vm.h | 3 + drivers/gpu/drm/nouveau/Kconfig | 1 + drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/gpu/drm/tiny/bochs.c | 5 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 -- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_hmm.c | 194 ++++++++++++++------ drivers/gpu/drm/xe/xe_hmm.h | 7 + drivers/gpu/drm/xe/xe_pt.c | 96 +++++----- drivers/gpu/drm/xe/xe_pt_walk.c | 3 +- drivers/gpu/drm/xe/xe_pt_walk.h | 4 + drivers/gpu/drm/xe/xe_vm.c | 100 +++++++---- drivers/gpu/drm/xe/xe_vm.h | 10 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-corsair-void.c | 83 ++++----- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-steam.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 ++ drivers/hwmon/ntc_thermistor.c | 66 +++---- drivers/hwmon/peci/dimmtemp.c | 10 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/iio/adc/ad7192.c | 2 +- drivers/iio/adc/ad7606.c | 2 +- drivers/iio/adc/at91-sama5d2_adc.c | 68 ++++--- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- drivers/iio/light/apds9306.c | 4 +- drivers/iio/light/hid-sensor-prox.c | 7 +- drivers/misc/cardreader/rtsx_usb.c | 15 -- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/mei/vsc-tp.c | 2 +- drivers/net/caif/caif_virtio.c | 2 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++++----------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 +- drivers/net/ipa/data/ipa_data-v4.7.c | 18 +- drivers/net/mctp/mctp-i3c.c | 3 + drivers/net/phy/phy.c | 43 +++++ drivers/net/phy/phy_device.c | 2 + drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/wireless/intel/iwlwifi/fw/dump.c | 3 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 77 +++++--- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 +- drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 20 ++- drivers/nvme/host/ioctl.c | 12 +- drivers/nvme/host/tcp.c | 81 ++++++++- drivers/nvme/target/nvmet.h | 1 - drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/slimbus/messaging.c | 5 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 ++++ drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +++++---- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/host/xhci-hub.c | 8 + drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 ++ drivers/usb/typec/ucsi/ucsi.c | 25 +-- drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 21 ++- drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + drivers/virt/acrn/hsm.c | 6 +- drivers/virt/coco/sev-guest/sev-guest.c | 24 ++- fs/btrfs/inode.c | 9 +- fs/btrfs/volumes.c | 1 + fs/coredump.c | 15 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/exfat/file.c | 2 +- fs/exfat/namei.c | 2 +- fs/nfs/file.c | 3 +- fs/smb/client/cifsglob.h | 6 +- fs/smb/client/inode.c | 2 +- fs/smb/client/reparse.h | 28 ++- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2inode.c | 4 + fs/smb/client/smb2ops.c | 3 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 1 + include/asm-generic/hugetlb.h | 2 +- include/linux/compaction.h | 5 + include/linux/cred.h | 9 +- include/linux/ethtool.h | 23 +++ include/linux/hugetlb.h | 4 +- include/linux/nvme-tcp.h | 2 + include/linux/phy.h | 36 ++++ include/linux/phylib_stubs.h | 42 +++++ include/linux/sched.h | 2 +- kernel/events/core.c | 4 +- kernel/sched/fair.c | 6 +- kernel/trace/trace_fprobe.c | 15 ++ kernel/trace/trace_probe.h | 2 +- mm/compaction.c | 3 + mm/hugetlb.c | 4 +- mm/internal.h | 5 +- mm/kmsan/hooks.c | 1 + mm/memory-failure.c | 63 ++++--- mm/memory.c | 21 ++- mm/memory_hotplug.c | 28 ++- mm/page_alloc.c | 4 +- mm/userfaultfd.c | 17 +- mm/vma.c | 12 +- mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ethtool/cabletest.c | 8 +- net/ethtool/linkstate.c | 26 ++- net/ethtool/netlink.c | 6 +- net/ethtool/netlink.h | 5 +- net/ethtool/phy.c | 2 +- net/ethtool/plca.c | 6 +- net/ethtool/pse-pd.c | 4 +- net/ethtool/stats.c | 18 ++ net/ethtool/strset.c | 2 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 ++--- net/mac80211/ieee80211_i.h | 2 + net/mac80211/mlme.c | 1 + net/mac80211/parse.c | 164 ++++++++++++----- net/mptcp/pm_netlink.c | 18 +- net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- rust/kernel/block/mq/gen_disk.rs | 6 +- sound/core/seq/seq_clientmgr.c | 46 +++-- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 107 +++++++++-- sound/usb/usx2y/usbusx2y.c | 11 ++ sound/usb/usx2y/usbusx2y.h | 26 +++ sound/usb/usx2y/usbusx2yaudio.c | 27 --- tools/testing/selftests/damon/damon_nr_regions.py | 2 + tools/testing/selftests/damon/damos_quota.py | 9 +- tools/testing/selftests/damon/damos_quota_goal.py | 3 + tools/testing/selftests/mm/hugepage-mremap.c | 2 +- tools/testing/selftests/mm/ksm_functional_tests.c | 8 +- tools/testing/selftests/mm/memfd_secret.c | 14 +- tools/testing/selftests/mm/mkdirty.c | 8 +- tools/testing/selftests/mm/mlock2.h | 1 - tools/testing/selftests/mm/protection_keys.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 4 + tools/testing/selftests/mm/uffd-stress.c | 15 +- tools/testing/selftests/mm/uffd-unit-tests.c | 14 +- usr/include/Makefile | 2 +- 239 files changed, 2392 insertions(+), 1071 deletions(-)

6 months, 1 week

14
14
0 0

[PATCH 6.6 000/144] 6.6.83-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.83 release. There are 144 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 13 Mar 2025 13:56:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.83-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.83-rc2 Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Sanitize boot params before parsing command line Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Jiri Olsa <jolsa(a)kernel.org> uprobes: Fix race in uprobe_free_utask Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: e500: always restore irqs" Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix enabling cbo.zero when running in M-mode Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: deallocate static minor in error path Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Qiu-ji Chen <chenqiuji666(a)gmail.com> cdx: Fix possible UAF error in driver_override_show() Xiaoyao Li <xiaoyao.li(a)intel.com> KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Sean Christopherson <seanjc(a)google.com> KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: Fix NULL pointer access Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Lorenzo Bianconi <lorenzo(a)kernel.org> net: dsa: mt7530: Fix traffic flooding for MMIO devices Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix QSB data for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix v4.7 resource group names Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Fix use-after-free when detaching device Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix pmus_lock vs. pmus_srcu ordering Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Mike Snitzer <snitzer(a)kernel.org> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Paul Fertser <fercerpav(a)gmail.com> hwmon: (peci/dimmtemp) Do not provide fake thresholds data Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Avoid module auto-load handling at event delivery Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set max_pfn with the PFN of the last page Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use polling play_dead() when resuming from hibernation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix a memory leak when tprobe with $retval Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add some forgotten models to the SHA check Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Andrew Jones <ajones(a)ventanamicro.com> RISC-V: Enable cbo.zero in usermode Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Miquel Sabaté Solà <mikisabate(a)gmail.com> riscv: Prevent a bad reference count on CPU nodes Yunhui Cui <cuiyunhui(a)bytedance.com> riscv: cacheinfo: initialize cacheinfo's level and type from ACPI PPTT Yunhui Cui <cuiyunhui(a)bytedance.com> riscv: cacheinfo: remove the useless input parameter (node) of ci_leaf_init() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Waiman Long <longman(a)redhat.com> x86/speculation: Add __update_spec_ctrl() helper Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Martyn Welch <martyn.welch(a)collabora.com> net: enetc: Replace ifdef with IS_ENABLED Gal Pressman <gal(a)nvidia.com> net: enetc: Remove setting of RX software timestamp Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Inspect header requirements before using scrq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Perform tx CSO during send scrq direct Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Farouk Bouabid <farouk.bouabid(a)theobroma-systems.com> arm64: dts: rockchip: add rs485 support on uart5 of px30-ringneck-haikou Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Lucas De Marchi <lucas.demarchi(a)intel.com> drm/i915/xe2lpd: Move D2D enable/disable Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() ------------- Diffstat: Makefile | 9 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 + arch/arm64/include/asm/hugetlb.h | 4 +- arch/arm64/mm/hugetlbpage.c | 59 +++--- arch/loongarch/include/asm/hugetlb.h | 6 +- arch/loongarch/kernel/machine_kexec.c | 4 +- arch/loongarch/kernel/setup.c | 3 + arch/loongarch/kernel/smp.c | 47 ++++- arch/mips/include/asm/hugetlb.h | 6 +- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 +- arch/powerpc/kvm/e500_mmu_host.c | 21 ++- arch/riscv/include/asm/cpufeature.h | 1 + arch/riscv/include/asm/csr.h | 3 + arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/include/asm/hwcap.h | 16 ++ arch/riscv/kernel/cacheinfo.c | 54 ++++-- arch/riscv/kernel/cpufeature.c | 6 + arch/riscv/kernel/setup.c | 6 +- arch/riscv/kernel/smpboot.c | 4 + arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 17 +- arch/s390/kernel/traps.c | 6 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +-- arch/x86/boot/compressed/mem.c | 6 +- arch/x86/boot/compressed/misc.c | 26 +-- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/include/asm/boot.h | 2 + arch/x86/include/asm/spec-ctrl.h | 11 ++ arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 ++++-- arch/x86/kernel/cpu/microcode/amd.c | 6 + arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/svm.c | 21 +++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/mm/init.c | 23 ++- block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/cdx/cdx.c | 6 +- drivers/char/misc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 2 +- drivers/firmware/efi/libstub/x86-stub.h | 2 - drivers/firmware/efi/mokvar-table.c | 42 ++--- drivers/gpio/gpio-aggregator.c | 20 ++- drivers/gpio/gpio-rcar.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/i915/display/icl_dsi.c | 4 +- drivers/gpu/drm/i915/display/intel_ddi.c | 46 +++-- drivers/gpu/drm/i915/i915_reg.h | 4 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-steam.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 ++ drivers/hwmon/ntc_thermistor.c | 66 +++---- drivers/hwmon/peci/dimmtemp.c | 10 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/iio/adc/at91-sama5d2_adc.c | 68 ++++--- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- drivers/misc/cardreader/rtsx_usb.c | 15 -- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/caif/caif_virtio.c | 2 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++++----------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/enetc/enetc.c | 25 ++- drivers/net/ethernet/freescale/enetc/enetc.h | 9 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 27 +-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 21 ++- drivers/net/ipa/data/ipa_data-v4.7.c | 18 +- drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/slimbus/messaging.c | 5 +- drivers/spi/spi-mxs.c | 3 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 ++++ drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +++++---- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 18 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 ++ drivers/usb/typec/ucsi/ucsi.c | 15 +- drivers/virt/acrn/hsm.c | 6 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/nfs/direct.c | 19 ++ fs/nfs/file.c | 3 +- fs/smb/client/inode.c | 4 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 1 + include/asm-generic/hugetlb.h | 2 +- include/linux/compaction.h | 5 + include/linux/hugetlb.h | 4 +- include/linux/sched.h | 2 +- kernel/events/core.c | 4 +- kernel/events/uprobes.c | 2 +- kernel/sched/fair.c | 6 +- kernel/trace/trace_fprobe.c | 2 + kernel/trace/trace_probe.h | 1 - mm/compaction.c | 3 + mm/hugetlb.c | 4 +- mm/kmsan/hooks.c | 1 + mm/memory.c | 6 +- mm/page_alloc.c | 1 + mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 ++--- net/mptcp/pm_netlink.c | 18 +- net/sched/sch_fifo.c | 3 + net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- security/integrity/ima/ima_main.c | 7 +- security/integrity/integrity.h | 3 + sound/core/seq/seq_clientmgr.c | 46 +++-- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 99 ++++++++++- sound/usb/usx2y/usbusx2y.c | 11 ++ sound/usb/usx2y/usbusx2y.h | 26 +++ sound/usb/usx2y/usbusx2yaudio.c | 27 --- usr/include/Makefile | 2 +- 166 files changed, 1330 insertions(+), 707 deletions(-)

6 months, 1 week

7
6
0 0

[PATCH 5.15 000/616] 5.15.179-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.179 release. There are 616 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 13 Mar 2025 13:56:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.179-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.179-rc2 Jakub Kicinski <kuba(a)kernel.org> net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: add bounds checks to host bulk flow fairness counts Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Invoke proto::close on close() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: eliminate staggered calls to kunmap in nilfs_rename Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix unchecked dereference NeilBrown <neilb(a)suse.de> md: select BLOCK_LEGACY_AUTOLOAD Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Avoid returning invalid controls Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Avoid invalid memory access Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Reinette Chatre <reinette.chatre(a)intel.com> x86/sgx: Support VA page allocation without reclaiming Reinette Chatre <reinette.chatre(a)intel.com> x86/sgx: Export sgx_encl_{grow,shrink}() Reinette Chatre <reinette.chatre(a)intel.com> x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() Reinette Chatre <reinette.chatre(a)intel.com> x86/sgx: Support loading enclave page without VMA permissions check Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Andrea Mayer <andrea.mayer(a)uniroma2.it> seg6: add support for SRv6 H.L2Encaps.Red behavior Andrea Mayer <andrea.mayer(a)uniroma2.it> seg6: add support for SRv6 H.Encaps.Red behavior Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Christoph Hellwig <hch(a)lst.de> scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command() Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Christian Brauner <brauner(a)kernel.org> ovl: pass ofs to creation operations Amir Goldstein <amir73il(a)gmail.com> ovl: use wrappers to all vfs_*xattr() calls Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Maksym Glubokiy <maksym.glubokiy(a)plvision.eu> net: extract port range fields from fl_flow_key Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Fix timeout issue during controller enter/exit from halt state Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: Increase DWC3 controller halt timeout Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop unmanaged ELP metric worker Sven Eckelmann <sven(a)narfation.org> batman-adv: Drop initialization of flexible ethtool_link_ksettings Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set error_idx during ctrl_commit errors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems huangshaobo <huangshaobo6(a)huawei.com> kfence: enable check kfence canary on panic via boot param Marco Elver <elver(a)google.com> kfence: allow use of a deferrable timer Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Maxime Ripard <maxime(a)cerno.tech> drm/probe-helper: Create a HPD IRQ event helper for a single connector Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - some more fixes to RSA test vectors Ignat Korchagin <ignat(a)cloudflare.com> crypto: testmgr - populate RSA CRT parameters in RSA test vectors lei he <helei.sig11(a)bytedance.com> crypto: testmgr - fix version number of RSA tests Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - Fix wrong test case of RSA Lei He <helei.sig11(a)bytedance.com> crypto: testmgr - fix wrong key length for pkcs1pad Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Koichiro Den <koichiro.den(a)canonical.com> Revert "btrfs: avoid monopolizing a core when activating a swap file" David Woodhouse <dwmw(a)amazon.co.uk> x86/i8253: Disable PIT timer 0 when not in use Chao Yu <chao(a)kernel.org> f2fs: fix to wait dio completion Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Hangbin Liu <liuhangbin(a)gmail.com> selftests: rtnetlink: update netdevsim ipsec output format Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: print human readable IP address Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> parport_pc: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> serial: 8250_pci: add support for ASIX AX99100 Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> can: ems_pci: move ASIX AX99100 ids to pci_ids.h Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not output warnings when clearing dirty buffers Ivan Kokshaysky <ink(a)unseen.parts> alpha: replace hardcoded stack offsets with autogenerated ones Andrew Cooper <andrew.cooper3(a)citrix.com> x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 John Ogness <john.ogness(a)linutronix.de> kdb: Do not assume write() callback available Christian Gmeiner <cgmeiner(a)igalia.com> drm/v3d: Stop active perfmon if it is being destroyed Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Clear the interrupt status for interrupts being disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix issue in irq handling causing irq-flood issue Eric Dumazet <edumazet(a)google.com> ipv6: mcast: add RCU protection to mld_newpack() Eric Dumazet <edumazet(a)google.com> ndisc: extend RCU protection in ndisc_send_skb() Eric Dumazet <edumazet(a)google.com> openvswitch: use RCU protection in ovs_vport_cmd_fill_info() Eric Dumazet <edumazet(a)google.com> arp: use RCU protection in arp_xmit() Eric Dumazet <edumazet(a)google.com> neighbour: use RCU protection in __neigh_notify() Li Zetao <lizetao1(a)huawei.com> neighbour: delete redundant judgment statements Eric Dumazet <edumazet(a)google.com> ndisc: use RCU protection in ndisc_alloc_skb() Eric Dumazet <edumazet(a)google.com> ipv6: use RCU protection in ip6_default_advmss() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in __ip_rt_update_pmtu() Vladimir Vdovin <deliran(a)verdict.gg> net: ipv4: Cache pmtu for all packet paths if multipath enabled Guillaume Nault <gnault(a)redhat.com> selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN xu xin <xu.xin16(a)zte.com.cn> Namespaceify mtu_expires sysctl xu xin <xu.xin16(a)zte.com.cn> Namespaceify min_pmtu sysctl Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in inet_select_addr() Eric Dumazet <edumazet(a)google.com> ipv4: use RCU protection in rt_is_expired() Eric Dumazet <edumazet(a)google.com> net: add dev_net_rcu() helper Jiri Pirko <jiri(a)nvidia.com> net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() Eric Dumazet <edumazet(a)google.com> ipv4: add RCU protection to ip4_dst_hoplimit() Waiman Long <longman(a)redhat.com> clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context Waiman Long <longman(a)redhat.com> clocksource: Use pr_info() for "Checking clocksource synchronization" message Yury Norov <yury.norov(a)gmail.com> clocksource: Replace cpumask_weight() with cpumask_empty() Filipe Manana <fdmanana(a)suse.com> btrfs: fix hole expansion when writing at an offset beyond EOF Wentao Liang <vulab(a)iscas.ac.cn> mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() Nathan Chancellor <nathan(a)kernel.org> arm64: Handle .ARM.attributes section in linker scripts Jiasheng Jiang <jiashengjiangcool(a)gmail.com> regmap-irq: Add missing kfree() Jann Horn <jannh(a)google.com> partitions: mac: fix handling of bogus partition table Wentao Liang <vulab(a)iscas.ac.cn> gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock Ivan Kokshaysky <ink(a)unseen.parts> alpha: align stack for page fault and user unaligned trap handlers John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250: Fix fifo underflow on flush Shakeel Butt <shakeel.butt(a)linux.dev> cgroup: fix race between fork and cgroup.kill Ard Biesheuvel <ardb(a)kernel.org> efi: Avoid cold plugged memory for placing the kernel Ivan Kokshaysky <ink(a)unseen.parts> alpha: make stack 16-byte aligned (most cases) Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: fix unbalanced runtime PM disable in error path Johan Hovold <johan(a)kernel.org> USB: serial: option: drop MeiG Smart defines Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FN990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990B compositions Chester A. Unal <chester.a.unal(a)arinc9.com> USB: serial: option: add MeiG Smart SLM828 Jann Horn <jannh(a)google.com> usb: cdc-acm: Fix handling of oversized fragments Jann Horn <jannh(a)google.com> usb: cdc-acm: Check control transfer buffer size before access Marek Vasut <marek.vasut+renesas(a)mailbox.org> USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk Alan Stern <stern(a)rowland.harvard.edu> USB: hub: Ignore non-compliant devices with too many configs or interfaces John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths Mathias Nyman <mathias.nyman(a)linux.intel.com> USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone Lei Huang <huanglei(a)kylinos.cn> USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist Stefan Eichenberger <stefan.eichenberger(a)toradex.com> usb: core: fix pipe creation for get_bMaxPacketSize0 Huacai Chen <chenhuacai(a)kernel.org> USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: dwc2: gadget: remove of_node reference upon udc_stop Guo Ren <guoren(a)linux.alibaba.com> usb: gadget: udc: renesas_usb3: Fix compiler warning Elson Roy Serrao <quic_eserrao(a)quicinc.com> usb: roles: set switch registered flag early on Sean Christopherson <seanjc(a)google.com> perf/x86/intel: Ensure LBRs are disabled when a CPU is starting Sean Christopherson <seanjc(a)google.com> KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore neighbor throughput metrics in error case Andy Strohman <andrew(a)andrewstrohman.com> batman-adv: fix panic during interface removal Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V Mike Marshall <hubcap(a)omnibond.com> orangefs: fix a oob in orangefs_debug_write Rik van Riel <riel(a)fb.com> x86/mm/tlb: Only trim the mm_cpumask once a second Maksym Planeta <maksym(a)exostellar.io> Grab mm lock before grabbing pt lock Ramesh Thomas <ramesh.thomas(a)intel.com> vfio/pci: Enable iowrite64 and ioread64 for vfio pci Takashi Iwai <tiwai(a)suse.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread Arnd Bergmann <arnd(a)arndb.de> media: cxd2841er: fix 64-bit division on gcc-9 Juergen Gross <jgross(a)suse.com> x86/xen: allow larger contiguous memory regions in PV guests Petr Tesarik <petr.tesarik.ext(a)huawei.com> xen: remove a confusing comment on auto-translated guest I/O Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Add missing newline to dev_err format string Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ Artur Weber <aweber.kernel(a)gmail.com> gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 Krzysztof Karas <krzysztof.karas(a)intel.com> drm/i915/selftests: avoid using uninitialized context Radu Rendec <rrendec(a)redhat.com> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array Eric Dumazet <edumazet(a)google.com> team: better TEAM_OPTION_TYPE_STRING validation Eric Dumazet <edumazet(a)google.com> vrf: use RCU protection in l3mdev_l3_out() Eric Dumazet <edumazet(a)google.com> ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() Charles Han <hanchunchao(a)inspur.com> HID: multitouch: Add NULL check in mt_input_configured Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix hang in nfsd4_shutdown_callback Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: clear acl_access/acl_default after releasing them Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent excessive coalescing on receive Su Yue <glass.su(a)suse.com> ocfs2: check dir i_size in ocfs2_find_entry Dmitry Osipenko <digetx(a)gmail.com> memory: tegra20-emc: Correct memory device mask Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: xilinx: remove excess kernel doc Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Hardik Gajjar <hgajjar(a)de.adit-jv.com> usb: xhci: Add timeout argument in address_device USB HCD callback Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Darrick J. Wong <djwong(a)kernel.org> xfs: report realtime block quota limits on realtime directories Sean Anderson <sean.anderson(a)linux.dev> gpio: xilinx: Convert gpio_lock to raw spinlock Paul Fertser <fercerpav(a)gmail.com> net/ncsi: fix locking in Get MAC Address handling Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Add NC-SI 1.2 Get MC MAC Address command Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void Alexander Stein <alexander.stein(a)ew.tq-group.com> usb: chipidea: ci_hdrc_imx: use dev_err_probe() Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Vadim Fedorenko <vadfed(a)meta.com> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reset cb_seq_status after NFS4ERR_DELAY Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: WERROR unmet symbol dependency Masahiro Yamada <masahiroy(a)kernel.org> kconfig: deduplicate code in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: require a space after '#' for valid input Sergey Senozhatsky <senozhatsky(a)chromium.org> kconfig: add warn-unknown-symbols sanity check Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Oleksij Rempel <linux(a)rempel-privat.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning void Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: Make hyperbus_unregister_device() return void Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Mike Rapoport <rppt(a)kernel.org> memblock: drop memblock_free_early_nid() and memblock_free_early() Mike Rapoport <rppt(a)kernel.org> xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Remove iova from struct mlx5_core_mkey Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Dmitry Osipenko <digetx(a)gmail.com> memory: tegra20-emc: Support matching timings by LPDDR2 configuration Dmitry Osipenko <digetx(a)gmail.com> memory: Add LPDDR2-info helpers Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Fabien Parent <fparent(a)baylibre.com> arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec2 - optimize the error return process Kai Ye <yekai13(a)huawei.com> crypto: hisilicon/sec - delete redundant blank lines Kai Ye <yekai13(a)huawei.com> crypto: hisilicon/sec - add some comments for soft fallback Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Handle specific BSSID in 6GHz scanning Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Mickaël Salaün <mic(a)digikod.net> landlock: Move filesystem helpers and add a new one Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jkosina(a)suse.com> HID: multitouch: fix support for Goodix PID 0x01e9 Jiri Kosina <jkosina(a)suse.com> Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused dualmac control leftovers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtlwifi: remove unused timer and related code Jakob Koschel <jakobkoschel(a)gmail.com> rtlwifi: replace usage of found with dedicated list iterator variable Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: leds: class-multicolor: reference class directly in multi-led node Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> dt-bindings: leds: Add multicolor PWM LED bindings Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> dt-bindings: leds: Optional multi-led unit address Bjorn Andersson <bjorn.andersson(a)linaro.org> dt-bindings: leds: Add Qualcomm Light Pulse Generator binding Rob Herring <robh(a)kernel.org> dt-bindings: Another pass removing cases of 'allOf' containing a '$ref' Pratyush Yadav <p.yadav(a)ti.com> spi: dt-bindings: add schema listing peripheral-specific properties Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Chengming Zhou <zhouchengming(a)bytedance.com> sched/psi: Use task->psi_flags to clear in CPU migration David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Christoph Hellwig <hch(a)lst.de> block: deprecate autoloading based on dev_t Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open Luis Chamberlain <mcgrof(a)kernel.org> fs: move fs stat sysctls to file_table.c Luis Chamberlain <mcgrof(a)kernel.org> fs: move inode sysctls to its own file Luis Chamberlain <mcgrof(a)kernel.org> sysctl: share unsigned long const values Xiaoming Ni <nixiaoming(a)huawei.com> sysctl: use const for typically used max/min proc sysctls Xiaoming Ni <nixiaoming(a)huawei.com> hung_task: move hung_task sysctl interface to hung_task.c David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY ------------- Diffstat: Documentation/dev-tools/kfence.rst | 12 ++ .../bindings/connector/usb-connector.yaml | 3 +- .../bindings/display/brcm,bcm2711-hdmi.yaml | 3 +- .../bindings/display/bridge/adi,adv7511.yaml | 5 +- .../bindings/display/bridge/synopsys,dw-hdmi.yaml | 5 +- .../bindings/display/panel/display-timings.yaml | 3 +- .../devicetree/bindings/display/ste,mcde.yaml | 4 +- .../devicetree/bindings/input/adc-joystick.yaml | 9 +- .../bindings/leds/cznic,turris-omnia-leds.yaml | 5 +- .../bindings/leds/leds-class-multicolor.yaml | 28 +-- .../devicetree/bindings/leds/leds-lp50xx.yaml | 5 +- .../bindings/leds/leds-pwm-multicolor.yaml | 78 +++++++ .../devicetree/bindings/leds/leds-qcom-lpg.yaml | 175 ++++++++++++++++ .../devicetree/bindings/mfd/google,cros-ec.yaml | 12 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/mtd/rockchip,nand-controller.yaml | 3 +- .../devicetree/bindings/net/ti,cpsw-switch.yaml | 3 +- .../devicetree/bindings/phy/phy-stm32-usbphyc.yaml | 3 +- .../bindings/power/supply/sbs,sbs-manager.yaml | 4 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - .../bindings/remoteproc/ti,k3-r5f-rproc.yaml | 3 +- .../devicetree/bindings/soc/ti/ti,pruss.yaml | 15 +- .../devicetree/bindings/sound/st,stm32-sai.yaml | 3 +- .../devicetree/bindings/sound/tlv320adcx140.yaml | 13 +- .../devicetree/bindings/spi/spi-controller.yaml | 69 +------ .../bindings/spi/spi-peripheral-props.yaml | 87 ++++++++ .../devicetree/bindings/usb/st,stusb160x.yaml | 4 +- Documentation/kbuild/kconfig.rst | 9 + Makefile | 9 +- arch/alpha/include/uapi/asm/ptrace.h | 2 + arch/alpha/kernel/asm-offsets.c | 2 + arch/alpha/kernel/entry.S | 24 +-- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 4 +- arch/arm/boot/dts/dra7-l4.dtsi | 2 + arch/arm/boot/dts/mt7623.dtsi | 2 +- arch/arm/mach-at91/pm.c | 31 ++- arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +-- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++ .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++ .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8516.dtsi | 38 ++-- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/include/asm/mman.h | 9 +- arch/arm64/kernel/cacheinfo.c | 12 +- arch/arm64/kernel/vdso/vdso.lds.S | 1 + arch/arm64/kernel/vmlinux.lds.S | 1 + arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/mm/init.c | 2 +- arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/powerpc/platforms/pseries/svm.c | 3 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/kernel/smp.c | 2 +- arch/s390/kernel/traps.c | 6 +- arch/s390/kvm/vsie.c | 25 ++- arch/x86/Kconfig | 3 +- arch/x86/boot/compressed/Makefile | 1 + arch/x86/events/intel/core.c | 5 +- arch/x86/include/asm/mmu.h | 2 + arch/x86/include/asm/mmu_context.h | 1 + arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/tlbflush.h | 1 + arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/cpu/bugs.c | 20 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/intel.c | 52 +++-- arch/x86/kernel/cpu/sgx/encl.c | 108 ++++++++-- arch/x86/kernel/cpu/sgx/encl.h | 8 +- arch/x86/kernel/cpu/sgx/ioctl.c | 17 +- arch/x86/kernel/cpu/sgx/main.c | 31 +-- arch/x86/kernel/i8253.c | 11 +- arch/x86/kernel/static_call.c | 1 - arch/x86/kvm/hyperv.c | 6 +- arch/x86/mm/init.c | 23 ++- arch/x86/mm/tlb.c | 35 +++- arch/x86/xen/mmu_pv.c | 79 +++++-- arch/x86/xen/p2m.c | 2 +- arch/x86/xen/xen-head.S | 5 +- block/Kconfig | 12 ++ block/bdev.c | 9 +- block/blk-cgroup.c | 1 + block/genhd.c | 30 ++- block/partitions/efi.c | 2 +- block/partitions/ldm.h | 2 +- block/partitions/mac.c | 18 +- crypto/testmgr.h | 227 ++++++++++++++------ drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/fan.c | 10 +- drivers/base/arch_numa.c | 2 +- drivers/base/regmap/regmap-irq.c | 2 + drivers/block/nbd.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/clocksource/i8253.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +++- drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 178 ++++++++-------- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 - drivers/crypto/ixp4xx_crypto.c | 3 + drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/dma/ti/edma.c | 3 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/efi.c | 6 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 3 + drivers/firmware/efi/libstub/relocate.c | 3 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/gpio/gpio-aggregator.c | 20 +- drivers/gpio/gpio-bcm-kona.c | 71 +++++-- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 19 -- drivers/gpio/gpio-rcar.c | 31 +-- drivers/gpio/gpio-stmpe.c | 15 +- drivers/gpio/gpio-xilinx.c | 33 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 ++ .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_probe_helper.c | 116 ++++++++--- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/gpu/drm/tidss/tidss_dispc.c | 22 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 5 + drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-core.c | 2 + drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-multitouch.c | 7 +- drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hid/wacom_wac.c | 5 + drivers/hwmon/ad7314.c | 10 + drivers/hwmon/ntc_thermistor.c | 66 +++--- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/i2c/i2c-core-acpi.c | 22 ++ drivers/idle/intel_idle.c | 4 + drivers/iio/light/as73211.c | 24 ++- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 6 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/devx.c | 1 - drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 61 +++--- drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/leds/leds-lp8860.c | 2 +- drivers/leds/leds-netxbig.c | 1 + drivers/md/Kconfig | 4 + drivers/md/dm-crypt.c | 27 +-- drivers/media/dvb-frontends/cxd2841er.c | 8 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/imx412.c | 42 ++-- drivers/media/i2c/ov5640.c | 1 + drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/exynos4-is/mipi-csis.c | 10 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 7 +- drivers/media/platform/marvell-ccic/mcam-core.c | 7 +- drivers/media/platform/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/test-drivers/vidtv/vidtv_bridge.c | 8 +- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_ctrl.c | 139 ++++++++++--- drivers/media/usb/uvc/uvc_driver.c | 105 +++++----- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 1 + drivers/media/usb/uvc/uvc_v4l2.c | 4 +- drivers/media/usb/uvc/uvcvideo.h | 20 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/memory/jedec_ddr.h | 47 +++++ drivers/memory/jedec_ddr_data.c | 41 ++++ drivers/memory/of_memory.c | 87 ++++++++ drivers/memory/of_memory.h | 9 + drivers/memory/tegra/Kconfig | 1 + drivers/memory/tegra/tegra20-emc.c | 203 ++++++++++++++++-- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/fastrpc.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-msm.c | 53 ++++- drivers/mtd/hyperbus/hbmc-am654.c | 29 +-- drivers/mtd/hyperbus/hyperbus-core.c | 8 +- drivers/mtd/hyperbus/rpc-if.c | 5 +- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/nand/raw/cadence-nand-controller.c | 44 +++- drivers/net/caif/caif_virtio.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 5 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 58 ++++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +++++++++--------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/enetc/enetc.c | 69 +++++-- drivers/net/ethernet/freescale/fec_main.c | 31 ++- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 ++- drivers/net/ethernet/mellanox/mlx5/core/mr.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - .../net/ethernet/mellanox/mlxsw/spectrum_ethtool.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/loopback.c | 14 ++ drivers/net/netdevsim/ipsec.c | 12 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/team/team.c | 11 +- drivers/net/tun.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/net/usb/rtl8150.c | 22 ++ .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/realtek/rtlwifi/base.c | 42 ++-- drivers/net/wireless/realtek/rtlwifi/base.h | 2 - drivers/net/wireless/realtek/rtlwifi/pci.c | 67 +----- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 23 --- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++++- drivers/nvme/host/core.c | 16 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/target/tcp.c | 15 +- drivers/nvmem/core.c | 2 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 3 +- drivers/parport/parport_pc.c | 5 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/quirks.c | 1 + drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/power/supply/da9150-fg.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++------ drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_clock.c | 8 + drivers/ptp/ptp_ocp.c | 2 +- drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/regulator/of_regulator.c | 14 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/s390/char/sclp_early.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 +++++++++-- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 ++- drivers/scsi/scsi_lib.c | 58 +++--- drivers/scsi/storvsc_drv.c | 1 + drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/slimbus/messaging.c | 5 +- drivers/soc/mediatek/mtk-devapc.c | 36 ++-- drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-mxs.c | 3 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/tee/optee/supp.c | 35 +--- drivers/tty/serial/8250/8250.h | 2 + drivers/tty/serial/8250/8250_dma.c | 16 ++ drivers/tty/serial/8250/8250_pci.c | 10 + drivers/tty/serial/8250/8250_port.c | 9 + drivers/tty/serial/sh-sci.c | 25 ++- drivers/tty/serial/xilinx_uartps.c | 10 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/chipidea/ci_hdrc_imx.c | 38 ++-- drivers/usb/class/cdc-acm.c | 28 ++- drivers/usb/core/hub.c | 49 ++++- drivers/usb/core/quirks.c | 10 + drivers/usb/dwc2/gadget.c | 1 + drivers/usb/dwc3/core.c | 115 ++++++----- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 47 ++++- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/f_midi.c | 10 +- drivers/usb/gadget/function/f_tcm.c | 66 +++--- drivers/usb/gadget/udc/renesas_usb3.c | 2 +- drivers/usb/host/pci-quirks.c | 9 + drivers/usb/host/xhci-mem.c | 5 +- drivers/usb/host/xhci-pci.c | 18 +- drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/host/xhci.c | 23 ++- drivers/usb/host/xhci.h | 11 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/roles/class.c | 5 +- drivers/usb/serial/option.c | 49 +++-- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 + drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/usb/typec/ucsi/ucsi.c | 2 +- drivers/vdpa/mlx5/core/resources.c | 1 - drivers/vfio/pci/vfio_pci_rdwr.c | 1 + drivers/vfio/platform/vfio_platform_common.c | 10 + drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/virt/acrn/hsm.c | 6 +- fs/afs/cell.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 23 ++- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 +++++++++- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 ++-- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/binfmt_flat.c | 2 +- fs/btrfs/file.c | 6 +- fs/btrfs/inode.c | 4 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/super.c | 2 +- fs/btrfs/transaction.c | 4 +- fs/cifs/smb2ops.c | 4 + fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/f2fs/dir.c | 53 +++-- fs/f2fs/f2fs.h | 6 +- fs/f2fs/file.c | 13 ++ fs/f2fs/inline.c | 5 +- fs/file_table.c | 47 ++++- fs/inode.c | 39 +++- fs/ksmbd/transport_ipc.c | 9 + fs/nfs/flexfilelayout/flexfilelayout.c | 27 ++- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfsd/nfs2acl.c | 2 + fs/nfsd/nfs3acl.c | 2 + fs/nfsd/nfs4callback.c | 8 +- fs/nilfs2/dir.c | 24 +-- fs/nilfs2/inode.c | 10 +- fs/nilfs2/mdt.c | 6 +- fs/nilfs2/namei.c | 37 ++-- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/page.c | 55 ++--- fs/nilfs2/page.h | 4 +- fs/nilfs2/segment.c | 4 +- fs/ocfs2/dir.c | 25 ++- fs/ocfs2/quota_global.c | 5 + fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/orangefs/orangefs-debugfs.c | 4 +- fs/overlayfs/copy_up.c | 44 ++-- fs/overlayfs/dir.c | 100 ++++----- fs/overlayfs/inode.c | 17 +- fs/overlayfs/namei.c | 6 +- fs/overlayfs/overlayfs.h | 96 ++++++--- fs/overlayfs/readdir.c | 32 +-- fs/overlayfs/super.c | 40 ++-- fs/overlayfs/util.c | 18 +- fs/proc/proc_sysctl.c | 3 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/squashfs/inode.c | 5 +- fs/ubifs/debug.c | 22 +- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_qm_bhv.c | 41 ++-- fs/xfs/xfs_super.c | 11 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_probe_helper.h | 1 + include/linux/cgroup-defs.h | 6 +- include/linux/efi.h | 1 + include/linux/fs.h | 6 - include/linux/i8253.h | 1 + include/linux/kallsyms.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/memblock.h | 12 -- include/linux/mlx5/driver.h | 2 - include/linux/mtd/hyperbus.h | 4 +- include/linux/netdevice.h | 8 + include/linux/pci_ids.h | 4 + include/linux/pps_kernel.h | 3 +- include/linux/sched.h | 4 +- include/linux/sched/sysctl.h | 14 +- include/linux/sched/task.h | 1 + include/linux/sysctl.h | 6 + include/linux/usb/hcd.h | 5 +- include/linux/usb/tcpm.h | 3 +- include/net/dst.h | 9 + include/net/flow_dissector.h | 16 ++ include/net/flow_offload.h | 6 + include/net/l3mdev.h | 2 + include/net/net_namespace.h | 15 +- include/net/netns/ipv4.h | 3 + include/net/route.h | 9 +- include/trace/events/oom.h | 36 +++- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/seg6_iptunnel.h | 2 + kernel/acct.c | 134 +++++++----- kernel/bpf/syscall.c | 18 +- kernel/cgroup/cgroup.c | 20 +- kernel/debug/kdb/kdb_io.c | 2 + kernel/dma/swiotlb.c | 2 +- kernel/events/core.c | 17 +- kernel/hung_task.c | 81 +++++++- kernel/irq/internals.h | 9 +- kernel/padata.c | 45 +++- kernel/power/hibernate.c | 7 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 10 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/fair.c | 23 ++- kernel/sched/stats.h | 22 +- kernel/sysctl.c | 146 ++----------- kernel/time/clocksource.c | 11 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ftrace.c | 27 ++- lib/Kconfig.debug | 8 +- lib/Kconfig.kfence | 12 ++ lib/cpumask.c | 2 +- mm/kfence/core.c | 51 ++++- mm/memcontrol.c | 7 +- mm/memory.c | 6 +- mm/oom_kill.c | 14 +- mm/page_alloc.c | 1 + mm/percpu.c | 8 +- mm/sparse.c | 2 +- mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/batman-adv/bat_v.c | 2 - net/batman-adv/bat_v_elp.c | 123 +++++++---- net/batman-adv/bat_v_elp.h | 2 - net/batman-adv/types.h | 3 - net/bluetooth/l2cap_core.c | 9 +- net/bluetooth/l2cap_sock.c | 7 +- net/can/j1939/socket.c | 4 +- net/can/j1939/transport.c | 5 +- net/core/dev.c | 37 +++- net/core/drop_monitor.c | 39 ++-- net/core/flow_dissector.c | 49 +++-- net/core/flow_offload.c | 7 + net/core/neighbour.c | 11 +- net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/arp.c | 6 +- net/ipv4/devinet.c | 3 +- net/ipv4/ipmr_base.c | 3 - net/ipv4/route.c | 102 ++++++--- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp.c | 4 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/ipv6/mcast.c | 14 +- net/ipv6/ndisc.c | 28 +-- net/ipv6/route.c | 7 +- net/ipv6/rpl_iptunnel.c | 62 +++--- net/ipv6/seg6_iptunnel.c | 227 +++++++++++++++++--- net/ipv6/udp.c | 4 +- net/llc/llc_s_ac.c | 49 +++-- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 6 - net/mptcp/protocol.c | 1 + net/mptcp/protocol.h | 30 +-- net/ncsi/internal.h | 2 + net/ncsi/ncsi-cmd.c | 3 +- net/ncsi/ncsi-manage.c | 38 +++- net/ncsi/ncsi-pkt.h | 10 + net/ncsi/ncsi-rsp.c | 58 ++++-- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_flow_offload.c | 16 +- net/nfc/nci/hci.c | 2 + net/openvswitch/datapath.c | 12 +- net/rose/af_rose.c | 40 ++-- net/rose/rose_timer.c | 15 ++ net/sched/cls_flower.c | 8 +- net/sched/sch_api.c | 4 + net/sched/sch_cake.c | 140 +++++++------ net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 ++-- net/smc/smc_rx.h | 8 +- net/sunrpc/cache.c | 10 +- net/tipc/crypto.c | 4 +- net/vmw_vsock/af_vsock.c | 82 +++++--- net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- net/wireless/scan.c | 35 ++++ net/xfrm/xfrm_replay.c | 10 +- samples/landlock/sandboxer.c | 7 + scripts/Makefile.extrawarn | 5 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 +- scripts/kconfig/conf.c | 6 + scripts/kconfig/confdata.c | 102 ++++----- scripts/kconfig/lkc_proto.h | 2 + scripts/kconfig/symbol.c | 10 + security/landlock/fs.c | 86 ++++---- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 78 +++++++ sound/soc/codecs/es8328.c | 15 +- sound/soc/intel/boards/bytcr_rt5640.c | 17 +- sound/soc/sh/rz-ssi.c | 5 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 3 + sound/usb/usx2y/usbusx2y.c | 11 + sound/usb/usx2y/usbusx2y.h | 26 +++ sound/usb/usx2y/usbusx2yaudio.c | 27 --- tools/bootconfig/main.c | 4 +- tools/lib/bpf/linker.c | 22 +- tools/perf/bench/epoll-wait.c | 7 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- tools/perf/util/bpf-event.c | 10 +- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/header.c | 8 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- tools/testing/selftests/kselftest_harness.h | 24 +-- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/pmtu.sh | 229 ++++++++++++++++++++- tools/testing/selftests/net/rtnetlink.sh | 4 +- tools/testing/selftests/net/udpgso.c | 26 +++ 607 files changed, 6988 insertions(+), 3353 deletions(-)

6 months, 1 week

8
7
0 0

[PATCH 6.12 000/269] 6.12.19-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.19 release. There are 269 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 12 Mar 2025 17:04:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.19-rc1 Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Kumar Kartikeya Dwivedi <memxor(a)gmail.com> selftests/bpf: Clean up open-coded gettid syscall invocations Jiri Olsa <jolsa(a)kernel.org> uprobes: Fix race in uprobe_free_utask Paolo Bonzini <pbonzini(a)redhat.com> KVM: e500: always restore irqs Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: e500: always restore irqs" Miguel Ojeda <ojeda(a)kernel.org> docs: rust: remove spurious item in `expect` list Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: Fix a C2HTermReq error message Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_collect: fix crash due to uninitialized `prev` variable Max Kellermann <max.kellermann(a)ionos.com> fs/netfs/read_pgpriv2: skip folio queues without `marks3` Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Markus Burri <markus.burri(a)mt.com> iio: adc: ad7192: fix channel select Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: apds9306: fix max_scale_nano values Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: deallocate static minor in error path Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Qiu-ji Chen <chenqiuji666(a)gmail.com> cdx: Fix possible UAF error in driver_override_show() Xiaoyao Li <xiaoyao.li(a)intel.com> KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL in common x86 Sean Christopherson <seanjc(a)google.com> KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Sean Christopherson <seanjc(a)google.com> KVM: SVM: Save host DR masks on CPUs with DebugSwap Sean Christopherson <seanjc(a)google.com> KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Gary Guo <gary(a)garyguo.net> rust: map `long` to `isize` and `char` to `u8` Miguel Ojeda <ojeda(a)kernel.org> rust: finish using custom FFI integer types Christian A. Ehrhardt <lk(a)c--e.de> acpi: typec: ucsi: Introduce a ->poll_cci method Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: Fix NULL pointer access Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Marc Zyngier <maz(a)kernel.org> xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Matt Johnston <matt(a)codeconstruct.com.au> mctp i3c: handle NULL header address Lorenzo Bianconi <lorenzo(a)kernel.org> net: dsa: mt7530: Fix traffic flooding for MMIO devices Dan Carpenter <dan.carpenter(a)linaro.org> nvme-tcp: fix signedness bug in nvme_tcp_init_connection() Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Eric Sandeen <sandeen(a)redhat.com> exfat: short-circuit zero-byte writes in exfat_file_write_iter Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix just enough dentries but allocate a new cluster to dir Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device Jakub Kicinski <kuba(a)kernel.org> net: ethtool: plumb PHY stats to PHY drivers Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: linkstate: migrate linkstate functions to support multi-PHY setups Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix QSB data for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix v4.7 resource group names Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Fix use-after-free when detaching device Maarten Lankhorst <dev(a)lankhorst.se> drm/xe: Remove double pageflip Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Plumb 'dsb' all way to the plane hooks Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/color: Extract intel_color_modeset() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix timestamps in firmware traces Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix pmus_lock vs. pmus_srcu ordering Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Remove (revert) duplicate Ally X config Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: add basic support for the C2HTermReq PDU Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Dave Airlie <airlied(a)redhat.com> drm/nouveau: select FW caching Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Run DRM default client setup Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-ttm: Support struct drm_driver.fbdev_probe Thomas Zimmermann <tzimmermann(a)suse.de> drm: Add client-agnostic setup helper Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev: Add memory-agnostic fbdev client Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-helper: Move color-mode lookup into 4CC format helper Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix vendor-specific inheritance Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix MLE non-inheritance parsing Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Support parsing EPCS ML element Keith Busch <kbusch(a)kernel.org> nvme-ioctl: fix leaked requests on mapping error Keith Busch <kbusch(a)kernel.org> nvme-pci: use sgls for all user requests if possible Keith Busch <kbusch(a)kernel.org> nvme-pci: add support for sgl metadata Kees Cook <kees(a)kernel.org> coredump: Only sort VMAs when core_sort_vma sysctl is set Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Fix A-MSDU TSO preparation Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: Free pages allocated when failing to build A-MSDU Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't try to talk to a dead firmware Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: clean up ROC on failure Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-hotplug: check folio ref count first in do_migrate_range Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Brian Geffon <bgeffon(a)google.com> mm: fix finish_fault() handling for large folios Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Ma Wupeng <mawupeng1(a)huawei.com> mm: memory-failure: update ttu flag inside unmap_poisoned_folio Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: abort vma_modify() on merge out of memory failure Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: do not block on locking a large folio with raised refcount Mike Snitzer <snitzer(a)kernel.org> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries SeongJae Park <sj(a)kernel.org> selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota: make real expectation of quota exceeds SeongJae Park <sj(a)kernel.org> selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/userptr: Unmap userptrs in the mmu notifier Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: properly setup pfn_flags_mask Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Fix fault mode invalidation with unbind Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Fix GT "for each engine" workarounds Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Validate userptr during gpu vma prefetching Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Fix a misplaced #endif Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Don't dereference struct page pointers without notifier lock Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/hmm: Style- and include fixes Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add staging tree for VM binds Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Sanitize boot params before parsing command line Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e John Hubbard <jhubbard(a)nvidia.com> Revert "selftests/mm: remove local __NR_* definitions" Gabriel Krisman Bertazi <krisman(a)suse.de> Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Brendan King <Brendan.King(a)imgtec.com> drm/imagination: only init job done fences once Brendan King <Brendan.King(a)imgtec.com> drm/imagination: Hold drm_gem_gpuva lock for unmap Brendan King <Brendan.King(a)imgtec.com> drm/imagination: avoid deadlock on fence release Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: always allow ih interrupt from fw Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Paul Fertser <fercerpav(a)gmail.com> hwmon: (peci/dimmtemp) Do not provide fake thresholds data Haoxiang Li <haoxiang_li2024(a)163.com> btrfs: fix a leaked chunk map issue in read_one_chunk() Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Avoid module auto-load handling at event delivery Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix GPA size issue about VM Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Reload guest CSR registers after sleep Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add interrupt checking for AVEC Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set max_pfn with the PFN of the last page Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use polling play_dead() when resuming from hibernation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Philipp Stanner <phasta(a)kernel.org> stmmac: loongson: Pass correct arg to PCI function Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Reject invalid tracepoint name Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix a memory leak when tprobe with $retval Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Asahi Lina <lina(a)asahilina.net> rust: alloc: Fix `ArrayLayout` allocations Gary Guo <gary(a)garyguo.net> rust: use custom FFI integer types Gary Guo <gary(a)garyguo.net> rust: map `__kernel_size_t` and friends also to usize/isize Gary Guo <gary(a)garyguo.net> rust: fix size_t in bindgen prototypes of C builtins Ethan D. Twardy <ethan.twardy(a)gmail.com> rust: kbuild: expand rusttest target for macros Thomas Böhler <witcher(a)wiredspace.de> drm/panic: allow verbose version check Thomas Böhler <witcher(a)wiredspace.de> drm/panic: allow verbose boolean for clarity Thomas Böhler <witcher(a)wiredspace.de> drm/panic: correctly indent continuation of line in list item Thomas Böhler <witcher(a)wiredspace.de> drm/panic: remove redundant field when assigning value Thomas Böhler <witcher(a)wiredspace.de> drm/panic: prefer eliding lifetimes Thomas Böhler <witcher(a)wiredspace.de> drm/panic: remove unnecessary borrow in alignment_pattern Thomas Böhler <witcher(a)wiredspace.de> drm/panic: avoid reimplementing Iterator::find Danilo Krummrich <dakr(a)kernel.org> MAINTAINERS: add entry for the Rust `alloc` module Danilo Krummrich <dakr(a)kernel.org> kbuild: rust: remove the `alloc` crate and `GlobalAlloc` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: update module comment of alloc.rs Danilo Krummrich <dakr(a)kernel.org> rust: str: test: replace `alloc::format` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `Cmalloc` in module allocator_test Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `contains` for `Flags` Danilo Krummrich <dakr(a)kernel.org> rust: error: check for config `test` in `Error::name` Danilo Krummrich <dakr(a)kernel.org> rust: error: use `core::alloc::LayoutError` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add `Vec` to prelude Danilo Krummrich <dakr(a)kernel.org> rust: alloc: remove `VecExt` extension Danilo Krummrich <dakr(a)kernel.org> rust: treewide: switch to the kernel `Vec` type Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `collect` for `IntoIter` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `IntoIterator` for `Vec` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement kernel `Vec` type Benno Lossin <benno.lossin(a)proton.me> rust: alloc: introduce `ArrayLayout` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add `Box` to prelude Danilo Krummrich <dakr(a)kernel.org> rust: alloc: remove extension of std's `Box` Danilo Krummrich <dakr(a)kernel.org> rust: treewide: switch to our kernel `Box` type Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement kernel `Box` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add __GFP_NOWARN to `Flags` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `KVmalloc` allocator Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `Vmalloc` allocator Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add module `allocator_test` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `Allocator` for `Kmalloc` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: make `allocator` module public Danilo Krummrich <dakr(a)kernel.org> rust: alloc: implement `ReallocFunc` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: rename `KernelAllocator` to `Kmalloc` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: separate `aligned_size` from `krealloc_aligned` Danilo Krummrich <dakr(a)kernel.org> rust: alloc: add `Allocator` trait Filipe Xavier <felipe_life(a)live.com> rust: error: optimize error type to use nonzero Filipe Xavier <felipe_life(a)live.com> rust: error: make conversion functions public Miguel Ojeda <ojeda(a)kernel.org> Documentation: rust: discuss `#[expect(...)]` in the guidelines Miguel Ojeda <ojeda(a)kernel.org> rust: start using the `#[expect(...)]` attribute Miguel Ojeda <ojeda(a)kernel.org> Documentation: rust: add coding guidelines on lints Miguel Ojeda <ojeda(a)kernel.org> rust: enable Clippy's `check-private-items` Miguel Ojeda <ojeda(a)kernel.org> rust: provide proper code documentation titles Miguel Ojeda <ojeda(a)kernel.org> rust: replace `clippy::dbg_macro` with `disallowed_macros` Miguel Ojeda <ojeda(a)kernel.org> rust: introduce `.clippy.toml` Miguel Ojeda <ojeda(a)kernel.org> rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]` Miguel Ojeda <ojeda(a)kernel.org> rust: init: remove unneeded `#[allow(clippy::disallowed_names)]` Miguel Ojeda <ojeda(a)kernel.org> rust: enable `rustdoc::unescaped_backticks` lint Miguel Ojeda <ojeda(a)kernel.org> rust: enable `clippy::ignored_unit_patterns` lint Miguel Ojeda <ojeda(a)kernel.org> rust: enable `clippy::unnecessary_safety_doc` lint Miguel Ojeda <ojeda(a)kernel.org> rust: enable `clippy::unnecessary_safety_comment` lint Miguel Ojeda <ojeda(a)kernel.org> rust: enable `clippy::undocumented_unsafe_blocks` lint Miguel Ojeda <ojeda(a)kernel.org> rust: types: avoid repetition in `{As,From}Bytes` impls Miguel Ojeda <ojeda(a)kernel.org> rust: sort global Rust flags Miguel Ojeda <ojeda(a)kernel.org> rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]` Peter Zijlstra <peterz(a)infradead.org> loongarch: Use ASM_REACHABLE Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add some forgotten models to the SHA check Qu Wenruo <wqu(a)suse.com> btrfs: fix data overwriting bug during buffered write when block size < page size Steve French <stfrench(a)microsoft.com> smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions Pali Rohár <pali(a)kernel.org> cifs: Remove symlink member from cifs_open_info_data union Johan Korsnes <johan.korsnes(a)remarkable.no> gpio: vf610: add locking to gpio direction functions Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: vf610: use generic device_get_match_data() Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Jani Nikula <jani.nikula(a)intel.com> drm/i915/dsi: convert to struct intel_display Yutaro Ohno <yutaro.ono.418(a)gmail.com> rust: block: fix formatting in GenDisk doc Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() ------------- Diffstat: .clippy.toml | 9 + .gitignore | 1 + Documentation/admin-guide/sysctl/kernel.rst | 11 + Documentation/rust/coding-guidelines.rst | 146 ++++ MAINTAINERS | 8 + Makefile | 24 +- arch/arm64/include/asm/hugetlb.h | 4 +- arch/arm64/mm/hugetlbpage.c | 59 +- arch/loongarch/include/asm/bug.h | 13 +- arch/loongarch/include/asm/hugetlb.h | 6 +- arch/loongarch/kernel/machine_kexec.c | 4 +- arch/loongarch/kernel/setup.c | 3 + arch/loongarch/kernel/smp.c | 47 +- arch/loongarch/kvm/exit.c | 6 + arch/loongarch/kvm/main.c | 7 + arch/loongarch/kvm/vcpu.c | 2 +- arch/loongarch/kvm/vm.c | 6 +- arch/mips/include/asm/hugetlb.h | 6 +- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 +- arch/powerpc/kvm/e500_mmu_host.c | 19 +- arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 17 +- arch/s390/kernel/traps.c | 6 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/x86/boot/compressed/pgtable_64.c | 2 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 +- arch/x86/kernel/cpu/microcode/amd.c | 6 + arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/svm/svm.c | 49 ++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/kvm/svm/vmenter.S | 10 +- arch/x86/kvm/vmx/vmx.c | 8 +- arch/x86/kvm/vmx/vmx.h | 2 - arch/x86/kvm/x86.c | 2 + arch/x86/mm/init.c | 23 +- block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/rnull.rs | 4 +- drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/cdx/cdx.c | 6 +- drivers/char/misc.c | 2 +- drivers/gpio/gpio-aggregator.c | 20 +- drivers/gpio/gpio-rcar.c | 31 +- drivers/gpio/gpio-vf610.c | 11 +- drivers/gpu/drm/Kconfig | 12 + drivers/gpu/drm/Makefile | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 12 +- drivers/gpu/drm/drm_client_setup.c | 66 ++ drivers/gpu/drm/drm_fb_helper.c | 85 +- drivers/gpu/drm/drm_fbdev_client.c | 141 ++++ drivers/gpu/drm/drm_fbdev_ttm.c | 142 ++-- drivers/gpu/drm/drm_fourcc.c | 30 +- drivers/gpu/drm/drm_panic_qr.rs | 25 +- drivers/gpu/drm/i915/display/i9xx_plane.c | 22 +- drivers/gpu/drm/i915/display/icl_dsi.c | 448 +++++----- drivers/gpu/drm/i915/display/icl_dsi.h | 4 +- drivers/gpu/drm/i915/display/intel_atomic_plane.c | 49 +- drivers/gpu/drm/i915/display/intel_atomic_plane.h | 19 +- drivers/gpu/drm/i915/display/intel_color.c | 17 + drivers/gpu/drm/i915/display/intel_color.h | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 101 +-- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_de.h | 11 + drivers/gpu/drm/i915/display/intel_display.c | 58 +- drivers/gpu/drm/i915/display/intel_display_types.h | 16 +- drivers/gpu/drm/i915/display/intel_sprite.c | 27 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 305 +++---- drivers/gpu/drm/imagination/pvr_fw_meta.c | 6 +- drivers/gpu/drm/imagination/pvr_fw_trace.c | 4 +- drivers/gpu/drm/imagination/pvr_queue.c | 18 +- drivers/gpu/drm/imagination/pvr_queue.h | 4 + drivers/gpu/drm/imagination/pvr_vm.c | 134 ++- drivers/gpu/drm/imagination/pvr_vm.h | 3 + drivers/gpu/drm/nouveau/Kconfig | 2 + drivers/gpu/drm/nouveau/nouveau_drm.c | 10 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 10 - drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_hmm.c | 194 +++-- drivers/gpu/drm/xe/xe_hmm.h | 7 + drivers/gpu/drm/xe/xe_pt.c | 96 +-- drivers/gpu/drm/xe/xe_pt_walk.c | 3 +- drivers/gpu/drm/xe/xe_pt_walk.h | 4 + drivers/gpu/drm/xe/xe_vm.c | 100 ++- drivers/gpu/drm/xe/xe_vm.h | 10 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-steam.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid-client.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 + drivers/hwmon/ntc_thermistor.c | 66 +- drivers/hwmon/peci/dimmtemp.c | 10 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 + drivers/iio/adc/ad7192.c | 2 +- drivers/iio/adc/at91-sama5d2_adc.c | 68 +- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- drivers/iio/light/apds9306.c | 4 +- drivers/misc/cardreader/rtsx_usb.c | 15 - drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/mei/vsc-tp.c | 2 +- drivers/net/caif/caif_virtio.c | 2 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 +++-- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 6 +- drivers/net/ipa/data/ipa_data-v4.7.c | 18 +- drivers/net/mctp/mctp-i3c.c | 3 + drivers/net/phy/phy.c | 43 + drivers/net/phy/phy_device.c | 2 + drivers/net/ppp/ppp_generic.c | 28 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 7 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 2 + drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 5 +- drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 20 +- drivers/nvme/host/ioctl.c | 20 +- drivers/nvme/host/nvme.h | 7 + drivers/nvme/host/pci.c | 147 +++- drivers/nvme/host/tcp.c | 81 +- drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/slimbus/messaging.c | 5 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 + drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/host/xhci-hub.c | 8 + drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 18 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 + drivers/usb/typec/ucsi/ucsi.c | 25 +- drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 21 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + drivers/usb/typec/ucsi/ucsi_glink.c | 1 + drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + drivers/virt/acrn/hsm.c | 6 +- fs/btrfs/file.c | 9 +- fs/btrfs/volumes.c | 1 + fs/coredump.c | 15 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/exfat/file.c | 2 +- fs/exfat/namei.c | 2 +- fs/netfs/read_collect.c | 21 +- fs/netfs/read_pgpriv2.c | 5 +- fs/nfs/file.c | 3 +- fs/smb/client/cifsglob.h | 6 +- fs/smb/client/inode.c | 2 +- fs/smb/client/reparse.h | 28 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2inode.c | 4 + fs/smb/client/smb2ops.c | 3 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/smbacl.c | 16 + fs/smb/server/transport_ipc.c | 1 + include/asm-generic/hugetlb.h | 2 +- include/drm/drm_client_setup.h | 26 + include/drm/drm_drv.h | 18 + include/drm/drm_fbdev_client.h | 19 + include/drm/drm_fbdev_ttm.h | 13 + include/drm/drm_fourcc.h | 1 + include/linux/compaction.h | 5 + include/linux/ethtool.h | 23 + include/linux/hugetlb.h | 4 +- include/linux/nvme-tcp.h | 2 + include/linux/nvme.h | 1 + include/linux/phy.h | 36 + include/linux/phylib_stubs.h | 42 + include/linux/sched.h | 2 +- kernel/events/core.c | 4 +- kernel/events/uprobes.c | 2 +- kernel/sched/fair.c | 6 +- kernel/trace/trace_fprobe.c | 15 + kernel/trace/trace_probe.h | 2 +- mm/compaction.c | 3 + mm/hugetlb.c | 4 +- mm/internal.h | 5 +- mm/kasan/kasan_test_rust.rs | 3 +- mm/kmsan/hooks.c | 1 + mm/memory-failure.c | 63 +- mm/memory.c | 21 +- mm/memory_hotplug.c | 28 +- mm/page_alloc.c | 4 +- mm/userfaultfd.c | 17 +- mm/vma.c | 12 +- mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ethtool/cabletest.c | 8 +- net/ethtool/linkstate.c | 26 +- net/ethtool/netlink.c | 6 +- net/ethtool/netlink.h | 5 +- net/ethtool/phy.c | 2 +- net/ethtool/plca.c | 6 +- net/ethtool/pse-pd.c | 4 +- net/ethtool/stats.c | 18 + net/ethtool/strset.c | 2 +- net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/mlme.c | 1 + net/mac80211/parse.c | 164 +++- net/mptcp/pm_netlink.c | 18 +- net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- rust/Makefile | 94 ++- rust/bindgen_parameters | 5 + rust/bindings/bindings_helper.h | 1 + rust/bindings/lib.rs | 6 + rust/exports.c | 1 - rust/ffi.rs | 48 ++ rust/helpers/helpers.c | 1 + rust/helpers/slab.c | 6 + rust/helpers/vmalloc.c | 9 + rust/kernel/alloc.rs | 150 +++- rust/kernel/alloc/allocator.rs | 214 +++-- rust/kernel/alloc/allocator_test.rs | 95 +++ rust/kernel/alloc/box_ext.rs | 89 -- rust/kernel/alloc/kbox.rs | 456 ++++++++++ rust/kernel/alloc/kvec.rs | 913 +++++++++++++++++++++ rust/kernel/alloc/layout.rs | 91 ++ rust/kernel/alloc/vec_ext.rs | 185 ----- rust/kernel/block/mq/gen_disk.rs | 6 +- rust/kernel/block/mq/operations.rs | 18 +- rust/kernel/block/mq/raw_writer.rs | 2 +- rust/kernel/block/mq/tag_set.rs | 2 +- rust/kernel/error.rs | 82 +- rust/kernel/firmware.rs | 2 +- rust/kernel/init.rs | 127 +-- rust/kernel/init/__internal.rs | 13 +- rust/kernel/init/macros.rs | 18 +- rust/kernel/ioctl.rs | 2 +- rust/kernel/lib.rs | 5 +- rust/kernel/list.rs | 1 + rust/kernel/list/arc_field.rs | 2 +- rust/kernel/net/phy.rs | 16 +- rust/kernel/prelude.rs | 5 +- rust/kernel/print.rs | 5 +- rust/kernel/rbtree.rs | 49 +- rust/kernel/std_vendor.rs | 12 +- rust/kernel/str.rs | 46 +- rust/kernel/sync/arc.rs | 25 +- rust/kernel/sync/arc/std_vendor.rs | 2 + rust/kernel/sync/condvar.rs | 7 +- rust/kernel/sync/lock.rs | 8 +- rust/kernel/sync/lock/mutex.rs | 4 +- rust/kernel/sync/lock/spinlock.rs | 4 +- rust/kernel/sync/locked_by.rs | 2 +- rust/kernel/task.rs | 8 +- rust/kernel/time.rs | 4 +- rust/kernel/types.rs | 140 ++-- rust/kernel/uaccess.rs | 48 +- rust/kernel/workqueue.rs | 29 +- rust/macros/lib.rs | 14 +- rust/macros/module.rs | 8 +- rust/uapi/lib.rs | 6 + samples/rust/rust_minimal.rs | 4 +- samples/rust/rust_print.rs | 1 + scripts/Makefile.build | 4 +- scripts/generate_rust_analyzer.py | 11 +- sound/core/seq/seq_clientmgr.c | 46 +- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 107 ++- sound/usb/usx2y/usbusx2y.c | 11 + sound/usb/usx2y/usbusx2y.h | 26 + sound/usb/usx2y/usbusx2yaudio.c | 27 - tools/testing/selftests/bpf/benchs/bench_trigger.c | 3 +- tools/testing/selftests/bpf/bpf_util.h | 9 + .../selftests/bpf/map_tests/task_storage_map.c | 3 +- .../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +- .../selftests/bpf/prog_tests/cgrp_local_storage.c | 10 +- .../testing/selftests/bpf/prog_tests/core_reloc.c | 2 +- .../selftests/bpf/prog_tests/linked_funcs.c | 2 +- .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 +- .../selftests/bpf/prog_tests/rcu_read_lock.c | 4 +- .../selftests/bpf/prog_tests/task_local_storage.c | 8 +- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 2 +- tools/testing/selftests/damon/damon_nr_regions.py | 2 + tools/testing/selftests/damon/damos_quota.py | 9 +- tools/testing/selftests/damon/damos_quota_goal.py | 3 + tools/testing/selftests/mm/hugepage-mremap.c | 2 +- tools/testing/selftests/mm/ksm_functional_tests.c | 8 +- tools/testing/selftests/mm/memfd_secret.c | 14 +- tools/testing/selftests/mm/mkdirty.c | 8 +- tools/testing/selftests/mm/mlock2.h | 1 - tools/testing/selftests/mm/protection_keys.c | 2 +- tools/testing/selftests/mm/uffd-common.c | 4 + tools/testing/selftests/mm/uffd-stress.c | 15 +- tools/testing/selftests/mm/uffd-unit-tests.c | 14 +- usr/include/Makefile | 2 +- 335 files changed, 6013 insertions(+), 2454 deletions(-)

6 months, 1 week

13
281
0 0

[PATCH 6.6 000/145] 6.6.83-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.83 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 12 Mar 2025 17:04:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.83-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.83-rc1 Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Sanitize boot params before parsing command line Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Jiri Olsa <jolsa(a)kernel.org> uprobes: Fix race in uprobe_free_utask Imre Deak <imre.deak(a)intel.com> drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: e500: always restore irqs" Samuel Holland <samuel.holland(a)sifive.com> riscv: Save/restore envcfg CSR during CPU suspend Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix enabling cbo.zero when running in M-mode Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: deallocate static minor in error path Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Qiu-ji Chen <chenqiuji666(a)gmail.com> cdx: Fix possible UAF error in driver_override_show() Xiaoyao Li <xiaoyao.li(a)intel.com> KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM Sean Christopherson <seanjc(a)google.com> KVM: SVM: Suppress DEBUGCTL.BTF on AMD Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: Fix NULL pointer access Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Lorenzo Bianconi <lorenzo(a)kernel.org> net: dsa: mt7530: Fix traffic flooding for MMIO devices Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix QSB data for v4.7 Luca Weiss <luca.weiss(a)fairphone.com> net: ipa: Fix v4.7 resource group names Vicki Pfau <vi(a)endrift.com> HID: hid-steam: Fix use-after-free when detaching device Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix pmus_lock vs. pmus_srcu ordering Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Mike Snitzer <snitzer(a)kernel.org> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Paul Fertser <fercerpav(a)gmail.com> hwmon: (peci/dimmtemp) Do not provide fake thresholds data Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Avoid module auto-load handling at event delivery Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Bibo Mao <maobibo(a)loongson.cn> LoongArch: Set max_pfn with the PFN of the last page Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use polling play_dead() when resuming from hibernation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix a memory leak when tprobe with $retval Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add some forgotten models to the SHA check Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Andrew Jones <ajones(a)ventanamicro.com> RISC-V: Enable cbo.zero in usermode Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Miquel Sabaté Solà <mikisabate(a)gmail.com> riscv: Prevent a bad reference count on CPU nodes Yunhui Cui <cuiyunhui(a)bytedance.com> riscv: cacheinfo: initialize cacheinfo's level and type from ACPI PPTT Yunhui Cui <cuiyunhui(a)bytedance.com> riscv: cacheinfo: remove the useless input parameter (node) of ci_leaf_init() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Waiman Long <longman(a)redhat.com> x86/speculation: Add __update_spec_ctrl() helper Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Martyn Welch <martyn.welch(a)collabora.com> net: enetc: Replace ifdef with IS_ENABLED Gal Pressman <gal(a)nvidia.com> net: enetc: Remove setting of RX software timestamp Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Inspect header requirements before using scrq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Perform tx CSO during send scrq direct Paulo Alcantara <pc(a)manguebit.com> smb: client: fix chmod(2) regression with ATTR_READONLY Farouk Bouabid <farouk.bouabid(a)theobroma-systems.com> arm64: dts: rockchip: add rs485 support on uart5 of px30-ringneck-haikou Imre Deak <imre.deak(a)intel.com> drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Lucas De Marchi <lucas.demarchi(a)intel.com> drm/i915/xe2lpd: Move D2D enable/disable Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() ------------- Diffstat: Makefile | 9 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 1 + arch/arm64/include/asm/hugetlb.h | 4 +- arch/arm64/mm/hugetlbpage.c | 59 +++--- arch/loongarch/include/asm/hugetlb.h | 6 +- arch/loongarch/kernel/machine_kexec.c | 4 +- arch/loongarch/kernel/setup.c | 3 + arch/loongarch/kernel/smp.c | 47 ++++- arch/mips/include/asm/hugetlb.h | 6 +- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 6 +- arch/powerpc/kvm/e500_mmu_host.c | 21 ++- arch/riscv/include/asm/cpufeature.h | 1 + arch/riscv/include/asm/csr.h | 3 + arch/riscv/include/asm/hugetlb.h | 3 +- arch/riscv/include/asm/hwcap.h | 16 ++ arch/riscv/include/asm/suspend.h | 1 + arch/riscv/kernel/cacheinfo.c | 54 ++++-- arch/riscv/kernel/cpufeature.c | 6 + arch/riscv/kernel/setup.c | 6 +- arch/riscv/kernel/smpboot.c | 4 + arch/riscv/kernel/suspend.c | 4 + arch/riscv/mm/hugetlbpage.c | 2 +- arch/s390/include/asm/hugetlb.h | 17 +- arch/s390/kernel/traps.c | 6 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/sparc/include/asm/hugetlb.h | 2 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/x86/boot/compressed/acpi.c | 14 +- arch/x86/boot/compressed/cmdline.c | 4 +- arch/x86/boot/compressed/ident_map_64.c | 7 +- arch/x86/boot/compressed/kaslr.c | 26 +-- arch/x86/boot/compressed/mem.c | 6 +- arch/x86/boot/compressed/misc.c | 26 +-- arch/x86/boot/compressed/misc.h | 1 - arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/boot/compressed/sev.c | 2 +- arch/x86/include/asm/boot.h | 2 + arch/x86/include/asm/spec-ctrl.h | 11 ++ arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 ++++-- arch/x86/kernel/cpu/microcode/amd.c | 6 + arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/svm.c | 21 +++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/mm/init.c | 23 ++- block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/cdx/cdx.c | 6 +- drivers/char/misc.c | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 2 +- drivers/firmware/efi/libstub/x86-stub.h | 2 - drivers/firmware/efi/mokvar-table.c | 42 ++--- drivers/gpio/gpio-aggregator.c | 20 ++- drivers/gpio/gpio-rcar.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/i915/display/icl_dsi.c | 4 +- drivers/gpu/drm/i915/display/intel_ddi.c | 46 +++-- drivers/gpu/drm/i915/i915_reg.h | 4 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-steam.c | 2 +- drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 ++ drivers/hwmon/ntc_thermistor.c | 66 +++---- drivers/hwmon/peci/dimmtemp.c | 10 +- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/iio/adc/at91-sama5d2_adc.c | 68 ++++--- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- drivers/misc/cardreader/rtsx_usb.c | 15 -- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/caif/caif_virtio.c | 2 +- drivers/net/dsa/mt7530.c | 8 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++++----------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/enetc/enetc.c | 25 ++- drivers/net/ethernet/freescale/enetc/enetc.h | 9 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 27 +-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 21 ++- drivers/net/ipa/data/ipa_data-v4.7.c | 18 +- drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/slimbus/messaging.c | 5 +- drivers/spi/spi-mxs.c | 3 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 ++++ drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +++++---- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 18 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 ++ drivers/usb/typec/ucsi/ucsi.c | 15 +- drivers/virt/acrn/hsm.c | 6 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/nfs/direct.c | 19 ++ fs/nfs/file.c | 3 +- fs/smb/client/inode.c | 4 +- fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 1 + include/asm-generic/hugetlb.h | 2 +- include/linux/compaction.h | 5 + include/linux/hugetlb.h | 4 +- include/linux/sched.h | 2 +- kernel/events/core.c | 4 +- kernel/events/uprobes.c | 2 +- kernel/sched/fair.c | 6 +- kernel/trace/trace_fprobe.c | 2 + kernel/trace/trace_probe.h | 1 - mm/compaction.c | 3 + mm/hugetlb.c | 4 +- mm/kmsan/hooks.c | 1 + mm/memory.c | 6 +- mm/page_alloc.c | 1 + mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 ++--- net/mptcp/pm_netlink.c | 18 +- net/sched/sch_fifo.c | 3 + net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- security/integrity/ima/ima_main.c | 7 +- security/integrity/integrity.h | 3 + sound/core/seq/seq_clientmgr.c | 46 +++-- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 99 ++++++++++- sound/usb/usx2y/usbusx2y.c | 11 ++ sound/usb/usx2y/usbusx2y.h | 26 +++ sound/usb/usx2y/usbusx2yaudio.c | 27 --- usr/include/Makefile | 2 +- 168 files changed, 1335 insertions(+), 707 deletions(-)

6 months, 1 week

11
158
0 0

[PATCH 6.1 000/109] 6.1.131-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.131 release. There are 109 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 12 Mar 2025 17:04:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.131-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.131-rc1 Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct lld when linking through clang Michal Luczaj <mhal(a)rbox.co> vsock: Orphan socket after transport release Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Invoke proto::close on close() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add rough attr alloc_size check Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Handle invalid decoder vsi Tuo Li <islituo(a)gmail.com> scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: eliminate staggered calls to kunmap in nilfs_rename Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link Ralf Schlatterbeck <rsc(a)runtux.com> spi-mxs: Fix chipselect glitch Xi Ruoyao <xry111(a)xry111.site> x86/mm: Don't disable PCID when INVLPG has been fixed by microcode Jiri Olsa <jolsa(a)kernel.org> uprobes: Fix race in uprobe_free_utask Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "KVM: e500: always restore irqs" Arnd Bergmann <arnd(a)arndb.de> ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage Nayab Sayed <nayabbasha.sayed(a)microchip.com> iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r: clear reset status flag Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: Force initialization of SDO Haoyu Li <lihaoyu499(a)gmail.com> drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Make GPIO lookup table match the device Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock Visweswara Tanuku <quic_vtanuku(a)quicinc.com> slimbus: messaging: Free transaction ID in delayed interrupt scenario Luca Ceresoli <luca.ceresoli(a)bootlin.com> drivers: core: fix device leak in __fw_devlink_relax_cycles() Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-P/U support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Panther Lake-H support Pawel Chmielewski <pawel.chmielewski(a)intel.com> intel_th: pci: Add Arrow Lake support Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake P DID Sean Christopherson <seanjc(a)google.com> KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> xhci: pci: Fix indentation in the PCI device ID definitions Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Check bmAttributes only if configuration is valid Marek Szyprowski <m.szyprowski(a)samsung.com> usb: gadget: Fix setting self-powered state on suspend Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Set self-powered based on MaxPower and bmAttributes AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality Fedor Pchelkin <boddah8794(a)gmail.com> usb: typec: ucsi: increase timeout for PPM reset operations Badhri Jagan Sridharan <badhri(a)google.com> usb: dwc3: gadget: Prevent irq storm when TH re-executes Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Set SUSPENDENABLE soon after phy init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix a flaw in existing endpoint checks Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Flush the notify_hotplug_work Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader Pawel Laszczak <pawell(a)cadence.com> usb: hub: lack of clearing xHC resources Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Use devm_usb_get_phy() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Call clk_put() Christian Heusel <christian(a)heusel.eu> Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> gpio: rcar: Fix missing of_node_put() call Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix missing dst ref drop in ila lwtunnel Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop in ila lwtunnel Zecheng Li <zecheng(a)google.com> sched/fair: Fix potential memory corruption in child_cfs_rq_on_list Uday Shankar <ushankar(a)purestorage.com> ublk: set_params: properly check if parameters can be applied Jason Xing <kerneljasonxing(a)gmail.com> net-timestamp: support TCP GSO case for a few missing flags Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix soft lockup in exfat_clear_bitmap Jarkko Sakkinen <jarkko(a)kernel.org> x86/sgx: Fix size overflows in sgx_encl_create() Oscar Maes <oscmaes92(a)gmail.com> vlan: enforce underlying device type Jiayuan Chen <jiayuan.chen(a)linux.dev> ppp: Fix KMSAN uninit-value warning with bpf Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error Nikolay Aleksandrov <razor(a)blackwall.org> be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix preprocessor guard Xinghuo Chen <xinghuo.chen(a)foxmail.com> hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() Eric Dumazet <edumazet(a)google.com> llc: do not use skb_get() before dev_queue_xmit() Murad Masimov <m.masimov(a)mt-integration.ru> ALSA: usx2y: validate nrpacks module parameter on probe Erik Schumacher <erik.schumacher(a)iris-sensing.com> hwmon: (ad7314) Validate leading zero bits and return error Maud Spierings <maudspierings(a)gocontroll.com> hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table Titus Rwantare <titusr(a)google.com> hwmon: (pmbus) Initialise page count in pmbus_identify() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> caif_virtio: fix wrong pointer check in cfv_probe() Antoine Tenart <atenart(a)kernel.org> net: gso: fix ownership in __udp_gso_segment Meir Elisha <meir.elisha(a)volumez.com> nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch Salah Triki <salah.triki(a)gmail.com> bluetooth: btusb: Initialize .owner field of force_poll_sync_fops Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() Yu-Chun Lin <eleanor15x(a)gmail.com> HID: google: fix unused variable warning under !CONFIG_ACPI Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: limit printed string from FW file Ryan Roberts <ryan.roberts(a)arm.com> mm: don't skip arch_sync_kernel_mappings() in error paths Hao Zhang <zhanghao1(a)kylinos.cn> mm/page_alloc: fix uninitialized variable Olivier Gayot <olivier.gayot(a)canonical.com> block: fix conversion of GPT partition name to 7-bit Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Fix test_monitor_call() inline assembly Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> dma: kmsan: export kmsan_handle_dma() for modules Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: fix an API misues when rio_add_net() fails Haoxiang Li <haoxiang_li2024(a)163.com> rapidio: add check for rio_add_net() in rio_scan_alloc_net() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> wifi: nl80211: reject cooked mode if it is set along with other flags Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: cfg80211: regulatory: improve invalid hints checking Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Haoxiang Li <haoxiang_li2024(a)163.com> Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Krister Johansen <kjlx(a)templeofstupid.com> mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Validate CPUID leaf 0x2 EDX output Ahmed S. Darwish <darwi(a)linutronix.de> x86/cacheinfo: Validate CPUID leaf 0x2 EDX output Mingcong Bai <jeffbai(a)aosc.io> platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e Richard Thier <u9vata(a)gmail.com> drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: update ALC222 depop optimize Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform Hoku Ishibe <me(a)hokuishi.be> ALSA: hda: intel: Add Dell ALC3271 to power_save denylist Koichiro Den <koichiro.den(a)canonical.com> gpio: aggregator: protect driver attr handlers against module unload Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix bug on trap in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb2_lock Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix type confusion via race condition when using ipc_msg_send_request Daniil Dulov <d.dulov(a)aladdin.ru> HID: appleir: Fix potential NULL dereference at raw event handle Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Convert unreachable() to BUG() Rob Herring (Arm) <robh(a)kernel.org> Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" Andrew Cooper <andrew.cooper3(a)citrix.com> x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Waiman Long <longman(a)redhat.com> x86/speculation: Add __update_spec_ctrl() helper Peter Zijlstra <peterz(a)infradead.org> cpuidle, intel_idle: Fix CPUIDLE_FLAG_IBRS Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Check extended configuration space register when system uses large bar Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Inspect header requirements before using scrq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Perform tx CSO during send scrq direct ------------- Diffstat: Makefile | 9 +- arch/loongarch/kernel/machine_kexec.c | 4 +- arch/powerpc/kvm/e500_mmu_host.c | 21 ++- arch/s390/kernel/traps.c | 6 +- arch/x86/include/asm/spec-ctrl.h | 11 ++ arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/bugs.c | 2 +- arch/x86/kernel/cpu/cacheinfo.c | 2 +- arch/x86/kernel/cpu/intel.c | 52 ++++-- arch/x86/kernel/cpu/sgx/ioctl.c | 7 + arch/x86/kvm/svm/svm.c | 12 ++ arch/x86/kvm/svm/svm.h | 2 +- arch/x86/mm/init.c | 23 ++- block/partitions/efi.c | 2 +- drivers/base/core.c | 1 + drivers/block/ublk_drv.c | 7 +- drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/pci_generic.c | 5 +- drivers/gpio/gpio-aggregator.c | 20 ++- drivers/gpio/gpio-rcar.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +- drivers/gpu/drm/radeon/r300.c | 3 +- drivers/gpu/drm/radeon/radeon_asic.h | 1 + drivers/gpu/drm/radeon/rs400.c | 18 +- drivers/gpu/drm/scheduler/gpu_scheduler_trace.h | 4 +- drivers/hid/hid-appleir.c | 2 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/intel-ish-hid/ishtp-hid.c | 4 +- drivers/hwmon/ad7314.c | 10 ++ drivers/hwmon/ntc_thermistor.c | 66 +++---- drivers/hwmon/pmbus/pmbus.c | 2 + drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/pci.c | 15 ++ drivers/idle/intel_idle.c | 4 +- drivers/iio/adc/at91-sama5d2_adc.c | 68 ++++--- drivers/iio/dac/ad3552r.c | 6 + drivers/iio/filter/admv8818.c | 14 +- .../media/platform/mediatek/vcodec/vdec_vpu_if.c | 6 + drivers/misc/cardreader/rtsx_usb.c | 15 -- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/caif/caif_virtio.c | 2 +- drivers/net/ethernet/emulex/benet/be.h | 2 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 197 ++++++++++----------- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 21 ++- drivers/net/ppp/ppp_generic.c | 28 ++- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/nvme/target/tcp.c | 15 +- drivers/of/of_reserved_mem.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 1 + drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/rapidio/rio-scan.c | 5 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 + drivers/slimbus/messaging.c | 5 +- drivers/spi/spi-mxs.c | 3 +- drivers/usb/atm/cxacru.c | 13 +- drivers/usb/core/hub.c | 33 ++++ drivers/usb/core/quirks.c | 4 + drivers/usb/dwc3/core.c | 85 +++++---- drivers/usb/dwc3/core.h | 2 +- drivers/usb/dwc3/drd.c | 4 +- drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/composite.c | 17 +- drivers/usb/host/xhci-mem.c | 3 +- drivers/usb/host/xhci-pci.c | 18 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/renesas_usbhs/common.c | 6 +- drivers/usb/renesas_usbhs/mod_gadget.c | 2 +- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 11 ++ drivers/usb/typec/ucsi/ucsi.c | 2 +- drivers/virt/acrn/hsm.c | 6 +- fs/exfat/balloc.c | 10 +- fs/exfat/exfat_fs.h | 2 +- fs/exfat/fatent.c | 11 +- fs/nilfs2/dir.c | 24 ++- fs/nilfs2/namei.c | 37 ++-- fs/nilfs2/nilfs.h | 10 +- fs/ntfs3/record.c | 3 + fs/smb/server/smb2pdu.c | 8 +- fs/smb/server/transport_ipc.c | 1 + kernel/events/uprobes.c | 2 +- kernel/sched/fair.c | 6 +- mm/kmsan/hooks.c | 1 + mm/memory.c | 6 +- mm/page_alloc.c | 1 + mm/vmalloc.c | 4 +- net/8021q/vlan.c | 3 +- net/bluetooth/mgmt.c | 5 + net/ipv4/tcp_offload.c | 11 +- net/ipv4/udp_offload.c | 8 +- net/ipv6/ila/ila_lwt.c | 4 +- net/llc/llc_s_ac.c | 49 ++--- net/mptcp/pm_netlink.c | 18 +- net/vmw_vsock/af_vsock.c | 77 +++++--- net/wireless/nl80211.c | 5 + net/wireless/reg.c | 3 +- sound/pci/hda/Kconfig | 1 + sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 99 ++++++++++- sound/usb/usx2y/usbusx2y.c | 11 ++ sound/usb/usx2y/usbusx2y.h | 26 +++ sound/usb/usx2y/usbusx2yaudio.c | 27 --- 106 files changed, 969 insertions(+), 507 deletions(-)

6 months, 1 week

11
119
0 0

RE: Shopify POS new users

by kristina williams

Hi there, I am following up on my previous email. Could you kindly share your thoughts when you have a moment? Regards, Kristina ________________________________ From: Kristina Williams Sent: 07 March 2025 07:58 To: linux-stable-mirror(a)lists.linaro.org<mailto:linux-stable-mirror@lists.linaro.org> Subject: Shopify POS new users Hi there, I hope you're doing well. Would you be open to exploring our freshly verified Shopify POS Users Data? This could be a valuable resource for your marketing and outreach efforts. Let me know if you're interested, and I'd be happy to share the available count and more details. Looking forward to your response. Best Regards, Kristina Williams Demand Generation Executive Please respond with cancel, if not needed.

6 months, 1 week

1
0
0 0

[PATCH v3] svc-i3c-master: Fix read from unreadable memory at svc_i3c_master_ibi_work

by Manjunatha Venkatesh

As part of I3C driver probing sequence for particular device instance, While adding to queue it is trying to access ibi variable of dev which is not yet initialized causing "Unable to handle kernel read from unreadable memory" resulting in kernel panic. Below is the sequence where this issue happened. 1. During boot up sequence IBI is received at host from the slave device before requesting for IBI, Usually will request IBI by calling i3c_device_request_ibi() during probe of slave driver. 2. Since master code trying to access IBI Variable for the particular device instance before actually it initialized by slave driver, due to this randomly accessing the address and causing kernel panic. 3. i3c_device_request_ibi() function invoked by the slave driver where dev->ibi = ibi; assigned as part of function call i3c_dev_request_ibi_locked(). 4. But when IBI request sent by slave device, master code trying to access this variable before its initialized due to this race condition situation kernel panic happened. fixes: dd3c52846d595 (i3c: master: svc: Add Silvaco I3C master driver) Cc: stable(a)vger.kernel.org Signed-off-by: Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> --- Changes since v2: - Description updated as per the review feedback drivers/i3c/master/svc-i3c-master.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index d6057d8c7dec..98c4d2e5cd8d 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -534,8 +534,11 @@ static void svc_i3c_master_ibi_work(struct work_struct *work) switch (ibitype) { case SVC_I3C_MSTATUS_IBITYPE_IBI: if (dev) { - i3c_master_queue_ibi(dev, master->ibi.tbq_slot); - master->ibi.tbq_slot = NULL; + data = i3c_dev_get_master_data(dev); + if (master->ibi.slots[data->ibi]) { + i3c_master_queue_ibi(dev, master->ibi.tbq_slot); + master->ibi.tbq_slot = NULL; + } } svc_i3c_master_emit_stop(master); break; -- 2.46.1

6 months, 1 week

1
0
0 0

[PATCH 1/3] mm/memblock: pass size instead of end to memblock_set_node()

by Wei Yang

The second parameter of memblock_set_node() is size instead of end. Since it iterates from lower address to higher address, finally the node id is correct. But during the process, some of them are wrong. Pass size instead of end. Fixes: 61167ad5fecd ("mm: pass nid to reserve_bootmem_region()") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> CC: Mike Rapoport <rppt(a)kernel.org> CC: Yajun Deng <yajun.deng(a)linux.dev> CC: <stable(a)vger.kernel.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memblock.c b/mm/memblock.c index 64ae678cd1d1..85442f1b7f14 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -2192,7 +2192,7 @@ static void __init memmap_init_reserved_pages(void) if (memblock_is_nomap(region)) reserve_bootmem_region(start, end, nid); - memblock_set_node(start, end, &memblock.reserved, nid); + memblock_set_node(start, region->size, &memblock.reserved, nid); } /* -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH 1/3] drm/udl: Unregister device before cleaning up on disconnect

by Thomas Zimmermann

Disconnecting a DisplayLink device results in the following kernel error messages [ 93.041748] [drm:udl_urb_completion [udl]] *ERROR* udl_urb_completion - nonzero write bulk status received: -115 [ 93.055299] [drm:udl_submit_urb [udl]] *ERROR* usb_submit_urb error fffffffe [ 93.065363] [drm:udl_urb_completion [udl]] *ERROR* udl_urb_completion - nonzero write bulk status received: -115 [ 93.078207] [drm:udl_submit_urb [udl]] *ERROR* usb_submit_urb error fffffffe coming from KMS poll helpers. Shutting down poll helpers runs them one final time when the USB device is already gone. Run drm_dev_unplug() first in udl's USB disconnect handler. Udl's polling code already handles disconnects gracefully if the device has been marked as unplugged. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: b1a981bd5576 ("drm/udl: drop drm_driver.release hook") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.8+ --- drivers/gpu/drm/udl/udl_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/udl/udl_drv.c b/drivers/gpu/drm/udl/udl_drv.c index 05b3a152cc33..7e7d704be0c0 100644 --- a/drivers/gpu/drm/udl/udl_drv.c +++ b/drivers/gpu/drm/udl/udl_drv.c @@ -127,9 +127,9 @@ static void udl_usb_disconnect(struct usb_interface *interface) { struct drm_device *dev = usb_get_intfdata(interface); + drm_dev_unplug(dev); drm_kms_helper_poll_fini(dev); udl_drop_usb(dev); - drm_dev_unplug(dev); } /* -- 2.48.1

6 months, 1 week

2
1
0 0

[PATCH v4 0/4] samsung: pinctrl: Add support for eint_fltcon_offset and filter selection on gs101

by Peter Griffin

Hi folks, This series fixes support for correctly saving and restoring fltcon0 and fltcon1 registers on gs101 for non-alive banks where the fltcon register offset is not at a fixed offset (unlike previous SoCs). This is done by adding a eint_fltcon_offset and providing GS101 specific pin macros that take an additional parameter (similar to how exynosautov920 handles it's eint_con_offset). Additionally the SoC specific suspend and resume callbacks are re-factored so that each SoC variant has it's own callback containing the peculiarities for that SoC. Finally support for filter selection on alive banks is added, this is currently only enabled for gs101. The code path can be excercised using `echo mem > /sys/power/state` regards, Peter To: Krzysztof Kozlowski <krzk(a)kernel.org> To: Sylwester Nawrocki <s.nawrocki(a)samsung.com> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Linus Walleij <linus.walleij(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: linux-gpio(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: andre.draszik(a)linaro.org Cc: tudor.ambarus(a)linaro.org Cc: willmcvicker(a)google.com Cc: semen.protsenko(a)linaro.org Cc: kernel-team(a)android.com Cc: jaewon02.kim(a)samsung.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Changes in v4: - save->eint_fltcon1 is an argument to pr_debug(), not readl() change alignment accordingly (Andre) - Link to v3: https://lore.kernel.org/r/20250306-pinctrl-fltcon-suspend-v3-0-f9ab4ff6a24e… Changes in v3: - Ensure EXYNOS_FLTCON_DIGITAL bit is cleared (Andre) - Make it obvious that exynos_eint_set_filter() is conditional on bank type (Andre) - Make it obvious exynos_set_wakeup() is conditional on bank type (Andre) - Align style where the '+' is placed first (Andre) - Remove unnecessary braces (Andre) - Link to v2: https://lore.kernel.org/r/20250301-pinctrl-fltcon-suspend-v2-0-a7eef9bb443b… Changes in v2: - Remove eint_flt_selectable bool as it can be deduced from EINT_TYPE_WKUP (Peter) - Move filter config register comment to header file (Andre) - Rename EXYNOS_FLTCON_DELAY to EXYNOS_FLTCON_ANALOG (Andre) - Remove misleading old comment (Andre) - Refactor exynos_eint_update_flt_reg() into a loop (Andre) - Split refactor of suspend/resume callbacks & gs101 parts into separate patches (Andre) - Link to v1: https://lore.kernel.org/r/20250120-pinctrl-fltcon-suspend-v1-0-e77900b2a854… --- Peter Griffin (4): pinctrl: samsung: add support for eint_fltcon_offset pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks pinctrl: samsung: Add filter selection support for alive bank on gs101 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 150 ++++++------- drivers/pinctrl/samsung/pinctrl-exynos.c | 294 +++++++++++++++---------- drivers/pinctrl/samsung/pinctrl-exynos.h | 50 ++++- drivers/pinctrl/samsung/pinctrl-samsung.c | 12 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 12 +- 5 files changed, 318 insertions(+), 200 deletions(-) --- base-commit: 0761652a3b3b607787aebc386d412b1d0ae8008c change-id: 20250120-pinctrl-fltcon-suspend-2333a137c4d4 Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

6 months, 1 week

3
7
0 0

[PATCH v3 0/6] KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs

by Akihiko Odaki

Prepare vPMC registers for user-initiated changes after first run. This is important specifically for debugging Windows on QEMU with GDB; QEMU tries to write back all visible registers when resuming the VM execution with GDB, corrupting the PMU state. Windows always uses the PMU so this can cause adverse effects on that particular OS. This series also contains patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}", which reverts semantic changes made for the mentioned registers in the past. It is necessary to migrate the PMU state properly on Firecracker, QEMU, and crosvm. Signed-off-by: Akihiko Odaki <akihiko.odaki(a)daynix.com> --- Changes in v3: - Added patch "KVM: arm64: PMU: Assume PMU presence in pmu-emul.c". - Added an explanation of this path series' motivation to each patch. - Explained why userspace register writes and register reset should be covered in patch "KVM: arm64: PMU: Reload when user modifies registers". - Marked patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" for stable. - Reoreded so that patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}" would come first. - Added patch "KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0". - Added patch "KVM: arm64: Reload PMCNTENSET_EL0". - Link to v2: https://lore.kernel.org/r/20250307-pmc-v2-0-6c3375a5f1e4@daynix.com Changes in v2: - Changed to utilize KVM_REQ_RELOAD_PMU as suggested by Oliver Upton. - Added patch "KVM: arm64: PMU: Reload when user modifies registers" to cover more registers. - Added patch "KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}". - Link to v1: https://lore.kernel.org/r/20250302-pmc-v1-1-caff989093dc@daynix.com --- Akihiko Odaki (6): KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR} KVM: arm64: PMU: Assume PMU presence in pmu-emul.c KVM: arm64: PMU: Fix SET_ONE_REG for vPMC regs KVM: arm64: PMU: Reload when user modifies registers KVM: arm64: PMU: Call kvm_pmu_handle_pmcr() after masking PMCNTENSET_EL0 KVM: arm64: Reload PMCNTENSET_EL0 arch/arm64/kvm/arm.c | 8 ++++--- arch/arm64/kvm/guest.c | 12 +++++++++++ arch/arm64/kvm/pmu-emul.c | 54 ++++++++++++++++------------------------------- arch/arm64/kvm/sys_regs.c | 53 ++++++++++++++++++++++++++-------------------- include/kvm/arm_pmu.h | 1 + 5 files changed, 66 insertions(+), 62 deletions(-) --- base-commit: da2f480cb24d39d480b1e235eda0dd2d01f8765b change-id: 20250302-pmc-b90a86af945c Best regards, -- Akihiko Odaki <akihiko.odaki(a)daynix.com>

6 months, 1 week

1
1
0 0

[PATCH] usb: typec: tcpm: fix state transition for SNK_WAIT_CAPABILITIES state in run_state_machine()

by Amit Sunil Dhamne via B4 Relay

From: Amit Sunil Dhamne <amitsd(a)google.com> A subtle error got introduced while manually fixing merge conflict in tcpm.c for commit 85c4efbe6088 ("Merge v6.12-rc6 into usb-next"). As a result of this error, the next state is unconditionally set to SNK_WAIT_CAPABILITIES_TIMEOUT while handling SNK_WAIT_CAPABILITIES state in run_state_machine(...). Fix this by setting new state of TCPM state machine to `upcoming_state` (that is set to different values based on conditions). Cc: stable(a)vger.kernel.org Fixes: 85c4efbe60888 ("Merge v6.12-rc6 into usb-next") Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 47be450d2be352698e9dee2e283664cd4db8081b..758933d4ac9e4e55d45940b068f3c416e7e51ee8 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5117,16 +5117,16 @@ static void run_state_machine(struct tcpm_port *port) */ if (port->vbus_never_low) { port->vbus_never_low = false; - tcpm_set_state(port, SNK_SOFT_RESET, - port->timings.sink_wait_cap_time); + upcoming_state = SNK_SOFT_RESET; } else { if (!port->self_powered) upcoming_state = SNK_WAIT_CAPABILITIES_TIMEOUT; else upcoming_state = hard_reset_state(port); - tcpm_set_state(port, SNK_WAIT_CAPABILITIES_TIMEOUT, - port->timings.sink_wait_cap_time); } + + tcpm_set_state(port, upcoming_state, + port->timings.sink_wait_cap_time); break; case SNK_WAIT_CAPABILITIES_TIMEOUT: /* --- base-commit: 5c8c229261f14159b54b9a32f12e5fa89d88b905 change-id: 20250310-fix-snk-wait-timeout-v6-14-rc6-7b4d9fb9bc99 Best regards, -- Amit Sunil Dhamne <amitsd(a)google.com>

6 months, 1 week

2
1
0 0

[PATCH v3 0/7] drm/v3d: Fix GPU reset issues on the Raspberry Pi 5

by Maíra Canal

This series addresses GPU reset issues reported in [1], where running a long compute job would trigger repeated GPU resets, leading to a UI freeze. Patches #1 and #2 prevent the same faulty job from being resubmitted in a loop, mitigating the first cause of the issue. However, the issue isn't entirely solved. Even with only a single GPU reset, the UI still freezes on the Raspberry Pi 5, indicating a GPU hang. Patches #3 to #6 address this by properly configuring the V3D_SMS registers, which are required for power management and resets in V3D 7.1. Patch #7 updates the DT maintainership, replacing Emma with the current v3d driver maintainer. [1] https://github.com/raspberrypi/linux/issues/6660 Best Regards, - Maíra --- v1 -> v2: - [1/6, 2/6, 5/6] Add Iago's R-b (Iago Toral) - [3/6] Use V3D_GEN_* macros consistently throughout the driver (Phil Elwell) - [3/6] Don't add Iago's R-b in 3/6 due to changes in the patch - [4/6] Add per-compatible restrictions to enforce per‐SoC register rules (Conor Dooley) - [6/6] Add Emma's A-b, collected through IRC (Emma Anholt) - [6/6] Add Rob's A-b (Rob Herring) - Link to v1: https://lore.kernel.org/r/20250226-v3d-gpu-reset-fixes-v1-0-83a969fdd9c1@ig… v2 -> v3: - [3/7] Add Iago's R-b (Iago Toral) - [4/7, 5/7] Separate the patches to ease the reviewing process -> Now, PATCH 4/7 only adds the per-compatible rules and PATCH 5/7 adds the SMS registers - [4/7] `allOf` goes above `additionalProperties` (Krzysztof Kozlowski) - [4/7, 5/7] Sync `reg` and `reg-names` items (Krzysztof Kozlowski) - Link to v2: https://lore.kernel.org/r/20250308-v3d-gpu-reset-fixes-v2-0-2939c30f0cc4@ig… --- Maíra Canal (7): drm/v3d: Don't run jobs that have errors flagged in its fence drm/v3d: Set job pointer to NULL when the job's fence has an error drm/v3d: Associate a V3D tech revision to all supported devices dt-bindings: gpu: v3d: Add per-compatible register restrictions dt-bindings: gpu: v3d: Add SMS register to BCM2712 compatible drm/v3d: Use V3D_SMS registers for power on/off and reset on V3D 7.x dt-bindings: gpu: Add V3D driver maintainer as DT maintainer .../devicetree/bindings/gpu/brcm,bcm-v3d.yaml | 77 +++++++++++-- drivers/gpu/drm/v3d/v3d_debugfs.c | 126 ++++++++++----------- drivers/gpu/drm/v3d/v3d_drv.c | 62 +++++++++- drivers/gpu/drm/v3d/v3d_drv.h | 22 +++- drivers/gpu/drm/v3d/v3d_gem.c | 27 ++++- drivers/gpu/drm/v3d/v3d_irq.c | 6 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 4 +- drivers/gpu/drm/v3d/v3d_regs.h | 26 +++++ drivers/gpu/drm/v3d/v3d_sched.c | 29 ++++- 9 files changed, 281 insertions(+), 98 deletions(-) --- base-commit: 9e75b6ef407fee5d4ed8021cd7ddd9d6a8f7b0e8 change-id: 20250224-v3d-gpu-reset-fixes-2d21fc70711d

6 months, 1 week

2
2
0 0

[PATCH v5 01/16] x86/stackprotector: Work around strict Clang TLS symbol requirements

by Brian Gerst

From: Ard Biesheuvel <ardb(a)kernel.org> GCC and Clang both implement stack protector support based on Thread Local Storage (TLS) variables, and this is used in the kernel to implement per-task stack cookies, by copying a task's stack cookie into a per-CPU variable every time it is scheduled in. Both now also implement -mstack-protector-guard-symbol=, which permits the TLS variable to be specified directly. This is useful because it will allow us to move away from using a fixed offset of 40 bytes into the per-CPU area on x86_64, which requires a lot of special handling in the per-CPU code and the runtime relocation code. However, while GCC is rather lax in its implementation of this command line option, Clang actually requires that the provided symbol name refers to a TLS variable (i.e., one declared with __thread), although it also permits the variable to be undeclared entirely, in which case it will use an implicit declaration of the right type. The upshot of this is that Clang will emit the correct references to the stack cookie variable in most cases, e.g., 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax 10f: R_386_32 __stack_chk_guard However, if a non-TLS definition of the symbol in question is visible in the same compilation unit (which amounts to the whole of vmlinux if LTO is enabled), it will drop the per-CPU prefix and emit a load from a bogus address. Work around this by using a symbol name that never occurs in C code, and emit it as an alias in the linker script. Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") Cc: <stable(a)vger.kernel.org> Cc: Fangrui Song <i(a)maskray.me> Cc: Uros Bizjak <ubizjak(a)gmail.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Andy Lutomirski <luto(a)kernel.org> Link: https://github.com/ClangBuiltLinux/linux/issues/1854 Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Brian Gerst <brgerst(a)gmail.com> --- arch/x86/Makefile | 5 +++-- arch/x86/entry/entry.S | 16 ++++++++++++++++ arch/x86/include/asm/asm-prototypes.h | 3 +++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/kernel/vmlinux.lds.S | 3 +++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index cd75e78a06c1..5b773b34768d 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -142,9 +142,10 @@ ifeq ($(CONFIG_X86_32),y) ifeq ($(CONFIG_STACKPROTECTOR),y) ifeq ($(CONFIG_SMP),y) - KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard + KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ + -mstack-protector-guard-symbol=__ref_stack_chk_guard else - KBUILD_CFLAGS += -mstack-protector-guard=global + KBUILD_CFLAGS += -mstack-protector-guard=global endif endif else diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S index 324686bca368..b7ea3e8e9ecc 100644 --- a/arch/x86/entry/entry.S +++ b/arch/x86/entry/entry.S @@ -51,3 +51,19 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); .popsection THUNK warn_thunk_thunk, __warn_thunk + +#ifndef CONFIG_X86_64 +/* + * Clang's implementation of TLS stack cookies requires the variable in + * question to be a TLS variable. If the variable happens to be defined as an + * ordinary variable with external linkage in the same compilation unit (which + * amounts to the whole of vmlinux with LTO enabled), Clang will drop the + * segment register prefix from the references, resulting in broken code. Work + * around this by avoiding the symbol used in -mstack-protector-guard-symbol= + * entirely in the C code, and use an alias emitted by the linker script + * instead. + */ +#ifdef CONFIG_STACKPROTECTOR +EXPORT_SYMBOL(__ref_stack_chk_guard); +#endif +#endif diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 25466c4d2134..3674006e3974 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -20,3 +20,6 @@ extern void cmpxchg8b_emu(void); #endif +#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR) +extern unsigned long __ref_stack_chk_guard; +#endif diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8f41ab219cf1..9d42bd15e06c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2091,8 +2091,10 @@ void syscall_init(void) #ifdef CONFIG_STACKPROTECTOR DEFINE_PER_CPU(unsigned long, __stack_chk_guard); +#ifndef CONFIG_SMP EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif +#endif #endif /* CONFIG_X86_64 */ diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 410546bacc0f..d61c3584f3e6 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -468,6 +468,9 @@ SECTIONS . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE), "kernel image bigger than KERNEL_IMAGE_SIZE"); +/* needed for Clang - see arch/x86/entry/entry.S */ +PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); + #ifdef CONFIG_X86_64 /* * Per-cpu symbols which need to be offset from __per_cpu_load -- 2.47.0

6 months, 1 week

6
26
0 0

[PATCH 5.10 1/1] ASoC: ops: Check for negative values before reading them

by d.privalov

From: Mark Brown <broonie(a)kernel.org> commit 1601033da2dd2052e0489137f7788a46a8fcd82f upstream. The controls allow inputs to be specified as negative but our manipulating them into register fields need to be done on unsigned variables so the checks for negative numbers weren't taking effect properly. Do the checks for negative values on the variable in the ABI struct rather than on our local unsigned copy. Signed-off-by: Mark Brown <broonie(a)kernel.org> Link: https://lore.kernel.org/r/20220128192443.3504823-1-broonie@kernel.org Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- sound/soc/soc-ops.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c index a83cd8d8a9633..a1087dfee532d 100644 --- a/sound/soc/soc-ops.c +++ b/sound/soc/soc-ops.c @@ -316,26 +316,26 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol, if (sign_bit) mask = BIT(sign_bit + 1) - 1; + if (ucontrol->value.integer.value[0] < 0) + return -EINVAL; val = ucontrol->value.integer.value[0]; if (mc->platform_max && ((int)val + min) > mc->platform_max) return -EINVAL; if (val > max - min) return -EINVAL; - if (val < 0) - return -EINVAL; val = (val + min) & mask; if (invert) val = max - val; val_mask = mask << shift; val = val << shift; if (snd_soc_volsw_is_stereo(mc)) { + if (ucontrol->value.integer.value[1] < 0) + return -EINVAL; val2 = ucontrol->value.integer.value[1]; if (mc->platform_max && ((int)val2 + min) > mc->platform_max) return -EINVAL; if (val2 > max - min) return -EINVAL; - if (val2 < 0) - return -EINVAL; val2 = (val2 + min) & mask; if (invert) val2 = max - val2; @@ -429,13 +429,13 @@ int snd_soc_put_volsw_sx(struct snd_kcontrol *kcontrol, int err = 0; unsigned int val, val_mask, val2 = 0; + if (ucontrol->value.integer.value[0] < 0) + return -EINVAL; val = ucontrol->value.integer.value[0]; if (mc->platform_max && val > mc->platform_max) return -EINVAL; if (val > max) return -EINVAL; - if (val < 0) - return -EINVAL; val_mask = mask << shift; val = (val + min) & mask; val = val << shift; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH 6.13 000/443] 6.13.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.3 release. There are 443 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Feb 2025 14:23:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.3-rc1 Miklos Szeredi <mszeredi(a)redhat.com> fs: fix adding security options to statmount.mnt_opt Jeff Layton <jlayton(a)kernel.org> fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Revert "drm/amd/display: Fix green screen issue after suspend" Bart Van Assche <bvanassche(a)acm.org> md: Fix linear_set_limits() Dan Carpenter <dan.carpenter(a)linaro.org> md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add() Peter Zijlstra <peterz(a)infradead.org> x86/mm: Convert unreachable() to BUG() Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families WangYuli <wangyuli(a)uniontech.com> MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static Heiko Carstens <hca(a)linux.ibm.com> s390/fpu: Add fpc exception handler / remove fixup section again Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix off-by-one root mis-connection Miklos Szeredi <mszeredi(a)redhat.com> statmount: let unset strings be empty Michal Simek <michal.simek(a)amd.com> rtc: zynqmp: Fix optional clock name property Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Thomas Weißschuh <linux(a)weissschuh.net> ptp: Ensure info->enable callback is always set Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Stop timerlat tracer on signal Tomas Glozar <tglozar(a)redhat.com> rtla: Add trace_instance_stop Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/osnoise: Distinguish missing workload option Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Fix resetting of tracepoints Jan Kiszka <jan.kiszka(a)siemens.com> scripts/gdb: fix aarch64 userspace detection in get_current_task Wei Yang <richard.weiyang(a)gmail.com> maple_tree: simplify split calculation Milos Reljin <milos_reljin(a)outlook.com> net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset Paul Fertser <fercerpav(a)gmail.com> net/ncsi: wait for the last response to Deselect Package before configuring channel Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix copy buffer page size Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix registered buffer page address Anandu Krishnan E <quic_anane(a)quicinc.com> misc: fastrpc: Deregister device nodes properly in error scenarios Vimal Agrawal <vimal.agrawal(a)sophos.com> misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Ivan Stepchenko <sid(a)itb.spb.ru> mtd: onenand: Fix uninitialized retlen in do_otp_read() Nick Chan <towinchenmi(a)gmail.com> irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix missing 'ret' assignment in set_speed() Steven Rostedt <rostedt(a)goodmis.org> fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT Dan Carpenter <dan.carpenter(a)linaro.org> NFC: nci: Add bounds checking in nci_hci_create_pipe() Uros Bizjak <ubizjak(a)gmail.com> mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe() Pekka Pessi <ppessi(a)nvidia.com> mailbox: tegra-hsp: Clear mailbox before using message Chuck Lever <chuck.lever(a)oracle.com> NFSD: Encode COMPOUND operation status on page boundaries Dragan Simic <dsimic(a)manjaro.org> nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> nilfs2: fix possible int overflows in nilfs_fiemap() Matthew Wilcox (Oracle) <willy(a)infradead.org> ocfs2: handle a symlink read error correctly Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix incorrect CPU endianness conversion causing mount failure Mike Snitzer <snitzer(a)kernel.org> pnfs/flexfiles: retry getting layout segment for reads Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: -f: no reconnect Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: check the bounds of read/write syscalls Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't retry connect operation on EPOLLERR Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix multishots with selected buffers Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: set word length to 1 Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix reading from non zero offset Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: fix MAC address byte order Sascha Hauer <s.hauer(a)pengutronix.de> nvmem: imx-ocotp-ele: simplify read beyond device check Jennifer Berringer <jberring(a)redhat.com> nvmem: core: improve range check for nvmem_cell_write() Luca Weiss <luca.weiss(a)fairphone.com> nvmem: qcom-spmi-sdam: Set size in struct nvmem_config Antoine Viallon <antoine(a)lesviallon.fr> ceph: fix memory leak in ceph_mds_auth_match() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - unregister previously registered algos in error path Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> crypto: qce - fix goto jump in error path Stefan Eichenberger <eichest(a)gmail.com> irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data Niklas Cassel <cassel(a)kernel.org> ata: libata-sff: Ensure that we cannot write outside the allocated buffer Daniel Baumann <daniel(a)debian.org> ata: libata-core: Add ATA_QUIRK_NOLPM for Samsung SSD 870 QVO drives Liu Shixin <liushixin2(a)huawei.com> mm/compaction: fix UBSAN shift-out-of-bounds warning Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> mm/hugetlb: fix hugepage allocation for interleaved memory nodes Li Zhijian <lizhijian(a)fujitsu.com> mm/vmscan: accumulate nr_demoted for accurate demotion statistics Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: gup: fix infinite loop within __get_longterm_locked Catalin Marinas <catalin.marinas(a)arm.com> mm: kmemleak: fix upper boundary check for physical address objects Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove redundant NULL assignment Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Support partial control reads Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix event flags in uvc_ctrl_send_events Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 VC map Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix use of non-existing registers on UB9702 Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() Mehdi Djait <mehdi.djait(a)linux.intel.com> media: ccs: Fix cleanup order in ccs_probe() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Fix CCS static data parsing for large block sizes Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: destroy hfi session after m2m_ctx release Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value Sam Bobrowicz <sam(a)elite-embedded.com> media: ov5640: fix get_light_freq on auto Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: remove cpu latency qos request on error Naushir Patuck <naush(a)raspberrypi.com> media: imx296: Add standby delay during probe Zhen Lei <thunder.leizhen(a)huawei.com> media: nuvoton: Fix an error check in npcm_video_ece_init() Cosmin Tanislav <demonsingur(a)gmail.com> media: mc: fix endpoint iteration Sakari Ailus <sakari.ailus(a)linux.intel.com> media: Documentation: tx-rx: Fix formatting Lubomir Rintel <lkundrak(a)v3.sk> media: mmp: Bring back registration of the device Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: qcom: smem_state: fix missing of_node_put in error path Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic() Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Use a separate spinlock to protect fault->deliver list Nicolin Chen <nicolinc(a)nvidia.com> iommufd/fault: Destroy response and mutex in iommufd_fault_destroy() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: as73211: fix channel handling in only-color triggered buffer Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-hs: clear reset status flag Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-common: fix ad3541/2r ranges Dan Carpenter <dan.carpenter(a)linaro.org> iio: chemical: bme680: Fix uninitialized variable in __bme680_read_raw() Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix avoid_reserve to allow taking folio from subpool Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ccs: Clean up parsed CCS static data on parse failure Marco Elver <elver(a)google.com> kfence: skip __GFP_THISNODE allocations on NUMA systems Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix struct iommu_hwpt_pgfault init and padding Easwar Hariharan <eahariha(a)linux.microsoft.com> jiffies: Cast to unsigned long in secs_to_jiffies() conversion Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Gabriele Monaco <gmonaco(a)redhat.com> rv: Reset per-task monitors also for idle tasks Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Aubrey Li <aubrey.li(a)linux.intel.com> ACPI: PRM: Remove unnecessary strict handler address checks Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in recovery/reset Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix error handling in ivpu_boot() Wentao Liang <vulab(a)iscas.ac.cn> xfs: Add error handling for xfs_reflink_cancel_cow_range Wentao Liang <vulab(a)iscas.ac.cn> xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end Christoph Hellwig <hch(a)lst.de> xfs: don't call remap_verify_area with sb write protection held Conor Dooley <conor.dooley(a)microchip.com> pwm: microchip-core: fix incorrect comparison with max period Helge Deller <deller(a)kernel.org> parisc: Temporarily disable jump label support Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Disable Tegra234 sce-fabric node Sumit Gupta <sumitg(a)nvidia.com> arm64: tegra: Fix typo in Tegra234 dce-fabric compatible Eric Biggers <ebiggers(a)google.com> crypto: qce - fix priority to be less than ARMv8 CE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct MDSS interconnects Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct MDSS interconnects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8350: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix MPSS memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix CDSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6375: Fix ADSP memory length Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix uart1 interconnect path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6350: Fix ADSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6115: Fix MPSS memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100: Fix ADSP memory base and length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdx75: Fix MPSS memory length Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DPI display output by default Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: ti/omap: gta04: fix pm issues caused by spi module Romain Naour <romain.naour(a)skf.com> ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus Denis Arefev <arefev(a)swemel.ru> ubi: Add a check for ubi_num Nathan Chancellor <nathan(a)kernel.org> x86/boot: Use '-std=gnu11' to fix build with GCC 15 Zhang Rui <rui.zhang(a)intel.com> x86/acpi: Fix LAPIC/x2APIC parsing order Alice Ryhl <aliceryhl(a)google.com> x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0 Miguel Ojeda <ojeda(a)kernel.org> rust: init: use explicit ABI to clean warning in future compilers Christian Brauner <brauner(a)kernel.org> pidfs: improve ioctl handling Christian Brauner <brauner(a)kernel.org> pidfs: check for valid ioctl commands Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-enum-conversion to W=2 Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Long Li <longli(a)microsoft.com> scsi: storvsc: Set correct data length for sending SCSI command without payload André Draszik <andre.draszik(a)linaro.org> scsi: ufs: core: Fix use-after free in init error and remove paths Eric Biggers <ebiggers(a)google.com> scsi: ufs: qcom: Fix crypto key eviction Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Move FCE Trace buffer allocation to user control Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't set pos_unknown just after device recognition Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() Werner Sembach <wse(a)tuxedocomputers.com> PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix SR-IOV for PFs initially in standby Brad Griffis <bgriffis(a)nvidia.com> arm64: tegra: Fix Tegra234 PCIe interrupt-map Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Kuan-Wei Chiu <visitorckw(a)gmail.com> ALSA: hda: Fix headset detection failure due to unstable sort Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix quirk matching for Legion Pro 7 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo C6400 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Revert "media: uvcvideo: Require entities to have a non-zero unique ID" Jens Axboe <axboe(a)kernel.dk> block: don't revert iter for -EIOCBQUEUED Xi Ruoyao <xry111(a)xry111.site> Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT" Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: pci-legacy: Override pci_address_to_pio Mateusz Jończyk <mat.jonczyk(a)o2.pl> mips/math-emu: fix emulation of the prefx instruction Hou Tao <houtao1(a)huawei.com> dm-crypt: track tag_offset in convert_context Hou Tao <houtao1(a)huawei.com> dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/pseries/eeh: Fix get PE state translation Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Extend the maximum number of watchpoints Kexy Biscuit <kexybiscuit(a)aosc.io> MIPS: Loongson64: remove ROM Size unit in boardinfo Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Drop __initdata macro for port_cfg Stephan Gerhold <stephan.gerhold(a)linaro.org> soc: qcom: socinfo: Avoid out of bounds read of serial number Mario Limonciello <mario.limonciello(a)amd.com> ASoC: acp: Support microphone from Lenovo Go S Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Terminate all the DMA transactions Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: Fix USB QMP PHY supplies Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: document scope of NCM implementation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix DPE OoB read Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: break up NCM header size computation Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: refactor NCM datagram loop Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: check that DPE points past NCM header Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: use static NDP16 location in URB Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix possible overflow in DPE length check Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't prepare BOT write request twice Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Decrement command ref count on cleanup Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Translate error to sense Vasily Khoruzhick <anarsoul(a)gmail.com> wifi: rtw88: 8703b: Fix RX/TX issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 Fiona Klute <fiona.klute(a)gmx.de> wifi: rtw88: sdio: Fix disconnection after beacon loss Nick Morrow <usbwifi2024(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8821ae: Fix media status report Steven Rostedt <rostedt(a)goodmis.org> atomic64: Use arch_spin_locks instead of raw_spin_locks Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() Heiko Stuebner <heiko(a)sntech.de> HID: hid-sensor-hub: don't use stale platform-data on remove Peng Fan <peng.fan(a)nxp.com> Input: bbnsm_pwrkey - add remove hook Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Warn for missing static reserved memory regions Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Fix using wrong number of cells to get property 'alignment' Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix of_find_node_opts_by_path() handling of alias+path+options Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Fix empty resource handling in __of_address_resource_bounds() Zijun Hu <quic_zijuhu(a)quicinc.com> of: Correct child specifier used as input of the 2nd nexus node Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions Kuan-Wei Chiu <visitorckw(a)gmail.com> perf bench: Fix undefined behavior in cmpworker() Dave Young <dyoung(a)redhat.com> x86/efi: skip memattr table on kexec boot Nathan Chancellor <nathan(a)kernel.org> efi: libstub: Use '-std=gnu11' to fix build with GCC 15 Zijun Hu <quic_zijuhu(a)quicinc.com> blk-cgroup: Fix class @block_class's subsystem refcount leakage Eyal Birger <eyal.birger(a)gmail.com> seccomp: passthrough uretprobe systemcall without filtering Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-mm: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe Anastasia Belova <abelova(a)astralinux.ru> clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add missing parent_map for a clock Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add missing parent_map for two clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix alpha mode configuration Binbin Zhou <zhoubinbin(a)loongson.cn> clk: clk-loongson2: Fix the number count of clk provider Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: i2c: ds90ub960: Fix UB9702 refclk register access Lubomir Rintel <lkundrak(a)v3.sk> clk: mmp2: call pm_genpd_init() only after genpd.name is set Cody Eksal <masterr3c0rd(a)epochal.quest> clk: sunxi-ng: a100: enable MMC clock reparenting Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - fix crash when enabling pass-through port David Gstir <david(a)sigma-star.at> KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection Fedor Pchelkin <pchelkin(a)ispras.ru> Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix and re-enable xe_print_blob_ascii85() Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Fix seamless boot sequence Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes Jani Nikula <jani.nikula(a)intel.com> drm/i915/dp: Iterate DSC BPP from high to low on all platforms Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/devcoredump: Move exec queue snapshot to Contexts section Haoxiang Li <haoxiang_li2024(a)163.com> drm/komeda: Add check for komeda_get_layer_fourcc_list() Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: astdp: Fix timeout for enabling video signal Brian Geffon <bgeffon(a)google.com> drm/i915: Fix page cleanup on DMA remap failure Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/guc: Debug print LRC state entries only if the context is pinned Tom Chung <chiahsuan.chung(a)amd.com> Revert "drm/amd/display: Use HW lock mgr for PSR1" Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1 Prike Liang <Prike.Liang(a)amd.com> drm/amdkfd: only flush the validate MES contex Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/amdgpu: change the config of cgcg on gfx12 Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Mark MM activity as unsupported Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Optimize cursor position updates Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: fix integer overflows on 32 bit systems David Hildenbrand <david(a)redhat.com> KVM: s390: vsie: fix some corner-cases when grabbing vsie pages Keith Busch <kbusch(a)kernel.org> kvm: defer huge page recovery vhost task to later Sean Christopherson <seanjc(a)google.com> KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Robin Murphy <robin.murphy(a)arm.com> remoteproc: omap: Handle ARM dma_iommu_mapping Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma Thomas Zimmermann <tzimmermann(a)suse.de> drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() Marc Zyngier <maz(a)kernel.org> KVM: arm64: timer: Always evaluate the need for a soft timer Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled Mark Brown <broonie(a)kernel.org> arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() Ard Biesheuvel <ardb(a)kernel.org> arm64/mm: Override PARange for !LPA2 and use it consistently Ard Biesheuvel <ardb(a)kernel.org> arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix Qemu crash when running in passthrough Xu Yang <xu.yang_2(a)nxp.com> perf: imx9_perf: Introduce AXI filter version to refactor the driver and better extension Dan Carpenter <dan.carpenter(a)linaro.org> binfmt_flat: Fix integer overflow bug on 32 bit systems Ming Lei <tom.leiming(a)gmail.com> block: mark GFP_NOIO around sysfs ->store() Nam Cao <namcao(a)linutronix.de> fs/proc: do_task_stat: Fix ESP not readable during coredump Thomas Zimmermann <tzimmermann(a)suse.de> m68k: vga: Fix I/O defines Marc Zyngier <maz(a)kernel.org> arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented Heiko Carstens <hca(a)linux.ibm.com> s390/futex: Fix FUTEX_OP_ANDN implementation Yu Kuai <yukuai3(a)huawei.com> md: reintroduce md-linear Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: change lease epoch type from unsigned int to __u16 Ruben Devos <devosruben6(a)gmail.com> smb: client: fix order of arguments of tracepoints Maarten Lankhorst <dev(a)lankhorst.se> drm/client: Handle tiled displays better Maarten Lankhorst <dev(a)lankhorst.se> drm/modeset: Handle tiled displays in pan_display_atomic. Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create SFU call Sebastian Wiese-Wagner <seb(a)fastmail.to> ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx Alexander Sverdlin <alexander.sverdlin(a)siemens.com> leds: lp8860: Write full EEPROM, not only half of it Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: s3c64xx: Fix compilation warning Andreas Kemnade <andreas(a)kemnade.info> cpufreq: fix using cpufreq-dt as module Robin Murphy <robin.murphy(a)arm.com> PCI/TPH: Restore TPH Requester Enable correctly David Howells <dhowells(a)redhat.com> rxrpc: Fix call state set to not include the SERVER_SECURING state Ido Schimmel <idosch(a)nvidia.com> net: sched: Fix truncation of offloaded action statistics Willem de Bruijn <willemb(a)google.com> tun: revert fix group permission check Cong Wang <cong.wang(a)bytedance.com> netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() Juergen Gross <jgross(a)suse.com> x86/xen: add FRAME_END to xen_hypercall_hvm() Juergen Gross <jgross(a)suse.com> x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Geert Uytterhoeven <geert+renesas(a)glider.be> gpio: GPIO_GRGPIO should depend on OF Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: sim: lock hog configfs items if present Eric Dumazet <edumazet(a)google.com> net: rose: lock the socket in rose_bind() Jacob Moroni <mail(a)jakemoroni.com> net: atlantic: fix warning during hot unplug Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> gpio: pca953x: Improve interrupt support David Howells <dhowells(a)redhat.com> rxrpc: Fix the rxrpc_connection attend queue handling Jakub Kicinski <kuba(a)kernel.org> selftests: drv-net: rss_ctx: add missing cleanup in queue reconfigure Jakub Kicinski <kuba(a)kernel.org> ethtool: ntuple: fix rss + ring_cookie check Jakub Kicinski <kuba(a)kernel.org> ethtool: rss: fix hiding unsupported fields in dumps Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Fix migration initialization Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Preserve oa_ctrl unused bits Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: fix the Adaptive sync Operation mode for SDP Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Fix Repeater authentication during topology change Yan Zhai <yan(a)cloudflare.com> udp: gso: do not drop small packets when PMTU reduces Lenny Szubowicz <lszubowi(a)redhat.com> tg3: Disable tg3 PCIe AER on system reboot Sankararaman Jayaraman <sankararaman.jayaraman(a)broadcom.com> vmxnet3: Fix tx queue race condition with XDP Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ice: Add check for devm_kzalloc() Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN Daniel Wagner <wagi(a)kernel.org> nvme-fc: use ctrl state getter Keith Busch <kbusch(a)kernel.org> nvme: make nvme_tls_attrs_group static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: put Rx buffers after being done with current frame Hans Verkuil <hverkuil(a)xs4all.nl> gpu: drm_dp_cec: fix broken CEC adapter properties check Prasad Pandit <pjp(a)fedoraproject.org> firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a memory leak in controller identify Daniel Wagner <wagi(a)kernel.org> nvme: handle connectivity loss in nvme_set_queue_count K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue Hans de Goede <hdegoede(a)redhat.com> platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL Günther Noack <gnoack(a)google.com> tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN Sean Anderson <sean.anderson(a)linux.dev> tty: xilinx_uartps: split sysrq handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore AC events Hridesh MG <hridesh699(a)gmail.com> platform/x86: acer-wmi: add support for Acer Nitro AN515-58 Illia Ostapyshyn <illia(a)yshyn.com> Input: allocate keycode for phone linking Yu-Chun Lin <eleanor15x(a)gmail.com> ASoC: amd: Add ACPI dependency to fix build error Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer Predator PH16-72 Kees Bakker <kees(a)ijzerbout.nl> iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Add support for Acer PH14-51 Hans de Goede <hdegoede(a)redhat.com> platform/x86: int3472: Check for adev == NULL Robin Murphy <robin.murphy(a)arm.com> iommu/arm-smmu-v3: Clean up more on probe failure Richard Acayan <mailingradian(a)gmail.com> iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7 David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Allocate PGD for x86_64 transition page tables separately Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Improve verifier log for resource leak on exit Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path Liu Ye <liuye(a)kylinos.cn> selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() Dan Carpenter <dan.carpenter(a)linaro.org> tipc: re-order conditions in tipc_crypto_key_rcv() Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: update tx/rx stats locally for persistence Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: update tx/rx stats locally for persistence Yuanjie Yang <quic_yuanjiey(a)quicinc.com> mmc: sdhci-msm: Correctly set the load for the regulator Luke D. Jones <luke(a)ljones.dev> HID: hid-asus: Disable OOBE mode on the ProArt P16 Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> net: wwan: iosm: Fix hibernation by re-binding the driver around it Mazin Al Haddad <mazin(a)getstate.dev> Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925 Andrew Halaney <ajhalaney(a)gmail.com> Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922 Mark Dietzer <git(a)doridian.net> Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x Borislav Petkov <bp(a)alien8.de> APEI: GHES: Have GHES honor the panic= setting Randolph Ha <rha051117(a)gmail.com> i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: avoid memory leak Somashekhar(Som) <somashekhar.puttagangaiah(a)intel.com> wifi: iwlwifi: pcie: Add support for new device ids Stefan Dösinger <stefan(a)codeweavers.com> wifi: brcmfmac: Check the return value of of_property_read_string_index() Andre Przywara <andre.przywara(a)arm.com> Revert "mfd: axp20x: Allow multiple regulators" Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net/mlx5: use do_aux_work for PHC overflow checks Even Xu <even.xu(a)intel.com> HID: Wacom: Add PCI Wacom device support Youwan Wang <youwan(a)nfschina.com> HID: multitouch: Add quirk for Hantick 5288 touchpad Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, num_of_rules counter on matcher should be atomic Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, change error flow on matcher disconnect Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: Make GCC_8150 depend on QCOM_GDSC Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: add __packed attribute to efuse layout struct Hans de Goede <hdegoede(a)redhat.com> mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: don't emit warning in tomoyo_write_control() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com> mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G Shawn Lin <shawn.lin(a)rock-chips.com> mmc: core: Respect quirk_max_rate for non-UHS SDIO card Stas Sergeev <stsp2(a)yandex.ru> tun: fix group permission check Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: add crystal_cap check to avoid setting as overflow value Kalle Valo <quic_kvalo(a)quicinc.com> wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' Karol Przybylski <karprzy7(a)gmail.com> wifi: ath12k: Fix for out-of bound access error Jeongjun Park <aha310510(a)gmail.com> ring-buffer: Make reading page consistent with the code logic Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Limit Scaling Ratio on DCN3.01 Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang Leo Stone <leocstone(a)gmail.com> safesetid: check size of policy writes Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS KSV list wait timer Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP CTS compare V matching Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP encryption when R0 ready Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP Bstatus check Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Queue interrupt work to different CPU Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/vc4: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/sti: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/radeon: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/exynos: hdmi: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/amd/display: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/bridge: anx7625: use eld_mutex to protect access to connector->eld Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/connector: add mutex to protect ELD from concurrent access Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: filter out too wide modes if no 3dmux is present Kuan-Wei Chiu <visitorckw(a)gmail.com> printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Overwriting dualDPP UBF values before usage Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Populate chroma prefetch parameters, DET buffer fix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: return meaningful value from set_connector_edid() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/tests: hdmi: handle empty modes in find_preferred_mode() Zhi Wang <zhiw(a)nvidia.com> nvkm: correctly calculate the available space of the GSP cmdq buffer Zhi Wang <zhiw(a)nvidia.com> nvkm/gsp: correctly advance the read pointer of GSP message queue Dustin L. Howett <dustin(a)howett.net> drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels Thomas Weißschuh <linux(a)weissschuh.net> drm: panel-backlight-quirks: Add Framework 13 matte panel Thomas Weißschuh <linux(a)weissschuh.net> drm/amd/display: Add support for minimum backlight quirk Thomas Weißschuh <linux(a)weissschuh.net> drm: Add panel backlight quirks Dongwon Kim <dongwon.kim(a)intel.com> drm/virtio: New fence for every plane update Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Restrict init function to AMD-based systems Carlos Llamas <cmllamas(a)google.com> lockdep: Fix upper limit for LOCKDEP_*_BITS configs Thorsten Blum <thorsten.blum(a)linux.dev> locking/ww_mutex/test: Use swap() macro Peter Zijlstra <peterz(a)infradead.org> x86: Convert unreachable() to BUG() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Check bandwidth overflow earlier for hotplug Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Correctly account for allocated bandwidth during hotplug Suleiman Souhlal <suleiman(a)google.com> sched: Don't try to catch up excess steal time. Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Josef Bacik <josef(a)toxicpanda.com> btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling Hao-ran Zheng <zhenghaoran154(a)gmail.com> btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() Sven Schnelle <svens(a)linux.ibm.com> s390/stackleak: Use exrl instead of ex in __stackleak_poison() Kees Cook <kees(a)kernel.org> exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Ensure adequate HUGE_MAX_HSTATE Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when attempting to join an aborted transaction Qu Wenruo <wqu(a)suse.com> btrfs: do not output error message if a qgroup has been already cleaned up Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion failure when splitting ordered extent after transaction abort Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat while merging a relocation root Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI ------------- Diffstat: Documentation/arch/arm64/elf_hwcaps.rst | 39 +- Documentation/driver-api/media/tx-rx.rst | 2 +- Documentation/gpu/drm-kms-helpers.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 + arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 - arch/arm64/boot/dts/mediatek/mt8183-pumpkin.dts | 4 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 2 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 6 +- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 6 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 10 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 492 ++++++++++----------- arch/arm64/boot/dts/qcom/sm8450.dtsi | 216 ++++----- arch/arm64/boot/dts/qcom/sm8550.dtsi | 271 ++++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 305 +++++++------ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 4 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 6 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 4 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 280 ++++++------ arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 2 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 6 - arch/arm64/include/asm/pgtable-prot.h | 7 + arch/arm64/include/asm/sparsemem.h | 5 +- arch/arm64/kernel/cpufeature.c | 55 +-- arch/arm64/kernel/cpuinfo.c | 10 + arch/arm64/kernel/pi/idreg-override.c | 9 + arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kvm/arch_timer.c | 4 +- arch/arm64/kvm/arm.c | 8 +- arch/arm64/mm/hugetlbpage.c | 12 + arch/arm64/mm/init.c | 7 +- arch/loongarch/include/uapi/asm/ptrace.h | 10 + arch/loongarch/kernel/ptrace.c | 6 +- arch/m68k/include/asm/vga.h | 8 +- arch/mips/Kconfig | 1 - arch/mips/kernel/ftrace.c | 2 +- arch/mips/loongson64/boardinfo.c | 2 - arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/pci/pci-legacy.c | 8 + arch/parisc/Kconfig | 4 +- arch/powerpc/platforms/pseries/eeh_pseries.c | 6 +- arch/s390/include/asm/asm-extable.h | 4 + arch/s390/include/asm/fpu-insn.h | 17 +- arch/s390/include/asm/futex.h | 2 +- arch/s390/include/asm/processor.h | 3 +- arch/s390/kernel/vmlinux.lds.S | 1 - arch/s390/kvm/vsie.c | 25 +- arch/s390/mm/extable.c | 9 + arch/s390/pci/pci_bus.c | 1 - arch/x86/boot/compressed/Makefile | 1 + arch/x86/include/asm/kexec.h | 18 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 50 ++- arch/x86/kernel/amd_nb.c | 4 + arch/x86/kernel/machine_kexec_64.c | 45 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/reboot.c | 2 +- arch/x86/kvm/lapic.c | 11 + arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/mmu/mmu.c | 45 +- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/vmx/nested.c | 5 + arch/x86/kvm/vmx/vmx.c | 21 + arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 7 +- arch/x86/mm/fault.c | 2 +- arch/x86/pci/fixup.c | 30 ++ arch/x86/platform/efi/quirks.c | 5 + arch/x86/xen/xen-head.S | 5 +- block/blk-cgroup.c | 1 + block/blk-sysfs.c | 3 + block/fops.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 86 ++-- drivers/acpi/apei/ghes.c | 10 +- drivers/acpi/prmt.c | 4 +- drivers/acpi/property.c | 10 +- drivers/ata/libata-core.c | 4 + drivers/ata/libata-sff.c | 18 +- drivers/bluetooth/btusb.c | 6 + drivers/char/misc.c | 37 +- drivers/char/tpm/eventlog/acpi.c | 15 +- drivers/clk/clk-loongson2.c | 5 +- drivers/clk/mediatek/clk-mt2701-aud.c | 10 + drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-mm.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mmp/pwr-island.c | 2 +- drivers/clk/qcom/Kconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/clk/qcom/clk-rpmh.c | 2 +- drivers/clk/qcom/dispcc-sm6350.c | 7 +- drivers/clk/qcom/gcc-mdm9607.c | 2 +- drivers/clk/qcom/gcc-sm6350.c | 22 +- drivers/clk/qcom/gcc-sm8550.c | 8 +- drivers/clk/qcom/gcc-sm8650.c | 8 +- drivers/clk/sunxi-ng/ccu-sun50i-a100.c | 6 +- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 - drivers/cpufreq/s3c64xx-cpufreq.c | 11 +- drivers/crypto/qce/aead.c | 2 +- drivers/crypto/qce/core.c | 13 +- drivers/crypto/qce/sha.c | 2 +- drivers/crypto/qce/skcipher.c | 2 +- drivers/firmware/Kconfig | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/qcom/qcom_scm.c | 10 +- drivers/gpio/Kconfig | 1 + drivers/gpio/gpio-pca953x.c | 19 - drivers/gpio/gpio-sim.c | 13 +- drivers/gpu/drm/Kconfig | 4 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/Kconfig | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 11 - drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 25 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 22 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.h | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/dml2/Makefile | 4 + .../drm/amd/display/dc/dml2/display_mode_core.c | 35 +- .../display/dc/dml2/display_mode_core_structs.h | 6 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 35 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../drm/amd/display/dc/hubbub/dcn30/dcn30_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn31/dcn31_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn32/dcn32_hubbub.c | 3 +- .../drm/amd/display/dc/hubbub/dcn35/dcn35_hubbub.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 2 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 2 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/resource/dcn301/dcn301_resource.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 - .../drm/arm/display/komeda/komeda_wb_connector.c | 4 + drivers/gpu/drm/ast/ast_dp.c | 2 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 83 ++-- drivers/gpu/drm/bridge/ite-it66121.c | 2 + drivers/gpu/drm/display/drm_dp_cec.c | 14 +- drivers/gpu/drm/drm_client_modeset.c | 9 + drivers/gpu/drm/drm_connector.c | 1 + drivers/gpu/drm/drm_edid.c | 6 + drivers/gpu/drm/drm_fb_helper.c | 14 +- drivers/gpu/drm/drm_panel_backlight_quirks.c | 94 ++++ drivers/gpu/drm/exynos/exynos_hdmi.c | 2 + drivers/gpu/drm/i915/display/intel_dp.c | 10 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 13 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 - drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 13 + drivers/gpu/drm/msm/dp/dp_audio.c | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 16 +- drivers/gpu/drm/radeon/radeon_audio.c | 2 + drivers/gpu/drm/rockchip/cdn-dp-core.c | 9 +- drivers/gpu/drm/sti/sti_hdmi.c | 2 + drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 33 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 4 +- drivers/gpu/drm/virtio/virtgpu_drv.h | 7 + drivers/gpu/drm/virtio/virtgpu_plane.c | 58 ++- drivers/gpu/drm/xe/regs/xe_oa_regs.h | 6 + drivers/gpu/drm/xe/xe_devcoredump.c | 42 +- drivers/gpu/drm/xe/xe_devcoredump.h | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 14 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.h | 6 + drivers/gpu/drm/xe/xe_guc_ct.c | 3 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 +- drivers/gpu/drm/xe/xe_oa.c | 12 +- drivers/hid/hid-asus.c | 26 ++ drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-sensor-hub.c | 21 +- drivers/hid/wacom_wac.c | 5 + drivers/i2c/i2c-core-acpi.c | 22 + drivers/i3c/master.c | 2 +- drivers/iio/chemical/bme680_core.c | 4 +- drivers/iio/dac/ad3552r-common.c | 5 +- drivers/iio/dac/ad3552r-hs.c | 6 + drivers/iio/dac/ad3552r.h | 8 +- drivers/iio/light/as73211.c | 24 +- drivers/infiniband/hw/mlx5/mr.c | 17 +- drivers/infiniband/hw/mlx5/odp.c | 2 + drivers/input/misc/nxp-bbnsm-pwrkey.c | 8 + drivers/input/mouse/synaptics.c | 56 ++- drivers/input/mouse/synaptics.h | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 8 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 7 +- drivers/iommu/iommufd/fault.c | 44 +- drivers/iommu/iommufd/iommufd_private.h | 29 +- drivers/irqchip/Kconfig | 1 + drivers/irqchip/irq-apple-aic.c | 3 +- drivers/irqchip/irq-mvebu-icu.c | 3 +- drivers/leds/leds-lp8860.c | 2 +- drivers/mailbox/tegra-hsp.c | 6 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/Kconfig | 13 + drivers/md/Makefile | 2 + drivers/md/dm-crypt.c | 27 +- drivers/md/md-autodetect.c | 8 +- drivers/md/md-linear.c | 352 +++++++++++++++ drivers/md/md.c | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ccs/ccs-data.c | 14 +- drivers/media/i2c/ds90ub913.c | 1 - drivers/media/i2c/ds90ub953.c | 1 - drivers/media/i2c/ds90ub960.c | 123 +++--- drivers/media/i2c/imx296.c | 2 + drivers/media/i2c/ov5640.c | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 1 + drivers/media/platform/marvell/mmp-driver.c | 21 +- drivers/media/platform/nuvoton/npcm-video.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 83 +++- drivers/media/usb/uvc/uvc_driver.c | 98 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvc_video.c | 21 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/media/v4l2-core/v4l2-mc.c | 2 +- drivers/mfd/axp20x.c | 2 +- drivers/mfd/lpc_ich.c | 3 +- drivers/misc/fastrpc.c | 8 +- drivers/mmc/core/sdio.c | 2 + drivers/mmc/host/sdhci-esdhc-imx.c | 1 + drivers/mmc/host/sdhci-msm.c | 53 ++- drivers/mtd/nand/onenand/onenand_base.c | 1 + drivers/mtd/ubi/build.c | 2 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 16 +- drivers/net/ethernet/broadcom/tg3.c | 58 +++ drivers/net/ethernet/intel/ice/devlink/devlink.c | 3 + drivers/net/ethernet/intel/ice/ice_txrx.c | 150 +++++-- drivers/net/ethernet/intel/ice/ice_txrx.h | 1 - drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 43 -- .../net/ethernet/marvell/octeon_ep/octep_ethtool.c | 39 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 19 +- .../net/ethernet/marvell/octeon_ep/octep_main.h | 6 + drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 11 +- drivers/net/ethernet/marvell/octeon_ep/octep_rx.h | 4 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.c | 7 +- drivers/net/ethernet/marvell/octeon_ep/octep_tx.h | 4 +- .../marvell/octeon_ep_vf/octep_vf_ethtool.c | 29 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 17 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.h | 6 + .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.c | 9 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_rx.h | 2 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.c | 7 +- .../ethernet/marvell/octeon_ep_vf/octep_vf_tx.h | 2 +- .../net/ethernet/mellanox/mlx5/core/lib/clock.c | 24 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 17 +- .../ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 2 +- .../mellanox/mlx5/core/steering/hws/matcher.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 67 ++- drivers/net/phy/nxp-c45-tja11xx.c | 2 + drivers/net/tun.c | 2 +- drivers/net/usb/ipheth.c | 69 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 14 +- .../net/wireless/ath/ath12k/debugfs_htt_stats.c | 5 +- drivers/net/wireless/ath/ath12k/mac.c | 59 +-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 5 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 + drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 167 +++++++ drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 10 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 16 + drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 21 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + .../net/wireless/realtek/rtlwifi/rtl8821ae/fw.h | 4 +- drivers/net/wireless/realtek/rtw88/main.h | 4 +- drivers/net/wireless/realtek/rtw88/rtw8703b.c | 8 +- drivers/net/wireless/realtek/rtw88/rtw8723x.h | 8 +- drivers/net/wireless/realtek/rtw88/rtw8821c.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822b.h | 9 +- drivers/net/wireless/realtek/rtw88/rtw8822c.h | 9 +- drivers/net/wireless/realtek/rtw88/sdio.c | 2 + drivers/net/wireless/realtek/rtw89/pci.c | 16 +- drivers/net/wireless/realtek/rtw89/pci.h | 9 + drivers/net/wireless/realtek/rtw89/pci_be.c | 1 + drivers/net/wireless/realtek/rtw89/phy.c | 13 +- drivers/net/wireless/realtek/rtw89/phy.h | 2 +- drivers/net/wwan/iosm/iosm_ipc_pcie.c | 56 ++- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 9 +- drivers/nvme/host/pci.c | 4 +- drivers/nvme/host/sysfs.c | 2 +- drivers/nvme/target/admin-cmd.c | 1 + drivers/nvmem/core.c | 2 + drivers/nvmem/imx-ocotp-ele.c | 38 +- drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/of/address.c | 12 +- drivers/of/base.c | 8 +- drivers/of/of_reserved_mem.c | 9 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 48 +- drivers/pci/endpoint/pci-epf-core.c | 1 + drivers/pci/tph.c | 2 +- drivers/perf/fsl_imx9_ddr_perf.c | 33 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/samsung/pinctrl-samsung.c | 2 +- drivers/platform/x86/acer-wmi.c | 45 ++ drivers/platform/x86/intel/int3472/discrete.c | 3 + drivers/platform/x86/intel/int3472/tps68470.c | 3 + drivers/platform/x86/serdev_helpers.h | 4 +- drivers/ptp/ptp_clock.c | 8 + drivers/pwm/pwm-microchip-core.c | 2 +- drivers/remoteproc/omap_remoteproc.c | 17 + drivers/rtc/rtc-zynqmp.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 122 ++++- drivers/scsi/qla2xxx/qla_gbl.h | 3 + drivers/scsi/qla2xxx/qla_init.c | 28 +- drivers/scsi/scsi_lib.c | 9 +- drivers/scsi/st.c | 6 + drivers/scsi/st.h | 1 + drivers/scsi/storvsc_drv.c | 1 + drivers/soc/mediatek/mtk-devapc.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 1 + drivers/soc/qcom/smem_state.c | 3 +- drivers/soc/qcom/socinfo.c | 2 +- drivers/soc/samsung/exynos-pmu.c | 2 +- drivers/spi/atmel-quadspi.c | 118 +++-- drivers/tty/serial/sh-sci.c | 25 +- drivers/tty/serial/xilinx_uartps.c | 8 +- drivers/tty/vt/selection.c | 14 + drivers/tty/vt/vt.c | 2 - drivers/ufs/core/ufshcd.c | 31 +- drivers/ufs/host/ufs-qcom.c | 18 +- drivers/ufs/host/ufshcd-pci.c | 2 - drivers/ufs/host/ufshcd-pltfrm.c | 28 +- drivers/usb/gadget/function/f_tcm.c | 52 +-- drivers/vfio/platform/vfio_platform_common.c | 10 + fs/binfmt_flat.c | 2 +- fs/btrfs/ctree.c | 2 + fs/btrfs/file.c | 2 +- fs/btrfs/ordered-data.c | 12 + fs/btrfs/qgroup.c | 5 +- fs/btrfs/raid-stripe-tree.c | 26 +- fs/btrfs/relocation.c | 14 +- fs/btrfs/transaction.c | 4 +- fs/ceph/mds_client.c | 16 +- fs/exec.c | 29 +- fs/namespace.c | 54 ++- fs/nfs/Kconfig | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 27 +- fs/nfsd/nfs4xdr.c | 20 +- fs/nilfs2/inode.c | 6 +- fs/ocfs2/super.c | 2 +- fs/ocfs2/symlink.c | 5 +- fs/pidfs.c | 34 ++ fs/proc/array.c | 2 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/dir.c | 6 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 108 ++--- fs/smb/client/smb2ops.c | 41 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smb2proto.h | 2 +- fs/smb/server/transport_ipc.c | 9 + fs/xfs/xfs_exchrange.c | 71 ++- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_iomap.c | 6 +- include/drm/drm_connector.h | 5 +- include/drm/drm_utils.h | 4 + include/linux/binfmts.h | 4 +- include/linux/call_once.h | 45 ++ include/linux/hrtimer_defs.h | 1 + include/linux/jiffies.h | 2 +- include/linux/kvm_host.h | 9 + include/linux/mlx5/driver.h | 1 - include/linux/platform_data/x86/asus-wmi.h | 5 + include/net/sch_generic.h | 2 +- include/rv/da_monitor.h | 4 + include/trace/events/rxrpc.h | 1 + include/uapi/drm/amdgpu_drm.h | 9 +- include/uapi/linux/input-event-codes.h | 1 + include/uapi/linux/iommufd.h | 4 +- include/uapi/linux/raid/md_p.h | 2 +- include/uapi/linux/raid/md_u.h | 2 + include/ufs/ufs.h | 4 +- include/ufs/ufshcd.h | 1 - io_uring/net.c | 5 + io_uring/poll.c | 4 + kernel/bpf/verifier.c | 2 +- kernel/locking/test-ww_mutex.c | 9 +- kernel/printk/printk.c | 2 +- kernel/sched/core.c | 28 +- kernel/sched/deadline.c | 56 ++- kernel/sched/fair.c | 19 + kernel/sched/sched.h | 2 +- kernel/seccomp.c | 12 + kernel/time/hrtimer.c | 103 ++++- kernel/time/timer_migration.c | 10 +- kernel/trace/ring_buffer.c | 13 +- kernel/trace/trace_functions_graph.c | 2 +- kernel/trace/trace_osnoise.c | 17 +- lib/Kconfig.debug | 8 +- lib/atomic64.c | 78 ++-- lib/maple_tree.c | 23 +- mm/compaction.c | 3 +- mm/gup.c | 14 +- mm/hugetlb.c | 24 +- mm/kfence/core.c | 2 + mm/kmemleak.c | 2 +- mm/vmscan.c | 7 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 12 +- net/ethtool/ioctl.c | 2 +- net/ethtool/rss.c | 3 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/ncsi/ncsi-manage.c | 13 +- net/nfc/nci/hci.c | 2 + net/rose/af_rose.c | 24 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 6 +- net/rxrpc/conn_event.c | 21 +- net/rxrpc/conn_object.c | 1 + net/rxrpc/input.c | 2 +- net/rxrpc/sendmsg.c | 2 +- net/sched/sch_fifo.c | 3 + net/sched/sch_netem.c | 2 +- net/tipc/crypto.c | 4 +- rust/kernel/init.rs | 2 +- scripts/Makefile.extrawarn | 5 +- scripts/gdb/linux/cpus.py | 2 +- scripts/generate_rust_target.rs | 18 + security/keys/trusted-keys/trusted_dcp.c | 22 +- security/safesetid/securityfs.c | 3 + security/tomoyo/common.c | 2 +- sound/pci/hda/hda_auto_parser.c | 8 +- sound/pci/hda/hda_auto_parser.h | 1 + sound/pci/hda/patch_realtek.c | 20 +- sound/soc/amd/Kconfig | 2 +- sound/soc/amd/yc/acp6x-mach.c | 28 ++ sound/soc/intel/boards/sof_sdw.c | 5 +- sound/soc/renesas/rz-ssi.c | 10 +- sound/soc/soc-pcm.c | 32 +- sound/soc/sof/intel/hda-dai.c | 12 + sound/soc/sof/intel/hda.c | 5 + tools/perf/bench/epoll-wait.c | 7 +- .../testing/selftests/bpf/progs/exceptions_fail.c | 4 +- tools/testing/selftests/bpf/progs/preempt_lock.c | 14 +- .../selftests/bpf/progs/verifier_spin_lock.c | 2 +- tools/testing/selftests/drivers/net/hw/rss_ctx.py | 2 + tools/testing/selftests/net/ipsec.c | 3 +- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- tools/testing/selftests/net/udpgso.c | 26 ++ tools/tracing/rtla/src/osnoise.c | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 26 +- tools/tracing/rtla/src/timerlat_top.c | 27 +- tools/tracing/rtla/src/trace.c | 8 + tools/tracing/rtla/src/trace.h | 1 + 479 files changed, 5359 insertions(+), 2651 deletions(-)

6 months, 1 week

17
473
0 0

[PATCH v3 1/2] PCI: Fix wrong length of devres array

by Philipp Stanner

The array for the iomapping cookie addresses has a length of PCI_STD_NUM_BARS. This constant, however, only describes standard BARs; while PCI can allow for additional, special BARs. The total number of PCI resources is described by constant PCI_NUM_RESOURCES, which is also used in, e.g., pci_select_bars(). Thus, the devres array has so far been too small. Change the length of the devres array to PCI_NUM_RESOURCES. Cc: <stable(a)vger.kernel.org> # v6.11+ Fixes: bbaff68bf4a4 ("PCI: Add managed partial-BAR request and map infrastructure") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/pci/devres.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/devres.c b/drivers/pci/devres.c index 3431a7df3e0d..728ed0c7f70a 100644 --- a/drivers/pci/devres.c +++ b/drivers/pci/devres.c @@ -40,7 +40,7 @@ * Legacy struct storing addresses to whole mapped BARs. */ struct pcim_iomap_devres { - void __iomem *table[PCI_STD_NUM_BARS]; + void __iomem *table[PCI_NUM_RESOURCES]; }; /* Used to restore the old INTx state on driver detach. */ -- 2.48.1

6 months, 1 week

1
0
0 0

[PATCH 07/11] drm/amd/display: Use HW lock mgr for PSR1 when only one eDP

by Alex Hung

From: Mario Limonciello <mario.limonciello(a)amd.com> [WHY] DMUB locking is important to make sure that registers aren't accessed while in PSR. Previously it was enabled but caused a deadlock in situations with multiple eDP panels. [HOW] Detect if multiple eDP panels are in use to decide whether to use lock. Refactor the function so that the first check is for PSR-SU and then replay is in use to prevent having to look up number of eDP panels for those configurations. Fixes: 06fbedfaf1a9 ("Revert "drm/amd/display: Use HW lock mgr for PSR1"") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3965 Cc: stable(a)vger.kernel.org Reviewed-by: ChiaHsuan Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c index bf636b28e3e1..6e2fce329d73 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c @@ -69,5 +69,16 @@ bool should_use_dmub_lock(struct dc_link *link) if (link->replay_settings.replay_feature_enabled) return true; + /* only use HW lock for PSR1 on single eDP */ + if (link->psr_settings.psr_version == DC_PSR_VERSION_1) { + struct dc_link *edp_links[MAX_NUM_EDP]; + int edp_num; + + dc_get_edp_links(link->dc, edp_links, &edp_num); + + if (edp_num == 1) + return true; + } + return false; } -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH] mm: introduce include/linux/pgalloc.h

by Gwan-gyeong Mun

The include/linux/pgalloc.h is going to be the home of generic page table population functions. Start with including asm/pgalloc.h to include/linux/pgalloc.h and adding functions that if an architecture needs to synchronize global pgds when populating the init_mm's pgd. The newly introduced p4d_populate_kernel() and pgd_populate_kernel() functions synchronize global pgds after populating init_mm's p4d/pgd. If the architecture requires to synchronize global pgds, add ARCH_USE_SYNC_GLOBAL_PGDS to the Kconfig of the required architecture and implement arch_sync_global_p4ds() and arch_sync_global_pgds() to the architecture. And this patch adds an implementation to the x86 architecture. Through using new introduced p4d_populate_kernel() and pgd_populate_kernel() functions, it addresses an Oops issues when performing test of loading XE GPU driver module after applying the GPU SVM and Xe SVM patch series[1] and the Dept patch series[2]. The issue occurs when loading the xe driver via modprobe [3], which adds a struct page for device memory via devm_memremap_pages(). When a process leads the addition of a struct page to vmemmap (e.g. hot-plug), the page table update for the newly added vmemmap-based virtual address is updated first in init_mm's page table and then synchronized later. If the vmemmap-based virtual address is accessed through the process's page table before this sync, a page fault will occur. This addresses the issue by synchronizing with the global pgds immediately after populating the init_mm's pgd. [1] https://lore.kernel.org/dri-devel/20250213021112.1228481-1-matthew.brost@in… [2] https://lore.kernel.org/lkml/20240508094726.35754-1-byungchul@sk.com/ [3] [ 49.103630] xe 0000:00:04.0: [drm] Available VRAM: 0x0000000800000000, 0x00000002fb800000 [ 49.116710] BUG: unable to handle page fault for address: ffffeb3ff1200000 [ 49.117175] #PF: supervisor write access in kernel mode [ 49.117511] #PF: error_code(0x0002) - not-present page [ 49.117835] PGD 0 P4D 0 [ 49.118015] Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI [ 49.118366] CPU: 3 UID: 0 PID: 302 Comm: modprobe Tainted: G W 6.13.0-drm-tip-test+ #62 [ 49.118976] Tainted: [W]=WARN [ 49.119179] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 49.119710] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.120011] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.121158] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.121502] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.121966] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.122499] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.123032] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.123566] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.124096] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.124698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.125129] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.125662] PKRU: 55555554 [ 49.125880] Call Trace: [ 49.126078] <TASK> [ 49.126252] ? __die_body.cold+0x19/0x26 [ 49.126509] ? page_fault_oops+0xa2/0x240 [ 49.126736] ? preempt_count_add+0x47/0xa0 [ 49.126968] ? search_module_extables+0x4a/0x80 [ 49.127224] ? exc_page_fault+0x206/0x230 [ 49.127454] ? asm_exc_page_fault+0x22/0x30 [ 49.127691] ? vmemmap_set_pmd+0xff/0x230 [ 49.127919] vmemmap_populate_hugepages+0x176/0x180 [ 49.128194] vmemmap_populate+0x34/0x80 [ 49.128416] __populate_section_memmap+0x41/0x90 [ 49.128676] sparse_add_section+0x121/0x3e0 [ 49.128914] __add_pages+0xba/0x150 [ 49.129116] add_pages+0x1d/0x70 [ 49.129305] memremap_pages+0x3dc/0x810 [ 49.129529] devm_memremap_pages+0x1c/0x60 [ 49.129762] xe_devm_add+0x8b/0x100 [xe] [ 49.130072] xe_tile_init_noalloc+0x6a/0x70 [xe] [ 49.130408] xe_device_probe+0x48c/0x740 [xe] [ 49.130714] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.130982] ? __drmm_add_action+0x85/0xd0 [ 49.131208] ? __pfx___drmm_mutex_release+0x10/0x10 [ 49.131478] xe_pci_probe+0x7ef/0xd90 [xe] [ 49.131777] ? _raw_spin_unlock_irqrestore+0x66/0x90 [ 49.132049] ? lockdep_hardirqs_on+0xba/0x140 [ 49.132290] pci_device_probe+0x99/0x110 [ 49.132510] really_probe+0xdb/0x340 [ 49.132710] ? pm_runtime_barrier+0x50/0x90 [ 49.132941] ? __pfx___driver_attach+0x10/0x10 [ 49.133190] __driver_probe_device+0x78/0x110 [ 49.133433] driver_probe_device+0x1f/0xa0 [ 49.133661] __driver_attach+0xba/0x1c0 [ 49.133874] bus_for_each_dev+0x7a/0xd0 [ 49.134089] bus_add_driver+0x114/0x200 [ 49.134302] driver_register+0x6e/0xc0 [ 49.134515] xe_init+0x1e/0x50 [xe] [ 49.134827] ? __pfx_xe_init+0x10/0x10 [xe] [ 49.134926] xe 0000:00:04.0: [drm:process_one_work] GT1: GuC CT safe-mode canceled [ 49.135112] do_one_initcall+0x5b/0x2b0 [ 49.135734] ? rcu_is_watching+0xd/0x40 [ 49.135995] ? __kmalloc_cache_noprof+0x231/0x310 [ 49.136315] do_init_module+0x60/0x210 [ 49.136572] init_module_from_file+0x86/0xc0 [ 49.136863] idempotent_init_module+0x12b/0x340 [ 49.137156] __x64_sys_finit_module+0x61/0xc0 [ 49.137437] do_syscall_64+0x69/0x140 [ 49.137681] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 49.137953] RIP: 0033:0x7f53ae1261fd [ 49.138153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 fa 0c 00 f7 d8 64 89 01 48 [ 49.139117] RSP: 002b:00007ffd0e9021e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 49.139525] RAX: ffffffffffffffda RBX: 000055c02951ee50 RCX: 00007f53ae1261fd [ 49.139905] RDX: 0000000000000000 RSI: 000055bfff125478 RDI: 0000000000000010 [ 49.140282] RBP: 000055bfff125478 R08: 00007f53ae1f6b20 R09: 00007ffd0e902230 [ 49.140663] R10: 000055c029522000 R11: 0000000000000246 R12: 0000000000040000 [ 49.141040] R13: 000055c02951ef80 R14: 0000000000000000 R15: 000055c029521fc0 [ 49.141424] </TASK> [ 49.141552] Modules linked in: xe(+) drm_ttm_helper gpu_sched drm_suballoc_helper drm_gpuvm drm_exec drm_gpusvm i2c_algo_bit drm_buddy video wmi ttm drm_display_helper drm_kms_helper crct10dif_pclmul crc32_pclmul i2c_piix4 e1000 ghash_clmulni_intel i2c_smbus fuse [ 49.142824] CR2: ffffeb3ff1200000 [ 49.143010] ---[ end trace 0000000000000000 ]--- [ 49.143268] RIP: 0010:vmemmap_set_pmd+0xff/0x230 [ 49.143523] Code: 77 22 02 a9 ff ff 1f 00 74 58 48 8b 3d 62 77 22 02 48 85 ff 0f 85 9a 00 00 00 48 8d 7d 08 48 89 e9 31 c0 48 89 ea 48 83 e7 f8 <48> c7 45 00 00 00 00 00 48 29 f9 48 c7 45 48 00 00 00 00 83 c1 50 [ 49.144489] RSP: 0018:ffffc900016d37a8 EFLAGS: 00010282 [ 49.144775] RAX: 0000000000000000 RBX: ffff888164000000 RCX: ffffeb3ff1200000 [ 49.145154] RDX: ffffeb3ff1200000 RSI: 80000000000001e3 RDI: ffffeb3ff1200008 [ 49.145536] RBP: ffffeb3ff1200000 R08: ffffeb3ff1280000 R09: 0000000000000000 [ 49.145914] R10: ffff88817b94dc48 R11: 0000000000000003 R12: ffffeb3ff1280000 [ 49.146292] R13: 0000000000000000 R14: ffff88817b94dc48 R15: 8000000163e001e3 [ 49.146671] FS: 00007f53ae71d740(0000) GS:ffff88843fd80000(0000) knlGS:0000000000000000 [ 49.147097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.147407] CR2: ffffeb3ff1200000 CR3: 000000017c7d2000 CR4: 0000000000750ef0 [ 49.147786] PKRU: 55555554 [ 49.147941] note: modprobe[302] exited with irqs disabled Fixes: faf1c0008a33 ("x86/vmemmap: optimize for consecutive sections in partial populated PMDs") Signed-off-by: Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> Cc: <linux-mm(a)kvack.org> --- arch/x86/Kconfig | 4 ++++ arch/x86/mm/init_64.c | 23 ++++++++++++++++++++++- include/linux/pgalloc.h | 26 ++++++++++++++++++++++++++ mm/sparse-vmemmap.c | 6 +++--- 4 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 include/linux/pgalloc.h diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index d581634c6a59..0e0606cc9d4f 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -427,6 +427,10 @@ config PGTABLE_LEVELS default 3 if X86_PAE default 2 +config ARCH_USE_SYNC_GLOBAL_PGDS + def_bool y + depends on X86_64 && (PGTABLE_LEVELS > 3) + config CC_HAS_SANE_STACKPROTECTOR bool default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 01ea7c6df303..d7d93f98f931 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -38,7 +38,7 @@ #include <asm/processor.h> #include <asm/bios_ebda.h> #include <linux/uaccess.h> -#include <asm/pgalloc.h> +#include <linux/pgalloc.h> #include <asm/dma.h> #include <asm/fixmap.h> #include <asm/e820/api.h> @@ -223,6 +223,27 @@ static void sync_global_pgds(unsigned long start, unsigned long end) sync_global_pgds_l4(start, end); } +#ifdef CONFIG_ARCH_USE_SYNC_GLOBAL_PGDS +#if CONFIG_PGTABLE_LEVELS > 3 +void arch_sync_global_p4ds(unsigned long start, unsigned long end) +{ + sync_global_pgds(start, end); +} + +void arch_sync_global_pgds(unsigned long start, unsigned long end) {} + +#if CONFIG_PGTABLE_LEVELS > 4 +void arch_sync_global_p4ds(unsigned long start, unsigned long end) {} + +void arch_sync_global_pgds(unsigned long start, unsigned long end) +{ + sync_global_pgds(start, end); +} + +#endif /* CONFIG_PGTABLE_LEVELS > 4 */ +#endif /* CONFIG_PGTABLE_LEVELS > 3 */ +#endif /* CONFIG_ARCH_USE_SYNC_GLOBAL_PGDS */ + /* * NOTE: This function is marked __ref because it calls __init function * (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0. diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h new file mode 100644 index 000000000000..072cca766245 --- /dev/null +++ b/include/linux/pgalloc.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PGALLOC_H +#define _LINUX_PGALLOC_H +#include <asm/pgalloc.h> + +#ifdef CONFIG_ARCH_USE_SYNC_GLOBAL_PGDS +void arch_sync_global_p4ds(unsigned long start, unsigned long end); +void arch_sync_global_pgds(unsigned long start, unsigned long end); +#else +static inline void arch_sync_global_p4ds(unsigned long start, unsigned long end) {} +static inline void arch_sync_global_pgds(unsigned long start, unsigned long end) {} +#endif + +static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, pud_t *pud) +{ + p4d_populate(&init_mm, p4d, pud); + arch_sync_global_p4ds(addr, addr); +} + +static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, p4d_t *p4d) +{ + pgd_populate(&init_mm, pgd, p4d); + arch_sync_global_pgds(addr, addr); +} + +#endif /* _LINUX_PGALLOC_H */ diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 3287ebadd167..2c54bade3fa4 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -23,13 +23,13 @@ #include <linux/memblock.h> #include <linux/memremap.h> #include <linux/highmem.h> +#include <linux/pgalloc.h> #include <linux/slab.h> #include <linux/spinlock.h> #include <linux/vmalloc.h> #include <linux/sched.h> #include <asm/dma.h> -#include <asm/pgalloc.h> #include "internal.h" @@ -219,7 +219,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) if (!p) return NULL; pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } return p4d; } @@ -231,7 +231,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); if (!p) return NULL; - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } return pgd; } -- 2.48.1

6 months, 1 week

3
2
0 0

+ mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/page_alloc: fix memory accept before watermarks gets initialized has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm/page_alloc: fix memory accept before watermarks gets initialized Date: Mon, 10 Mar 2025 10:28:55 +0200 Watermarks are initialized during the postcore initcall. Until then, all watermarks are set to zero. This causes cond_accept_memory() to incorrectly skip memory acceptance because a watermark of 0 is always met. This can lead to a premature OOM on boot. To ensure progress, accept one MAX_ORDER page if the watermark is zero. Link: https://lkml.kernel.org/r/20250310082855.2587122-1-kirill.shutemov@linux.in… Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Tested-by: Farrah Chen <farrah.chen(a)intel.com> Reported-by: Farrah Chen <farrah.chen(a)intel.com> Cc: Ashish Kalra <ashish.kalra(a)amd.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Edgecombe, Rick P" <rick.p.edgecombe(a)intel.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: Thomas Lendacky <thomas.lendacky(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized +++ a/mm/page_alloc.c @@ -7004,7 +7004,7 @@ static inline bool has_unaccepted_memory static bool cond_accept_memory(struct zone *zone, unsigned int order) { - long to_accept; + long to_accept, wmark; bool ret = false; if (!has_unaccepted_memory()) @@ -7013,8 +7013,18 @@ static bool cond_accept_memory(struct zo if (list_empty(&zone->unaccepted_pages)) return false; + wmark = promo_wmark_pages(zone); + + /* + * Watermarks have not been initialized yet. + * + * Accepting one MAX_ORDER page to ensure progress. + */ + if (!wmark) + return try_to_accept_memory_one(zone); + /* How much to accept to get to promo watermark? */ - to_accept = promo_wmark_pages(zone) - + to_accept = wmark - (zone_page_state(zone, NR_FREE_PAGES) - __zone_watermark_unusable_free(zone, order, 0) - zone_page_state(zone, NR_UNACCEPTED)); _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-page_alloc-fix-memory-accept-before-watermarks-gets-initialized.patch

6 months, 1 week

1
0
0 0

[PATCH] iommu/arm: Allow disabling Qualcomm support in arm_smmu_v3

by Aaron Kling via B4 Relay

From: Aaron Kling <webgeek1234(a)gmail.com> If ARCH_QCOM is enabled when building arm_smmu_v3, a dependency on qcom-scm is added, which currently cannot be disabled. Add a prompt to ARM_SMMU_QCOM to allow disabling this dependency. Fixes: 0f0f80d9d5db ("iommu/arm: fix ARM_SMMU_QCOM compilation") Cc: stable(a)vger.kernel.org Signed-off-by: Aaron Kling <webgeek1234(a)gmail.com> --- drivers/iommu/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig index ec1b5e32b9725bc1104d10e5d7a32af7b211b50a..cca0825551959e3f37cc2ea41aeae526fdb73312 100644 --- a/drivers/iommu/Kconfig +++ b/drivers/iommu/Kconfig @@ -381,6 +381,7 @@ config ARM_SMMU_MMU_500_CPRE_ERRATA config ARM_SMMU_QCOM def_tristate y + prompt "Qualcomm SMMUv3 Support" depends on ARM_SMMU && ARCH_QCOM select QCOM_SCM help --- base-commit: 1110ce6a1e34fe1fdc1bfe4ad52405f327d5083b change-id: 20250310-b4-qcom-smmu-d4ccaf66a1ce Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

6 months, 1 week

4
7
0 0

[PATCH] kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION indiscriminately

by Alexandru Gagniuc

In ThinPro, we use the convention <upstream_ver>+hp<patchlevel> for the kernel package. This does not have a dash in the name or version. This is built by editing ".version" before a build, and setting EXTRAVERSION="+hp" and KDEB_PKGVERSION make variables: echo 68 > .version make -j<n> EXTRAVERSION="+hp" bindeb-pkg KDEB_PKGVERSION=6.6.6+hp69 .deb name: linux-image-6.6.6+hp_6.6.6+hp69_amd64.deb Since commit 7d4f07d5cb71 ("kbuild: deb-pkg: squash scripts/package/deb-build-option to debian/rules"), this no longer works. The deb build logic changed, even though, the commit message implies that the logic should be unmodified. Before, KBUILD_BUILD_VERSION was not set if the KDEB_PKGVERSION did not contain a dash. After the change KBUILD_BUILD_VERSION is always set to KDEB_PKGVERSION. Since this determines UTS_VERSION,the uname output to look off: (now) uname -a: version 6.6.6+hp ... #6.6.6+hp69 (expected) uname -a: version 6.6.6+hp ... #69 Update the debian/rules logic to restore the original behavior. Cc: <stable(a)vger.kernel.org> # v6.12+ Fixes: 7d4f07d5cb71 ("kbuild: deb-pkg: squash scripts/package/deb-build-option to debian/rules") Signed-off-by: Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> --- scripts/package/debian/rules | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/package/debian/rules b/scripts/package/debian/rules index ca07243bd5cd..bbc214f2e6bd 100755 --- a/scripts/package/debian/rules +++ b/scripts/package/debian/rules @@ -21,9 +21,13 @@ ifeq ($(origin KBUILD_VERBOSE),undefined) endif endif -revision = $(lastword $(subst -, ,$(shell dpkg-parsechangelog -S Version))) +debian_revision = $(shell dpkg-parsechangelog -S Version) +revision = $(lastword $(subst -, ,$(debian_revision))) CROSS_COMPILE ?= $(filter-out $(DEB_BUILD_GNU_TYPE)-, $(DEB_HOST_GNU_TYPE)-) -make-opts = ARCH=$(ARCH) KERNELRELEASE=$(KERNELRELEASE) KBUILD_BUILD_VERSION=$(revision) $(addprefix CROSS_COMPILE=,$(CROSS_COMPILE)) +make-opts = ARCH=$(ARCH) KERNELRELEASE=$(KERNELRELEASE) $(addprefix CROSS_COMPILE=,$(CROSS_COMPILE)) +ifneq ($(revision), $(debian_revision)) + make-opts+=KBUILD_BUILD_VERSION=$(revision) +endif binary-targets := $(addprefix binary-, image image-dbg headers libc-dev) -- 2.48.1

6 months, 1 week

4
3
0 0

[PATCH] memcg: drain obj stock on cpu hotplug teardown

by Shakeel Butt

Currently on cpu hotplug teardown, only memcg stock is drained but we need to drain the obj stock as well otherwise we will miss the stats accumulated on the target cpu as well as the nr_bytes cached. The stats include MEMCG_KMEM, NR_SLAB_RECLAIMABLE_B & NR_SLAB_UNRECLAIMABLE_B. In addition we are leaking reference to struct obj_cgroup object. Fixes: bf4f059954dc ("mm: memcg/slab: obj_cgroup API") Signed-off-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> --- mm/memcontrol.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 4de6acb9b8ec..59dcaf6a3519 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -1921,9 +1921,18 @@ void drain_all_stock(struct mem_cgroup *root_memcg) static int memcg_hotplug_cpu_dead(unsigned int cpu) { struct memcg_stock_pcp *stock; + struct obj_cgroup *old; + unsigned long flags; stock = &per_cpu(memcg_stock, cpu); + + /* drain_obj_stock requires stock_lock */ + local_lock_irqsave(&memcg_stock.stock_lock, flags); + old = drain_obj_stock(stock); + local_unlock_irqrestore(&memcg_stock.stock_lock, flags); + drain_stock(stock); + obj_cgroup_put(old); return 0; } -- 2.47.1

6 months, 1 week

3
6
0 0

[PATCH v2] kbuild: exclude .rodata.(cst|str)* when building ranges

by Kris Van Hees

The .rodata.(cst|str)* sections are often resized during the final linking and since these sections do not cover actual symbols there is no need to include them in the modules.builtin.ranges data. When these sections were included in processing and resizing occurred, modules were reported with ranges that extended beyond their true end, causing subsequent symbols (in address order) to be associated with the wrong module. Fixes: 5f5e7344322f ("kbuild: generate offset range data for builtin modules") Cc: stable(a)vger.kernel.org Signed-off-by: Kris Van Hees <kris.van.hees(a)oracle.com> Reviewed-by: Jack Vogel <jack.vogel(a)oracle.com> --- scripts/generate_builtin_ranges.awk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/generate_builtin_ranges.awk b/scripts/generate_builtin_ranges.awk index b9ec761b3bef..d4bd5c2b998c 100755 --- a/scripts/generate_builtin_ranges.awk +++ b/scripts/generate_builtin_ranges.awk @@ -282,6 +282,11 @@ ARGIND == 2 && !anchor && NF == 2 && $1 ~ /^0x/ && $2 !~ /^0x/ { # section. # ARGIND == 2 && sect && NF == 4 && /^ [^ \*]/ && !($1 in sect_addend) { + # There are a few sections with constant data (without symbols) that + # can get resized during linking, so it is best to ignore them. + if ($1 ~ /^\.rodata\.(cst|str)[0-9]/) + next; + if (!($1 in sect_base)) { sect_base[$1] = base; -- 2.45.2

6 months, 1 week

2
1
0 0

[PATCH v2] char: xillybus: Fix error handling in xillybus_init_chrdev()

by Ma Ke

After cdev_alloc() succeed and cdev_add() failed, call cdev_del() to remove unit->cdev from the system properly. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 8cb5d216ab33 ("char: xillybus: Move class-related functions to new xillybus_class.c") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch as suggestions to avoid UAF. --- drivers/char/xillybus/xillybus_class.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/char/xillybus/xillybus_class.c b/drivers/char/xillybus/xillybus_class.c index c92a628e389e..356af6551b0d 100644 --- a/drivers/char/xillybus/xillybus_class.c +++ b/drivers/char/xillybus/xillybus_class.c @@ -104,8 +104,7 @@ int xillybus_init_chrdev(struct device *dev, if (rc) { dev_err(dev, "Failed to add cdev.\n"); /* kobject_put() is normally done by cdev_del() */ - kobject_put(&unit->cdev->kobj); - goto unregister_chrdev; + goto err_cdev; } for (i = 0; i < num_nodes; i++) { @@ -157,6 +156,7 @@ int xillybus_init_chrdev(struct device *dev, device_destroy(&xillybus_class, MKDEV(unit->major, i + unit->lowest_minor)); +err_cdev: cdev_del(unit->cdev); unregister_chrdev: -- 2.25.1

6 months, 1 week

2
1
0 0

[PATCH] jfs: add index corruption check to DT_GETPAGE()

by Roman Smirnov

If the file system is corrupted, the header.stblindex variable may become greater than 127. Because of this, an array access out of bounds may occur: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3096:10 index 237 is out of range for type 'struct dtslot[128]' CPU: 0 UID: 0 PID: 5822 Comm: syz-executor740 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429 dtReadFirst+0x622/0xc50 fs/jfs/jfs_dtree.c:3096 dtReadNext fs/jfs/jfs_dtree.c:3147 [inline] jfs_readdir+0x9aa/0x3c50 fs/jfs/jfs_dtree.c:2862 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65 iterate_dir+0x571/0x800 fs/readdir.c:108 __do_sys_getdents64 fs/readdir.c:403 [inline] __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> ---[ end trace ]--- Add a stblindex check for corruption. Reported-by: syzbot <syzbot+9120834fc227768625ba(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=9120834fc227768625ba Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- fs/jfs/jfs_dtree.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c index 8f85177f284b..93db6eec4465 100644 --- a/fs/jfs/jfs_dtree.c +++ b/fs/jfs/jfs_dtree.c @@ -117,7 +117,8 @@ do { \ if (!(RC)) { \ if (((P)->header.nextindex > \ (((BN) == 0) ? DTROOTMAXSLOT : (P)->header.maxslot)) || \ - ((BN) && ((P)->header.maxslot > DTPAGEMAXSLOT))) { \ + ((BN) && (((P)->header.maxslot > DTPAGEMAXSLOT) || \ + ((P)->header.stblindex >= DTPAGEMAXSLOT)))) { \ BT_PUTPAGE(MP); \ jfs_error((IP)->i_sb, \ "DT_GETPAGE: dtree page corrupt\n"); \ -- 2.34.1

6 months, 1 week

2
1
0 0

[merged mm-hotfixes-stable] dma-kmsan-export-kmsan_handle_dma-for-modules.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: dma: kmsan: export kmsan_handle_dma() for modules has been removed from the -mm tree. Its filename was dma-kmsan-export-kmsan_handle_dma-for-modules.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Subject: dma: kmsan: export kmsan_handle_dma() for modules Date: Tue, 18 Feb 2025 10:14:11 +0100 kmsan_handle_dma() is used by virtio_ring() which can be built as a module. kmsan_handle_dma() needs to be exported otherwise building the virtio_ring fails. Export kmsan_handle_dma for modules. Link: https://lkml.kernel.org/r/20250218091411.MMS3wBN9@linutronix.de Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202502150634.qjxwSeJR-lkp@intel.com/ Fixes: 7ade4f10779c ("dma: kmsan: unpoison DMA mappings") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Macro Elver <elver(a)google.com> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/hooks.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/kmsan/hooks.c~dma-kmsan-export-kmsan_handle_dma-for-modules +++ a/mm/kmsan/hooks.c @@ -357,6 +357,7 @@ void kmsan_handle_dma(struct page *page, size -= to_go; } } +EXPORT_SYMBOL_GPL(kmsan_handle_dma); void kmsan_handle_dma_sg(struct scatterlist *sg, int nents, enum dma_data_direction dir) _ Patches currently in -mm which might be from bigeasy(a)linutronix.de are rcu-provide-a-static-initializer-for-hlist_nulls_head.patch ucount-replace-get_ucounts_or_wrap-with-atomic_inc_not_zero.patch ucount-use-rcu-for-ucounts-lookups.patch ucount-use-rcuref_t-for-reference-counting.patch

6 months, 1 week

2
1
0 0

[PATCH 6.1.y] selftests/vm: fix undefined reference of the `default_huge_page_size`

by Andrey Kalachev

The commit a584c7734a4d ("selftests: mm: fix map_hugetlb failure on 64K page size systems") backported the fix from v6.8 to stable v6.1. The patch uses default_huge_page_size() function, which definition moved into vm_util.[ch] by commit bd4d67e76f699 ("selftests/mm: merge default_huge_page_size() into one") merged to upsream since v6.4. However, in v6.1 common definition/declaration for the default_huge_page_size() we doesn't have, the following build error is seen: map_hugetlb.c:79:25: warning: implicit declaration of function ‘default_huge_page_size’ [-Wimplicit-function-declaration] 79 | hugepage_size = default_huge_page_size(); | ^~~~~~~~~~~~~~~~~~~~~~ /usr/bin/ld: /tmp/ccx95BZz.o: in function `main': map_hugetlb.c:(.text+0x104): undefined reference to `default_huge_page_size' Place default_huge_page_size() function body into map_hugetlb.c to fix this issue. Fixes: a584c7734a4d ("selftests: mm: fix map_hugetlb failure on 64K page size systems") Signed-off-by: Andrey Kalachev <kalachev(a)swemel.ru> --- tools/testing/selftests/vm/map_hugetlb.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..5826c50b6736 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -67,6 +67,30 @@ static int read_bytes(char *addr, size_t length) return 0; } +/* + * default_huge_page_size copied from mlock2-tests.c + */ +unsigned long default_huge_page_size(void) +{ + unsigned long hps = 0; + char *line = NULL; + size_t linelen = 0; + FILE *f = fopen("/proc/meminfo", "r"); + + if (!f) + return 0; + while (getline(&line, &linelen, f) > 0) { + if (sscanf(line, "Hugepagesize: %lu kB", &hps) == 1) { + hps <<= 10; + break; + } + } + + free(line); + fclose(f); + return hps; +} + int main(int argc, char **argv) { void *addr; -- 2.39.5

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x dfd3df31c9db752234d7d2e09bef2aeabb643ce4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030914-turtle-tattered-27c6@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfd3df31c9db752234d7d2e09bef2aeabb643ce4 Mon Sep 17 00:00:00 2001 From: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Date: Fri, 28 Feb 2025 13:13:56 +0100 Subject: [PATCH] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Closes: https://lore.kernel.org/all/Z7iqJtCjHKfo8Kho@kbusch-mbp/ Cc: stable(a)vger.kernel.org Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab_common.c b/mm/slab_common.c index 4030907b6b7d..4c9f0a87f733 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1304,6 +1304,8 @@ module_param(rcu_min_cached_objs, int, 0444); static int rcu_delay_page_cache_fill_msec = 5000; module_param(rcu_delay_page_cache_fill_msec, int, 0444); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -1632,10 +1634,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -1733,7 +1735,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -1883,7 +1885,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -2120,6 +2122,10 @@ void __init kvfree_rcu_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) {

6 months, 1 week

3
2
0 0

[PATCH] mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops

by Kamal Dasu

cqhci timeouts observed on brcmstb platforms during suspend: ... [ 164.832853] mmc0: cqhci: timeout for tag 18 ... Adding cqhci_suspend()/resume() calls to disable cqe in sdhci_brcmstb_suspend()/resume() respectively to fix CQE timeouts seen on PM suspend. Fixes: d46ba2d17f90 ("mmc: sdhci-brcmstb: Add support for Command Queuing (CQE)") Cc: stable(a)vger.kernel.org Signed-off-by: Kamal Dasu <kamal.dasu(a)broadcom.com> --- drivers/mmc/host/sdhci-brcmstb.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c index 0ef4d578ade8..bf55a9185eb6 100644 --- a/drivers/mmc/host/sdhci-brcmstb.c +++ b/drivers/mmc/host/sdhci-brcmstb.c @@ -505,6 +505,12 @@ static int sdhci_brcmstb_suspend(struct device *dev) struct sdhci_brcmstb_priv *priv = sdhci_pltfm_priv(pltfm_host); clk_disable_unprepare(priv->base_clk); + if (host->mmc->caps2 & MMC_CAP2_CQE) { + ret = cqhci_suspend(host->mmc); + if (ret) + return ret; + } + return sdhci_pltfm_suspend(dev); } @@ -529,6 +535,9 @@ static int sdhci_brcmstb_resume(struct device *dev) ret = clk_set_rate(priv->base_clk, priv->base_freq_hz); } + if (host->mmc->caps2 & MMC_CAP2_CQE) + ret = cqhci_resume(host->mmc); + return ret; } #endif -- 2.17.1

6 months, 1 week

2
2
0 0

[PATCH] fpga: bridge: incorrect set to clear freeze_illegal_request register

by Tanmay Kathpalia

A Partial Region Controller can be connected to one or more Freeze Bridge. Each Freeze Bridge has an illegal_request bit represented in the freeze_illegal_request register. Thus, instead of just set to clear the illegal_request bit for first Freeze Bridge, we need to ensure the set to clear action is applied to which ever Freeze Bridge that has occurrence of illegal request. Fixes: ca24a648f535 ("fpga: add altera freeze bridge support") Signed-off-by: Chiau Ee Chew <chiau.ee.chew(a)intel.com> Signed-off-by: Tanmay Kathpalia <tanmay.kathpalia(a)altera.com> --- drivers/fpga/altera-freeze-bridge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/fpga/altera-freeze-bridge.c b/drivers/fpga/altera-freeze-bridge.c index 594693ff786e..23e8b2b54355 100644 --- a/drivers/fpga/altera-freeze-bridge.c +++ b/drivers/fpga/altera-freeze-bridge.c @@ -52,7 +52,7 @@ static int altera_freeze_br_req_ack(struct altera_freeze_br_data *priv, if (illegal) { dev_err(dev, "illegal request detected 0x%x", illegal); - writel(1, csr_illegal_req_addr); + writel(illegal, csr_illegal_req_addr); illegal = readl(csr_illegal_req_addr); if (illegal) -- 2.19.0

6 months, 1 week

2
1
0 0

[PATCH net v3] qlcnic: fix memory leak issues in qlcnic_sriov_common.c

by Haoxiang Li

Add qlcnic_sriov_free_vlans() in qlcnic_sriov_alloc_vlans() if any sriov_vlans fails to be allocated. Add qlcnic_sriov_free_vlans() to free the memory allocated by qlcnic_sriov_alloc_vlans() if "sriov->allowed_vlans" fails to be allocated. Fixes: 91b7282b613d ("qlcnic: Support VLAN id config.") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v3: - Handle allocation errors in qlcnic_sriov_alloc_vlans() - Modify the patch title and description. There's one more thing I'm confused about: I'm not sure if the fixes-tag is correct, because I noticed that the two modifications correspond to different commits. Should I split them into two separate patch submissions? Thanks, Paolo! Changes in v2: - Add qlcnic_sriov_free_vlans() if qlcnic_sriov_alloc_vlans() fails. - Modify the patch description. vf_info was allocated by kcalloc, no need to do more checks cause kfree(NULL) is safe. Thanks, Paolo! --- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c index f9dd50152b1e..28d24d59efb8 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c @@ -454,8 +454,10 @@ static int qlcnic_sriov_set_guest_vlan_mode(struct qlcnic_adapter *adapter, num_vlans = sriov->num_allowed_vlans; sriov->allowed_vlans = kcalloc(num_vlans, sizeof(u16), GFP_KERNEL); - if (!sriov->allowed_vlans) + if (!sriov->allowed_vlans) { + qlcnic_sriov_free_vlans(adapter); return -ENOMEM; + } vlans = (u16 *)&cmd->rsp.arg[3]; for (i = 0; i < num_vlans; i++) @@ -2167,8 +2169,10 @@ int qlcnic_sriov_alloc_vlans(struct qlcnic_adapter *adapter) vf = &sriov->vf_info[i]; vf->sriov_vlans = kcalloc(sriov->num_allowed_vlans, sizeof(*vf->sriov_vlans), GFP_KERNEL); - if (!vf->sriov_vlans) + if (!vf->sriov_vlans) { + qlcnic_sriov_free_vlans(adapter); return -ENOMEM; + } } return 0; -- 2.25.1

6 months, 1 week

2
1
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) in vmlinux (Makefile:1212) [logspec:kbuild,kbuild.other]

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- in vmlinux (Makefile:1212) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/issue/maestro:d5c2be698989c7de46471109aae8df0339b713… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: a0e8dfa03993fda7b4d4b696c50f69726522abba Log excerpt: ===================================================== .lds In file included from ./include/linux/kernel.h:15, net/ipv6/udp.c: In function ‘udp_v6_send_skb’: ./include/linux/minmax.h:20:35: warning: comparison of distinct pointer types lacks a cast ./include/linux/minmax.h:26:18: note: in expansion of macro ‘__typecheck’ ./include/linux/minmax.h:36:31: note: in expansion of macro ‘__safe_cmp’ ./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’ net/ipv6/udp.c:1213:28: note: in expansion of macro ‘min’ In file included from ./include/linux/uaccess.h:7, net/ipv4/udp.c: In function ‘udp_send_skb’: ./include/linux/minmax.h:20:35: warning: comparison of distinct pointer types lacks a cast ./include/linux/minmax.h:26:18: note: in expansion of macro ‘__typecheck’ ./include/linux/minmax.h:36:31: note: in expansion of macro ‘__safe_cmp’ ./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’ net/ipv4/udp.c:926:28: note: in expansion of macro ‘min’ FAILED unresolved symbol filp_close ===================================================== # Builds where the incident occurred: ## cros://chromeos-5.10/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67ceffea18018371957ebdc0 #kernelci issue maestro:d5c2be698989c7de46471109aae8df0339b713c1 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 1 week

2
1
0 0

queue-5.10: Panic on shutdown at platform_shutdown+0x9

by Chuck Lever

Hi - For the past 3-4 days, NFSD CI runs on queue-5.10.y have been failing. I looked into it today, and the test guest fails to reboot because it panics during a reboot shutdown: [ 146.793087] BUG: unable to handle page fault for address: ffffffffffffffe8 [ 146.793918] #PF: supervisor read access in kernel mode [ 146.794544] #PF: error_code(0x0000) - not-present page [ 146.795172] PGD 3d5c14067 P4D 3d5c15067 PUD 3d5c17067 PMD 0 [ 146.795865] Oops: 0000 [#1] SMP NOPTI [ 146.796326] CPU: 3 PID: 1 Comm: systemd-shutdow Not tainted 5.10.234-g99349f441fe1 #1 [ 146.797256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [ 146.798267] RIP: 0010:platform_shutdown+0x9/0x20 [ 146.798838] Code: b7 46 08 c3 cc cc cc cc 31 c0 83 bf a8 02 00 00 ff 75 ec c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 68 <48> 8b 40 e8 48 85 c0 74 09 48 83 ef 10 ff e0 0f 1f 00 c3 cc cc cc [ 146.801012] RSP: 0018:ff7f86f440013de0 EFLAGS: 00010246 [ 146.801651] RAX: 0000000000000000 RBX: ff4f0637469df418 RCX: 0000000000000000 [ 146.802500] RDX: 0000000000000001 RSI: ff4f0637469df418 RDI: ff4f0637469df410 [ 146.803350] RBP: ffffffffb2e79220 R08: ff4f0637469dd808 R09: ffffffffb2c5c698 [ 146.804203] R10: 0000000000000000 R11: 0000000000000000 R12: ff4f0637469df410 [ 146.805059] R13: ff4f0637469df490 R14: 00000000fee1dead R15: 0000000000000000 [ 146.805909] FS: 00007f4e7ecc6b80(0000) GS:ff4f063aafd80000(0000) knlGS:0000000000000000 [ 146.806866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.807558] CR2: ffffffffffffffe8 CR3: 000000010ecb2001 CR4: 0000000000771ee0 [ 146.808412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.809262] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.810109] PKRU: 55555554 [ 146.810460] Call Trace: [ 146.810791] ? __die_body.cold+0x1a/0x1f [ 146.811282] ? no_context.constprop.0+0xf8/0x2f0 [ 146.811854] ? exc_page_fault+0xc5/0x150 [ 146.812342] ? asm_exc_page_fault+0x1e/0x30 [ 146.812862] ? platform_shutdown+0x9/0x20 [ 146.813362] device_shutdown+0x158/0x1c0 [ 146.813853] __do_sys_reboot.cold+0x2f/0x5b [ 146.814370] ? vfs_writev+0x9b/0x110 [ 146.814824] ? do_writev+0x57/0xf0 [ 146.815254] do_syscall_64+0x30/0x40 [ 146.815708] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Let me know how to further assist. -- Chuck Lever

6 months, 1 week

3
8
0 0

[PATCH v2 1/2] PCI: Forcefully set the PCI_REASSIGN_ALL_BUS flag for Marvell CN96XX/CN10XXX boards

by Bo Sun

---8<--- Changes in v2: - Added explicit comment about the quirk, as requested by Mani. - Made commit message more clear, as requested by Bjorn. ---8<--- On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 CPU: 22 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc6 #20 Hardware name: Marvell OcteonTX CN96XX board (DT) pc : of_pci_add_properties+0x278/0x4c8 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x228 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x130/0x1b0 platform_probe+0x70/0xf0 The dmesg logs indicated that the PCI bridge was scanning with an invalid bus range: pci-host-generic 878020000000.pci: PCI host bridge to bus 0002:00 pci_bus 0002:00: root bus resource [bus 00-ff] pci 0002:00:00.0: scanning [bus f9-f9] behind bridge, pass 0 pci 0002:00:01.0: scanning [bus fa-fa] behind bridge, pass 0 pci 0002:00:02.0: scanning [bus fb-fb] behind bridge, pass 0 pci 0002:00:03.0: scanning [bus fc-fc] behind bridge, pass 0 pci 0002:00:04.0: scanning [bus fd-fd] behind bridge, pass 0 pci 0002:00:05.0: scanning [bus fe-fe] behind bridge, pass 0 pci 0002:00:06.0: scanning [bus ff-ff] behind bridge, pass 0 pci 0002:00:07.0: scanning [bus 00-00] behind bridge, pass 0 pci 0002:00:07.0: bridge configuration invalid ([bus 00-00]), reconfiguring pci 0002:00:08.0: scanning [bus 01-01] behind bridge, pass 0 pci 0002:00:09.0: scanning [bus 02-02] behind bridge, pass 0 pci 0002:00:0a.0: scanning [bus 03-03] behind bridge, pass 0 pci 0002:00:0b.0: scanning [bus 04-04] behind bridge, pass 0 pci 0002:00:0c.0: scanning [bus 05-05] behind bridge, pass 0 pci 0002:00:0d.0: scanning [bus 06-06] behind bridge, pass 0 pci 0002:00:0e.0: scanning [bus 07-07] behind bridge, pass 0 pci 0002:00:0f.0: scanning [bus 08-08] behind bridge, pass 0 This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 0002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was not enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 0002:00:07.0 bridge. The kernel attempt to reconfigure 0002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 0002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to set the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is not enabled in order to work around issue like the one described above. Cc: stable(a)vger.kernel.org Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- drivers/pci/quirks.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 82b21e34c545..cec58c7479e1 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -6181,6 +6181,23 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1536, rom_bar_overlap_defect); DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1537, rom_bar_overlap_defect); DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1538, rom_bar_overlap_defect); +/* + * Quirk for Marvell CN96XX/CN10XXX boards: + * + * Adds PCI_REASSIGN_ALL_BUS unless PCI_PROBE_ONLY is set, forcing bus number + * reassignment to avoid conflicts caused by bootloader misconfigured PCI bridges. + * + * This resolves a regression introduced by commit 7246a4520b4b ("PCI: Use + * preserve_config in place of pci_flags"), which removed this behavior. + */ +static void quirk_marvell_cn96xx_cn10xxx_reassign_all_busnr(struct pci_dev *dev) +{ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); +} +DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_CAVIUM, 0xa002, + quirk_marvell_cn96xx_cn10xxx_reassign_all_busnr); + #ifdef CONFIG_PCIEASPM /* * Several Intel DG2 graphics devices advertise that they can only tolerate -- 2.48.1

6 months, 1 week

1
1
0 0

[PATCH v9] arm64: mm: Populate vmemmap at the page level if not section aligned

by Zhenhua Huang

On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. The first problem is that if start or end is not aligned to a section boundary, such as when a subsection is hot added, populating the entire section is wasteful. The next problem is if we hotplug something that spans part of 128 MiB section (subsections, let's call it memblock1), and then hotplug something that spans another part of a 128 MiB section(subsections, let's call it memblock2), and subsequently unplug memblock1, vmemmap_free() will clear the entire PMD entry which also supports memblock2 even though memblock2 is still active. Assuming hotplug/unplug sizes are guaranteed to be symmetric. Do the fix similar to x86-64: populate to pages levels if start/end is not aligned with section boundary. Cc: <stable(a)vger.kernel.org> # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> --- arch/arm64/mm/mmu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index b4df5bc5b1b8..1dfe1a8efdbe 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1177,8 +1177,11 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); + /* [start, end] should be within one section */ + WARN_ON_ONCE(end - start > PAGES_PER_SECTION * sizeof(struct page)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || + (end - start < PAGES_PER_SECTION * sizeof(struct page))) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap); -- 2.25.1

6 months, 1 week

4
3
0 0

[PATCH] media: ov08x40: Extend sleep after reset to 5 ms

by Hans de Goede

Some users are reporting that ov08x40_identify_module() fails to identify the chip reading 0x00 as value for OV08X40_REG_CHIP_ID. Intel's out of tree IPU6 drivers include some ov08x40 changes including adding support for the reset GPIO for older kernels and Intel's patch for this uses 5 ms. Extend the sleep to 5 ms following Intel's example, this fixes the ov08x40_identify_module() problem. Link: https://github.com/intel/ipu6-drivers/blob/c09e2198d801e1eb701984d294837312… Fixes: df1ae2251a50 ("media: ov08x40: Add OF probe support") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/media/i2c/ov08x40.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/ov08x40.c b/drivers/media/i2c/ov08x40.c index cf0e41fc3071..54575eea3c49 100644 --- a/drivers/media/i2c/ov08x40.c +++ b/drivers/media/i2c/ov08x40.c @@ -1341,7 +1341,7 @@ static int ov08x40_power_on(struct device *dev) } gpiod_set_value_cansleep(ov08x->reset_gpio, 0); - usleep_range(1500, 1800); + usleep_range(5000, 5500); return 0; -- 2.48.1

6 months, 1 week

2
1
0 0

Re: [PATCH] parport: Add Brainboxes XC cards.

by Cameron Williams

Cc'ing stable Cc: stable(a)vger.kernel.org On 10 March 2025 22:25:08 GMT, Cameron Williams <cang1(a)live.co.uk> wrote: >Add ExpressCard parport cards. > >Signed-off-by: Cameron Williams <cang1(a)live.co.uk> >--- > drivers/parport/parport_pc.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c >index f33b5d1dd..787e894bb 100644 >--- a/drivers/parport/parport_pc.c >+++ b/drivers/parport/parport_pc.c >@@ -2854,6 +2854,12 @@ static const struct pci_device_id parport_pc_pci_tbl[] = { > /* Brainboxes PX-475 */ > { PCI_VENDOR_ID_INTASHIELD, 0x401f, > PCI_ANY_ID, PCI_ANY_ID, 0, 0, oxsemi_pcie_pport }, >+ /* Brainboxes XC-157 */ >+ { PCI_VENDOR_ID_INTASHIELD, 0x4020, >+ PCI_ANY_ID, PCI_ANY_ID, 0, 0, oxsemi_pcie_pport }, >+ /* Brainboxes XC-475 */ >+ { PCI_VENDOR_ID_INTASHIELD, 0x4022, >+ PCI_ANY_ID, PCI_ANY_ID, 0, 0, oxsemi_pcie_pport }, > { 0, } /* terminate list */ > }; > MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl);

6 months, 1 week

2
1
0 0

Re: [PATCH] tty: serial: 8250: Add Brainboxes XC devices

by Greg KH

On Tue, Mar 11, 2025 at 06:54:00AM +0000, Cameron Williams wrote: > Cc'ing stable > > Cc: stable(a)vger.kernel.org > <formletter> This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html for how to do this properly. </formletter>

6 months, 1 week

1
0
0 0

Re: [PATCH] tty: serial: 8250: Add Brainboxes XC devices

by Cameron Williams

Cc'ing stable Cc: stable(a)vger.kernel.org On 10 March 2025 22:27:10 GMT, Cameron Williams <cang1(a)live.co.uk> wrote: >These ExpressCard devices use the OxPCIE chip and can be used with >this driver. > >Signed-off-by: Cameron Williams <cang1(a)live.co.uk> >--- > drivers/tty/serial/8250/8250_pci.c | 30 ++++++++++++++++++++++++++++++ > 1 file changed, 30 insertions(+) > >diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c >index df4d0d832..911774fb8 100644 >--- a/drivers/tty/serial/8250/8250_pci.c >+++ b/drivers/tty/serial/8250/8250_pci.c >@@ -2727,6 +2727,22 @@ static struct pci_serial_quirk pci_serial_quirks[] = { > .init = pci_oxsemi_tornado_init, > .setup = pci_oxsemi_tornado_setup, > }, >+ { >+ .vendor = PCI_VENDOR_ID_INTASHIELD, >+ .device = 0x4026, >+ .subvendor = PCI_ANY_ID, >+ .subdevice = PCI_ANY_ID, >+ .init = pci_oxsemi_tornado_init, >+ .setup = pci_oxsemi_tornado_setup, >+ }, >+ { >+ .vendor = PCI_VENDOR_ID_INTASHIELD, >+ .device = 0x4021, >+ .subvendor = PCI_ANY_ID, >+ .subdevice = PCI_ANY_ID, >+ .init = pci_oxsemi_tornado_init, >+ .setup = pci_oxsemi_tornado_setup, >+ }, > { > .vendor = PCI_VENDOR_ID_INTEL, > .device = 0x8811, >@@ -5599,6 +5615,20 @@ static const struct pci_device_id serial_pci_tbl[] = { > PCI_ANY_ID, PCI_ANY_ID, > 0, 0, > pbn_oxsemi_1_15625000 }, >+ /* >+ * Brainboxes XC-235 >+ */ >+ { PCI_VENDOR_ID_INTASHIELD, 0x4026, >+ PCI_ANY_ID, PCI_ANY_ID, >+ 0, 0, >+ pbn_oxsemi_1_15625000 }, >+ /* >+ * Brainboxes XC-475 >+ */ >+ { PCI_VENDOR_ID_INTASHIELD, 0x4021, >+ PCI_ANY_ID, PCI_ANY_ID, >+ 0, 0, >+ pbn_oxsemi_1_15625000 }, > > /* > * Perle PCI-RAS cards

6 months, 1 week

1
0
0 0

[PATCH V4] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v3 -> v4: Improve commit message and add code comments (Philipp) v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..da00572d7d42 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,16 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + /* + * Adding callback above failed. + * dma_fence_put() checks for NULL. + */ + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

6 months, 1 week

1
0
0 0

+ memcg-drain-obj-stock-on-cpu-hotplug-teardown.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: memcg: drain obj stock on cpu hotplug teardown has been added to the -mm mm-hotfixes-unstable branch. Its filename is memcg-drain-obj-stock-on-cpu-hotplug-teardown.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Shakeel Butt <shakeel.butt(a)linux.dev> Subject: memcg: drain obj stock on cpu hotplug teardown Date: Mon, 10 Mar 2025 16:09:34 -0700 Currently on cpu hotplug teardown, only memcg stock is drained but we need to drain the obj stock as well otherwise we will miss the stats accumulated on the target cpu as well as the nr_bytes cached. The stats include MEMCG_KMEM, NR_SLAB_RECLAIMABLE_B & NR_SLAB_UNRECLAIMABLE_B. In addition we are leaking reference to struct obj_cgroup object. Link: https://lkml.kernel.org/r/20250310230934.2913113-1-shakeel.butt@linux.dev Fixes: bf4f059954dc ("mm: memcg/slab: obj_cgroup API") Signed-off-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memcontrol.c~memcg-drain-obj-stock-on-cpu-hotplug-teardown +++ a/mm/memcontrol.c @@ -1921,9 +1921,18 @@ void drain_all_stock(struct mem_cgroup * static int memcg_hotplug_cpu_dead(unsigned int cpu) { struct memcg_stock_pcp *stock; + struct obj_cgroup *old; + unsigned long flags; stock = &per_cpu(memcg_stock, cpu); + + /* drain_obj_stock requires stock_lock */ + local_lock_irqsave(&memcg_stock.stock_lock, flags); + old = drain_obj_stock(stock); + local_unlock_irqrestore(&memcg_stock.stock_lock, flags); + drain_stock(stock); + obj_cgroup_put(old); return 0; } _ Patches currently in -mm which might be from shakeel.butt(a)linux.dev are memcg-drain-obj-stock-on-cpu-hotplug-teardown.patch memcg-add-hierarchical-effective-limits-for-v2.patch memcg-dont-call-propagate_protected_usage-for-v1.patch page_counter-track-failcnt-only-for-legacy-cgroups.patch page_counter-reduce-struct-page_counter-size.patch memcg-bypass-root-memcg-check-for-skmem-charging.patch

6 months, 1 week

1
0
0 0

+ mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: drop beyond-EOF folios with the right number of refs. has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: mm/huge_memory: drop beyond-EOF folios with the right number of refs. Date: Mon, 10 Mar 2025 11:57:27 -0400 When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed. Link: https://lkml.kernel.org/r/20250310155727.472846-1-ziy@nvidia.com Fixes: c010d47f107f ("mm: thp: split huge page to any lower order pages") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: Hugh Dickins <hughd(a)google.com> Closes: https://lore.kernel.org/all/fcbadb7f-dd3e-21df-f9a7-2853b53183c4@google.com/ Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Kirill A. Shuemov <kirill.shutemov(a)linux.intel.com> Cc: Luis Chamberalin <mcgrof(a)kernel.org> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Pankaj Raghav <p.raghav(a)samsung.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs +++ a/mm/huge_memory.c @@ -3304,7 +3304,7 @@ static void __split_huge_page(struct pag folio_account_cleaned(tail, inode_to_wb(folio->mapping->host)); __filemap_remove_folio(tail, NULL); - folio_put(tail); + folio_put_refs(tail, folio_nr_pages(tail)); } else if (!folio_test_anon(folio)) { __xa_store(&folio->mapping->i_pages, tail->index, tail, 0); _ Patches currently in -mm which might be from ziy(a)nvidia.com are mm-migrate-fix-shmem-xarray-update-during-migration.patch mm-huge_memory-drop-beyond-eof-folios-with-the-right-number-of-refs.patch selftests-mm-make-file-backed-thp-split-work-by-writing-pmd-size-data.patch mm-huge_memory-allow-split-shmem-large-folio-to-any-lower-order.patch selftests-mm-test-splitting-file-backed-thp-to-any-lower-order.patch xarray-add-xas_try_split-to-split-a-multi-index-entry.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split.patch mm-huge_memory-add-two-new-not-yet-used-functions-for-folio_split-fix.patch mm-huge_memory-move-folio-split-common-code-to-__folio_split.patch mm-huge_memory-add-buddy-allocator-like-non-uniform-folio_split.patch mm-huge_memory-remove-the-old-unused-__split_huge_page.patch mm-huge_memory-add-folio_split-to-debugfs-testing-interface.patch mm-truncate-use-folio_split-in-truncate-operation.patch selftests-mm-add-tests-for-folio_split-buddy-allocator-like-split.patch mm-filemap-use-xas_try_split-in-__filemap_add_folio.patch mm-shmem-use-xas_try_split-in-shmem_split_large_entry.patch

6 months, 1 week

1
0
0 0

+ mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 has been added to the -mm mm-unstable branch. Its filename is mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 Date: Mon, 10 Mar 2025 20:50:34 +0000 Patch series "refactor mremap and fix bug", v3. The existing mremap() logic has grown organically over a very long period of time, resulting in code that is in many parts, very difficult to follow and full of subtleties and sources of confusion. In addition, it is difficult to thread state through the operation correctly, as function arguments have expanded, some parameters are expected to be temporarily altered during the operation, others are intended to remain static and some can be overridden. This series completely refactors the mremap implementation, sensibly separating functions, adding comments to explain the more subtle aspects of the implementation and making use of small structs to thread state through everything. The reason for doing so is to lay the groundwork for planned future changes to the mremap logic, changes which require the ability to easily pass around state. Additionally, it would be unhelpful to add yet more logic to code that is already difficult to follow without first refactoring it like this. The first patch in this series additionally fixes a bug when a VMA with start address zero is partially remapped. Tested on real hardware under heavy workload and all self tests are passing. This patch (of 3): Consider the case of a partial mremap() (that results in a VMA split) of an accountable VMA (i.e. which has the VM_ACCOUNT flag set) whose start address is zero, with the MREMAP_MAYMOVE flag specified and a scenario where a move does in fact occur: addr end | | v v |-------------| | vma | |-------------| 0 This move is affected by unmapping the range [addr, end). In order to prevent an incorrect decrement of accounted memory which has already been determined, the mremap() code in move_vma() clears VM_ACCOUNT from the VMA prior to doing so, before reestablishing it in each of the VMAs post-split: addr end | | v v |---| |---| | A | | B | |---| |---| Commit 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") changed this logic such as to determine whether there is a need to do so by establishing account_start and account_end and, in the instance where such an operation is required, assigning them to vma->vm_start and vma->vm_end. Later the code checks if the operation is required for 'A' referenced above thusly: if (account_start) { ... } However, if the VMA described above has vma->vm_start == 0, which is now assigned to account_start, this branch will not be executed. As a result, the VMA 'A' above will remain stripped of its VM_ACCOUNT flag, incorrectly. The fix is to simply convert these variables to booleans and set them as required. Link: https://lkml.kernel.org/r/cover.1741639347.git.lorenzo.stoakes@oracle.com Link: https://lkml.kernel.org/r/dc55cb6db25d97c3d9e460de4986a323fa959676.17416393… Fixes: 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/mm/mremap.c~mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0 +++ a/mm/mremap.c @@ -705,8 +705,8 @@ static unsigned long move_vma(struct vm_ unsigned long vm_flags = vma->vm_flags; unsigned long new_pgoff; unsigned long moved_len; - unsigned long account_start = 0; - unsigned long account_end = 0; + bool account_start = false; + bool account_end = false; unsigned long hiwater_vm; int err = 0; bool need_rmap_locks; @@ -790,9 +790,9 @@ static unsigned long move_vma(struct vm_ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) { vm_flags_clear(vma, VM_ACCOUNT); if (vma->vm_start < old_addr) - account_start = vma->vm_start; + account_start = true; if (vma->vm_end > old_addr + old_len) - account_end = vma->vm_end; + account_end = true; } /* @@ -832,7 +832,7 @@ static unsigned long move_vma(struct vm_ /* OOM: unable to split vma, just get accounts right */ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) vm_acct_memory(old_len >> PAGE_SHIFT); - account_start = account_end = 0; + account_start = account_end = false; } if (vm_flags & VM_LOCKED) { _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-simplify-vma-merge-structure-and-expand-comments.patch mm-further-refactor-commit_merge.patch mm-eliminate-adj_start-parameter-from-commit_merge.patch mm-make-vmg-target-consistent-and-further-simplify-commit_merge.patch mm-completely-abstract-unnecessary-adj_start-calculation.patch mm-madvise-split-out-mmap-locking-operations-for-madvise-fix.patch mm-use-read-write_once-for-vma-vm_flags-on-migrate-mprotect.patch mm-refactor-rmap_walk_file-to-separate-out-traversal-logic.patch mm-provide-mapping_wrprotect_range-function.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields-fix.patch mm-allow-guard-regions-in-file-backed-and-read-only-mappings.patch selftests-mm-rename-guard-pages-to-guard-regions.patch selftests-mm-rename-guard-pages-to-guard-regions-fix.patch tools-selftests-expand-all-guard-region-tests-to-file-backed.patch tools-selftests-add-file-shmem-backed-mapping-guard-region-tests.patch fs-proc-task_mmu-add-guard-region-bit-to-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap-fix.patch mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch mm-mremap-refactor-mremap-system-call-implementation.patch mm-mremap-introduce-and-use-vma_remap_struct-threaded-state.patch mm-mremap-initial-refactor-of-move_vma.patch mm-mremap-complete-refactor-of-move_vma.patch mm-mremap-refactor-move_page_tables-abstracting-state.patch mm-mremap-thread-state-through-move-page-table-operation.patch

6 months, 1 week

1
0
0 0

[PATCH] drm/dp_mst: Fix locking when skipping CSN before topology probing

by Imre Deak

The handling of the MST Connection Status Notify message is skipped if the probing of the topology is still pending. Acquiring the drm_dp_mst_topology_mgr::probe_lock for this in drm_dp_mst_handle_up_req() is problematic: the task/work this function is called from is also responsible for handling MST down-request replies (in drm_dp_mst_handle_down_rep()). Thus drm_dp_mst_link_probe_work() - holding already probe_lock - could be blocked waiting for an MST down-request reply while drm_dp_mst_handle_up_req() is waiting for probe_lock while processing a CSN message. This leads to the probe work's down-request message timing out. A scenario similar to the above leading to a down-request timeout is handling a CSN message in drm_dp_mst_handle_conn_stat(), holding the probe_lock and sending down-request messages while a second CSN message sent by the sink subsequently is handled by drm_dp_mst_handle_up_req(). Fix the above by moving the logic to skip the CSN handling to drm_dp_mst_process_up_req(). This function is called from a work (separate from the task/work handling new up/down messages), already holding probe_lock. This solves the above timeout issue, since handling of down-request replies won't be blocked by probe_lock. Fixes: ddf983488c3e ("drm/dp_mst: Skip CSN if topology probing is not done yet") Cc: Wayne Lin <Wayne.Lin(a)amd.com> Cc: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 8b68bb3fbffb0..3a1f1ffc7b552 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -4036,6 +4036,22 @@ static int drm_dp_mst_handle_down_rep(struct drm_dp_mst_topology_mgr *mgr) return 0; } +static bool primary_mstb_probing_is_done(struct drm_dp_mst_topology_mgr *mgr) +{ + bool probing_done = false; + + mutex_lock(&mgr->lock); + + if (mgr->mst_primary && drm_dp_mst_topology_try_get_mstb(mgr->mst_primary)) { + probing_done = mgr->mst_primary->link_address_sent; + drm_dp_mst_topology_put_mstb(mgr->mst_primary); + } + + mutex_unlock(&mgr->lock); + + return probing_done; +} + static inline bool drm_dp_mst_process_up_req(struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_pending_up_req *up_req) @@ -4066,8 +4082,12 @@ drm_dp_mst_process_up_req(struct drm_dp_mst_topology_mgr *mgr, /* TODO: Add missing handler for DP_RESOURCE_STATUS_NOTIFY events */ if (msg->req_type == DP_CONNECTION_STATUS_NOTIFY) { - dowork = drm_dp_mst_handle_conn_stat(mstb, &msg->u.conn_stat); - hotplug = true; + if (!primary_mstb_probing_is_done(mgr)) { + drm_dbg_kms(mgr->dev, "Got CSN before finish topology probing. Skip it.\n"); + } else { + dowork = drm_dp_mst_handle_conn_stat(mstb, &msg->u.conn_stat); + hotplug = true; + } } drm_dp_mst_topology_put_mstb(mstb); @@ -4149,10 +4169,11 @@ static int drm_dp_mst_handle_up_req(struct drm_dp_mst_topology_mgr *mgr) drm_dp_send_up_ack_reply(mgr, mst_primary, up_req->msg.req_type, false); + drm_dp_mst_topology_put_mstb(mst_primary); + if (up_req->msg.req_type == DP_CONNECTION_STATUS_NOTIFY) { const struct drm_dp_connection_status_notify *conn_stat = &up_req->msg.u.conn_stat; - bool handle_csn; drm_dbg_kms(mgr->dev, "Got CSN: pn: %d ldps:%d ddps: %d mcs: %d ip: %d pdt: %d\n", conn_stat->port_number, @@ -4161,16 +4182,6 @@ static int drm_dp_mst_handle_up_req(struct drm_dp_mst_topology_mgr *mgr) conn_stat->message_capability_status, conn_stat->input_port, conn_stat->peer_device_type); - - mutex_lock(&mgr->probe_lock); - handle_csn = mst_primary->link_address_sent; - mutex_unlock(&mgr->probe_lock); - - if (!handle_csn) { - drm_dbg_kms(mgr->dev, "Got CSN before finish topology probing. Skip it."); - kfree(up_req); - goto out_put_primary; - } } else if (up_req->msg.req_type == DP_RESOURCE_STATUS_NOTIFY) { const struct drm_dp_resource_status_notify *res_stat = &up_req->msg.u.resource_stat; @@ -4185,9 +4196,6 @@ static int drm_dp_mst_handle_up_req(struct drm_dp_mst_topology_mgr *mgr) list_add_tail(&up_req->next, &mgr->up_req_list); mutex_unlock(&mgr->up_req_lock); queue_work(system_long_wq, &mgr->up_req_work); - -out_put_primary: - drm_dp_mst_topology_put_mstb(mst_primary); out_clear_reply: reset_msg_rx_state(&mgr->up_req_recv); return ret; -- 2.44.2

6 months, 1 week

3
5
0 0

[5.4/5.10/5.15/6.1/6.6] spi-mxs: Fix chipselect glitch

by Stefan Wahren

Dear stable team, I noticed that ceeeb99cd821 ("dmaengine: mxs: rename custom flag") got backported, but the additional fix 269e31aecdd0 ("spi-mxs: Fix chipselect glitch") hasn't. I think was caused by the lack of Cc to stable. Without the latter patch the SPI is causing glitches on MXS platform. Please backport it from 5.4 to 6.6. Thanks Stefan

6 months, 1 week

2
2
0 0

[PATCH 1/2] regulator: dummy: force synchronous probing

by Christian Eggers

Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously. Cc: stable(a)vger.kernel.org Fixes: 259b93b21a9f ("regulator: Set PROBE_PREFER_ASYNCHRONOUS for drivers that existed in 4.14") Signed-off-by: Christian Eggers <ceggers(a)arri.de> --- drivers/regulator/dummy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/regulator/dummy.c b/drivers/regulator/dummy.c index 5b9b9e4e762d..9f59889129ab 100644 --- a/drivers/regulator/dummy.c +++ b/drivers/regulator/dummy.c @@ -60,7 +60,7 @@ static struct platform_driver dummy_regulator_driver = { .probe = dummy_regulator_probe, .driver = { .name = "reg-dummy", - .probe_type = PROBE_PREFER_ASYNCHRONOUS, + .probe_type = PROBE_FORCE_SYNCHRONOUS, }, }; -- 2.43.0

6 months, 1 week

3
4
0 0

[PATCH 2/3] usb: chipidea: ci_hdrc_imx: disable regulator on error path in probe

by Fedor Pchelkin

Upon encountering errors during the HSIC pinctrl handling section the regulator should be disabled. After the above-stated changes it is possible to jump onto "disable_hsic_regulator" label without having added the CPU latency QoS request previously. This would result in cpu_latency_qos_remove_request() yielding a WARNING. So rearrange the error handling path to follow the reverse order of different probing phases. Found by Linux Verification Center (linuxtesting.org). Fixes: 4d6141288c33 ("usb: chipidea: imx: pinctrl for HSIC is optional") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/usb/chipidea/ci_hdrc_imx.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 619779eef333..3f11ae071c7f 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -407,13 +407,13 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) "pinctrl_hsic_idle lookup failed, err=%ld\n", PTR_ERR(pinctrl_hsic_idle)); ret = PTR_ERR(pinctrl_hsic_idle); - goto err_put; + goto disable_hsic_regulator; } ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle); if (ret) { dev_err(dev, "hsic_idle select failed, err=%d\n", ret); - goto err_put; + goto disable_hsic_regulator; } data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl, @@ -423,7 +423,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) "pinctrl_hsic_active lookup failed, err=%ld\n", PTR_ERR(data->pinctrl_hsic_active)); ret = PTR_ERR(data->pinctrl_hsic_active); - goto err_put; + goto disable_hsic_regulator; } } @@ -432,11 +432,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_get_clks(dev); if (ret) - goto disable_hsic_regulator; + goto qos_remove_request; ret = imx_prepare_enable_clks(dev); if (ret) - goto disable_hsic_regulator; + goto qos_remove_request; ret = clk_prepare_enable(data->clk_wakeup); if (ret) @@ -526,12 +526,13 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk: imx_disable_unprepare_clks(dev); +qos_remove_request: + if (pdata.flags & CI_HDRC_PMQOS) + cpu_latency_qos_remove_request(&data->pm_qos_req); disable_hsic_regulator: if (data->hsic_pad_regulator) /* don't overwrite original ret (cf. EPROBE_DEFER) */ regulator_disable(data->hsic_pad_regulator); - if (pdata.flags & CI_HDRC_PMQOS) - cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; err_put: if (data->usbmisc_data) -- 2.48.1

6 months, 1 week

2
2
0 0

[PATCH 6.1.y] KVM: selftests: Fix build error due to assert in dirty_log_test

by Andrey Kalachev

Hi all. Please apply that forgotten patch to fix v6.1 KVM selftests broken build. Origin of the patch can be founded here [1] Regards, AK [1] https://lore.kernel.org/stable/20240403164230.1722018-1-rananta@google.com/ -- 2.30.2

6 months, 1 week

1
1
0 0

Re: Patch "drm/i915: Plumb 'dsb' all way to the plane hooks" has been added to the 6.12-stable tree

by Ville Syrjälä

On Sun, Mar 09, 2025 at 03:45:57PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/i915: Plumb 'dsb' all way to the plane hooks > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-i915-plumb-dsb-all-way-to-the-plane-hooks.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f03e7cca22f4bb50cae98840f91fcf1e6d780a54 > Author: Ville Syrjälä <ville.syrjala(a)linux.intel.com> > Date: Mon Sep 30 20:04:13 2024 +0300 > > drm/i915: Plumb 'dsb' all way to the plane hooks > > [ Upstream commit 01389846f7d61d262cc92d42ad4d1a25730e3eff ] It would help if you actually mentioned *why* you need to backport this? -- Ville Syrjälä Intel

6 months, 1 week

2
2
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) +arch/x86/events/amd/../perf_event.h:855:21: error: invalid output...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- +arch/x86/events/amd/../perf_event.h:855:21: error: invalid output size for constraint '=q' in arch/x86/events/amd/core.o (arch/x86/events/amd/core.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:d36536187d181e0823b2aa631ebf9936dd657c… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 888d41479bea1f83b835311f71a91f5e08f6c4d7 Log excerpt: ===================================================== In file included from arch/x86/events/amd/core.c:12: +arch/x86/events/amd/../perf_event.h:855:21: error: invalid output size for constraint '=q' ./include/linux/percpu-defs.h:446:2: note: expanded from macro '__this_cpu_read' 446 | raw_cpu_read(pcp); \ | ^ ./include/linux/percpu-defs.h:420:28:.. note: expanded from macro 'raw_cpu_read' 420 | #define raw_cpu_read(pcp) __pcpu_size_call_return(raw_cpu_read_, pcp) | ^ ./include/linux/percpu-defs.h:323:23: note: expanded from macro '__pcpu_size_call_return' 323 | case 4: pscr_ret__ = stem##4(variable); break; \ | ^ <scratch space>:85:1: note: expanded from here 85 | raw_cpu_read_4 | ^ ./arch/x86/include/asm/percpu.h:396:30: note: expanded from macro 'raw_cpu_read_4' 396 | #define raw_cpu_read_4(pcp) percpu_from_op(, "mov", pcp) | ^ ./arch/x86/include/asm/percpu.h:189:15: note: expanded from macro 'percpu_from_op' 189 | : "=q" (pfo_ret__) \ | ^ ....+. HDRTEST usr/include/sound/sof/tokens.h . AR init/built-in.a ..........6 errors generated. ....+..... ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67ceff2318018371957eaf29 #kernelci issue maestro:d36536187d181e0823b2aa631ebf9936dd657c55 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) ‘RISCV_ISA_EXT_XLINUXENVCFG’ undeclared (first use in this functio...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- ‘RISCV_ISA_EXT_XLINUXENVCFG’ undeclared (first use in this function); did you mean ‘RISCV_ISA_EXT_ZIFENCEI’? in arch/riscv/kernel/suspend.o (arch/riscv/kernel/suspend.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:f277022d07efdd2a5858eb44b3c3dab79cca84… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: b49d45c66a5e8cc1c82591049bfc0d04daa1e77c Log excerpt: ===================================================== arch/riscv/kernel/suspend.c:14:66: error: ‘RISCV_ISA_EXT_XLINUXENVCFG’ undeclared (first use in this function); did you mean ‘RISCV_ISA_EXT_ZIFENCEI’? 14 | if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | RISCV_ISA_EXT_ZIFENCEI arch/riscv/kernel/suspend.c:14:66: note: each undeclared identifier is reported only once for each function it appears in CC fs/proc/cpuinfo.o arch/riscv/kernel/suspend.c: In function ‘suspend_restore_csrs’: arch/riscv/kernel/suspend.c:37:66: error: ‘RISCV_ISA_EXT_XLINUXENVCFG’ undeclared (first use in this function); did you mean ‘RISCV_ISA_EXT_ZIFENCEI’? 37 | if (riscv_cpu_has_extension_unlikely(smp_processor_id(), RISCV_ISA_EXT_XLINUXENVCFG)) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | RISCV_ISA_EXT_ZIFENCEI ===================================================== # Builds where the incident occurred: ## defconfig on (riscv): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67cf00ee18018371957ec83e #kernelci issue maestro:f277022d07efdd2a5858eb44b3c3dab79cca847e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 1 week

1
0
0 0

[PATCH] mm/huge_memory: drop beyond-EOF folios with the right number of refs.

by Zi Yan

When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed. Fixes: c010d47f107f ("mm: thp: split huge page to any lower order pages") Reported-by: Hugh Dickins <hughd(a)google.com> Closes: https://lore.kernel.org/all/fcbadb7f-dd3e-21df-f9a7-2853b53183c4@google.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Zi Yan <ziy(a)nvidia.com> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 3d3ebdc002d5..373781b21e5c 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3304,7 +3304,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, folio_account_cleaned(tail, inode_to_wb(folio->mapping->host)); __filemap_remove_folio(tail, NULL); - folio_put(tail); + folio_put_refs(tail, folio_nr_pages(tail)); } else if (!folio_test_anon(folio)) { __xa_store(&folio->mapping->i_pages, tail->index, tail, 0); -- 2.47.2

6 months, 1 week

1
0
0 0

net: cadence: macb: Enable software IRQ coalescing by default

by Daniel J Blueman

The macb ethernet driver (Raspberry Pi 5) delivers interrupts only to the first core, quickly saturating it at higher packet rates. Introducing software interrupt coalescing dramatically alleviates this limitation; the oneliner fix is upstream at d57f7b45945ac0517ff8ea50655f00db6e8d637c. Please backport this fix to 6.6 -stable to bring this benefit to more Raspberry Pis; it applies cleanly on this branch. Many thanks, Daniel -- Daniel J Blueman

6 months, 1 week

2
2
0 0

[PATCH 1/3] usb: chipidea: ci_hdrc_imx: fix usbmisc handling

by Fedor Pchelkin

usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. Fixes: 74adad500346 ("usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/usb/chipidea/ci_hdrc_imx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 1a7fc638213e..619779eef333 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -534,7 +534,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; err_put: - put_device(data->usbmisc_data->dev); + if (data->usbmisc_data) + put_device(data->usbmisc_data->dev); return ret; } @@ -559,7 +560,8 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) if (data->hsic_pad_regulator) regulator_disable(data->hsic_pad_regulator); } - put_device(data->usbmisc_data->dev); + if (data->usbmisc_data) + put_device(data->usbmisc_data->dev); } static void ci_hdrc_imx_shutdown(struct platform_device *pdev) -- 2.48.1

6 months, 1 week

2
1
0 0

[PATCH V2] block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone

by Ming Lei

Make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone(), otherwise requests cloned by device-mapper multipath will not have the proper nr_integrity_segments values set, then BUG() is hit from sg_alloc_table_chained(). Fixes: b0fd271d5fba ("block: add request clone interface (v2)") Cc: stable(a)vger.kernel.org Cc: Christoph Hellwig <hch(a)infradead.org> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V2: - rewords commit log(Christoph) - add fixes tag(Christoph) block/blk-mq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index 40490ac88045..005c520d3498 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -3314,6 +3314,7 @@ int blk_rq_prep_clone(struct request *rq, struct request *rq_src, rq->special_vec = rq_src->special_vec; } rq->nr_phys_segments = rq_src->nr_phys_segments; + rq->nr_integrity_segments = rq_src->nr_integrity_segments; if (rq->bio && blk_crypto_rq_bio_prep(rq, rq->bio, gfp_mask) < 0) goto free_and_out; -- 2.47.0

6 months, 1 week

3
2
0 0

[PATCH] char: xillybus: Fix error handling in xillybus_init_chrdev()

by Ma Ke

After cdev_alloc() succeed and cdev_add() failed, call cdev_del() to remove unit->cdev from the system properly. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 8cb5d216ab33 ("char: xillybus: Move class-related functions to new xillybus_class.c") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/char/xillybus/xillybus_class.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/char/xillybus/xillybus_class.c b/drivers/char/xillybus/xillybus_class.c index c92a628e389e..045e125ec423 100644 --- a/drivers/char/xillybus/xillybus_class.c +++ b/drivers/char/xillybus/xillybus_class.c @@ -105,7 +105,7 @@ int xillybus_init_chrdev(struct device *dev, dev_err(dev, "Failed to add cdev.\n"); /* kobject_put() is normally done by cdev_del() */ kobject_put(&unit->cdev->kobj); - goto unregister_chrdev; + goto err_cdev; } for (i = 0; i < num_nodes; i++) { @@ -157,6 +157,7 @@ int xillybus_init_chrdev(struct device *dev, device_destroy(&xillybus_class, MKDEV(unit->major, i + unit->lowest_minor)); +err_cdev: cdev_del(unit->cdev); unregister_chrdev: -- 2.25.1

6 months, 1 week

2
1
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) implicit declaration of function ‘acpi_get_cache_info’; did you me...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- implicit declaration of function ‘acpi_get_cache_info’; did you mean ‘acpi_get_system_info’? [-Werror=implicit-function-declaration] in arch/riscv/kernel/cacheinfo.o (arch/riscv/kernel/cacheinfo.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:c4d70565f303a7d7450fbf5add7ca4cc80a961… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 2ae395ef666caf57984ff9d2ad7bca6be851f719 Log excerpt: ===================================================== arch/riscv/kernel/cacheinfo.c:127:23: error: implicit declaration of function ‘acpi_get_cache_info’; did you mean ‘acpi_get_system_info’? [-Werror=implicit-function-declaration] 127 | ret = acpi_get_cache_info(cpu, &fw_levels, &split_levels); | ^~~~~~~~~~~~~~~~~~~ | acpi_get_system_info cc1: some warnings being treated as errors CC arch/riscv/kernel/patch.o CC fs/proc/generic.o ===================================================== # Builds where the incident occurred: ## defconfig on (riscv): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67ced73618018371957dfa8e ## nommu_k210_defconfig on (riscv): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67ced73a18018371957dfa91 #kernelci issue maestro:c4d70565f303a7d7450fbf5add7ca4cc80a96112 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 1 week

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) implicit declaration of function ‘acpi_get_cache_info’; did you me...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- implicit declaration of function ‘acpi_get_cache_info’; did you mean ‘acpi_get_system_info’? [-Werror=implicit-function-declaration] in arch/riscv/kernel/cacheinfo.o (arch/riscv/kernel/cacheinfo.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:0f2670909ac3275cc312c3c604f3ed03443fee… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 2f9225fb6ea4ba2ad94f50f0e24bad9c353b8649 Log excerpt: ===================================================== arch/riscv/kernel/cacheinfo.c:118:23: error: implicit declaration of function ‘acpi_get_cache_info’; did you mean ‘acpi_get_system_info’? [-Werror=implicit-function-declaration] 118 | ret = acpi_get_cache_info(cpu, &fw_levels, &split_levels); | ^~~~~~~~~~~~~~~~~~~ | acpi_get_system_info arch/riscv/kernel/cacheinfo.c:140:13: error: implicit declaration of function ‘of_property_present’; did you mean ‘fwnode_property_present’? [-Werror=implicit-function-declaration] 140 | if (of_property_present(np, "cache-size")) | ^~~~~~~~~~~~~~~~~~~ | fwnode_property_present CC arch/riscv/kernel/module-sections.o CC arch/riscv/kernel/perf_regs.o cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## defconfig on (riscv): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67ced63718018371957df9ae #kernelci issue maestro:0f2670909ac3275cc312c3c604f3ed03443feecc Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 1 week

1
0
0 0

[PATCH v3 2/2] phy: freescale: imx8m-pcie: assert phy reset and perst in power off

by Stefan Eichenberger

From: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> Ensure the PHY reset and perst is asserted during power-off to guarantee it is in a reset state upon repeated power-on calls. This resolves an issue where the PHY may not properly initialize during subsequent power-on cycles. Power-on will deassert the reset at the appropriate time after tuning the PHY parameters. During suspend/resume cycles, we observed that the PHY PLL failed to lock during resume when the CPU temperature increased from 65C to 75C. The observed errors were: phy phy-32f00000.pcie-phy.3: phy poweron failed --> -110 imx6q-pcie 33800000.pcie: waiting for PHY ready timeout! imx6q-pcie 33800000.pcie: PM: dpm_run_callback(): genpd_resume_noirq+0x0/0x80 returns -110 imx6q-pcie 33800000.pcie: PM: failed to resume noirq: error -110 This resulted in a complete CPU freeze, which is resolved by ensuring the PHY is in reset during power-on, thus preventing PHY PLL failures. Cc: stable(a)vger.kernel.org Fixes: 1aa97b002258 ("phy: freescale: pcie: Initialize the imx8 pcie standalone phy driver") Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Acked-by: Richard Zhu <hongxing.zhu(a)nxp.com> Signed-off-by: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> --- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c index 5b505e34ca364..7355d9921b646 100644 --- a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c +++ b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c @@ -156,6 +156,16 @@ static int imx8_pcie_phy_power_on(struct phy *phy) return ret; } +static int imx8_pcie_phy_power_off(struct phy *phy) +{ + struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); + + reset_control_assert(imx8_phy->reset); + reset_control_assert(imx8_phy->perst); + + return 0; +} + static int imx8_pcie_phy_init(struct phy *phy) { struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); @@ -176,6 +186,7 @@ static const struct phy_ops imx8_pcie_phy_ops = { .init = imx8_pcie_phy_init, .exit = imx8_pcie_phy_exit, .power_on = imx8_pcie_phy_power_on, + .power_off = imx8_pcie_phy_power_off, .owner = THIS_MODULE, }; -- 2.45.2

6 months, 1 week

1
0
0 0

[PATCH net] net: mana: Support holes in device list reply msg

by Haiyang Zhang

According to GDMA protocol, holes (zeros) are allowed at the beginning or middle of the gdma_list_devices_resp message. The existing code cannot properly handle this, and may miss some devices in the list. To fix, scan the entire list until the num_of_devs are found, or until the end of the list. Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/gdma_main.c | 16 ++++++++++++---- include/net/mana/gdma.h | 11 +++++++---- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index c15a5ef4674e..df3ab31974b1 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -134,9 +134,10 @@ static int mana_gd_detect_devices(struct pci_dev *pdev) struct gdma_list_devices_resp resp = {}; struct gdma_general_req req = {}; struct gdma_dev_id dev; - u32 i, max_num_devs; + int found_dev = 0; u16 dev_type; int err; + u32 i; mana_gd_init_req_hdr(&req.hdr, GDMA_LIST_DEVICES, sizeof(req), sizeof(resp)); @@ -148,12 +149,19 @@ static int mana_gd_detect_devices(struct pci_dev *pdev) return err ? err : -EPROTO; } - max_num_devs = min_t(u32, MAX_NUM_GDMA_DEVICES, resp.num_of_devs); - - for (i = 0; i < max_num_devs; i++) { + for (i = 0; i < GDMA_DEV_LIST_SIZE && + found_dev < resp.num_of_devs; i++) { dev = resp.devs[i]; dev_type = dev.type; + /* Skip empty devices */ + if (dev.as_uint32 == 0) + continue; + + found_dev++; + dev_info(gc->dev, "Got devidx:%u, type:%u, instance:%u\n", i, + dev.type, dev.instance); + /* HWC is already detected in mana_hwc_create_channel(). */ if (dev_type == GDMA_DEVICE_HWC) continue; diff --git a/include/net/mana/gdma.h b/include/net/mana/gdma.h index 90f56656b572..62e9d7673862 100644 --- a/include/net/mana/gdma.h +++ b/include/net/mana/gdma.h @@ -408,8 +408,6 @@ struct gdma_context { struct gdma_dev mana_ib; }; -#define MAX_NUM_GDMA_DEVICES 4 - static inline bool mana_gd_is_mana(struct gdma_dev *gd) { return gd->dev_id.type == GDMA_DEVICE_MANA; @@ -556,11 +554,15 @@ enum { #define GDMA_DRV_CAP_FLAG_1_HWC_TIMEOUT_RECONFIG BIT(3) #define GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT BIT(5) +/* Driver can handle holes (zeros) in the device list */ +#define GDMA_DRV_CAP_FLAG_1_DEV_LIST_HOLES_SUP BIT(11) + #define GDMA_DRV_CAP_FLAGS1 \ (GDMA_DRV_CAP_FLAG_1_EQ_SHARING_MULTI_VPORT | \ GDMA_DRV_CAP_FLAG_1_NAPI_WKDONE_FIX | \ GDMA_DRV_CAP_FLAG_1_HWC_TIMEOUT_RECONFIG | \ - GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT) + GDMA_DRV_CAP_FLAG_1_VARIABLE_INDIRECTION_TABLE_SUPPORT | \ + GDMA_DRV_CAP_FLAG_1_DEV_LIST_HOLES_SUP) #define GDMA_DRV_CAP_FLAGS2 0 @@ -621,11 +623,12 @@ struct gdma_query_max_resources_resp { }; /* HW DATA */ /* GDMA_LIST_DEVICES */ +#define GDMA_DEV_LIST_SIZE 64 struct gdma_list_devices_resp { struct gdma_resp_hdr hdr; u32 num_of_devs; u32 reserved; - struct gdma_dev_id devs[64]; + struct gdma_dev_id devs[GDMA_DEV_LIST_SIZE]; }; /* HW DATA */ /* GDMA_REGISTER_DEVICE */ -- 2.34.1

6 months, 1 week

4
5
0 0

[PATCH v6.13 v2] fs/netfs/read_collect: fix crash due to uninitialized `prev` variable

by Max Kellermann

When checking whether the edges of adjacent subrequests touch, the `prev` variable is deferenced, but it might not have been initialized. This causes crashes like this one: BUG: unable to handle page fault for address: 0000000181343843 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000001c66db0067 P4D 8000001c66db0067 PUD 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 1 UID: 33333 PID: 24424 Comm: php-cgi8.2 Kdump: loaded Not tainted 6.13.2-cm4all0-hp+ #427 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 11/23/2021 RIP: 0010:netfs_consume_read_data.isra.0+0x5ef/0xb00 Code: fe ff ff 48 8b 83 88 00 00 00 48 8b 4c 24 30 4c 8b 43 78 48 85 c0 48 8d 51 70 75 20 48 8b 73 30 48 39 d6 74 17 48 8b 7c 24 40 <48> 8b 4f 78 48 03 4f 68 48 39 4b 68 0f 84 ab 02 00 00 49 29 c0 48 RSP: 0000:ffffc90037adbd00 EFLAGS: 00010283 RAX: 0000000000000000 RBX: ffff88811bda0600 RCX: ffff888620e7b980 RDX: ffff888620e7b9f0 RSI: ffff88811bda0428 RDI: 00000001813437cb RBP: 0000000000000000 R08: 0000000000004000 R09: 0000000000000000 R10: ffffffff82e070c0 R11: 0000000007ffffff R12: 0000000000004000 R13: ffff888620e7bb68 R14: 0000000000008000 R15: ffff888620e7bb68 FS: 00007ff2e0e7ddc0(0000) GS:ffff88981f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000181343843 CR3: 0000001bc10ba006 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x15c/0x450 ? search_extable+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? search_module_extables+0xe/0x40 ? exc_page_fault+0x5e/0x100 ? asm_exc_page_fault+0x22/0x30 ? netfs_consume_read_data.isra.0+0x5ef/0xb00 ? intel_iommu_unmap_pages+0xaa/0x190 ? __pfx_cachefiles_read_complete+0x10/0x10 netfs_read_subreq_terminated+0x24f/0x390 cachefiles_read_complete+0x48/0xf0 iomap_dio_bio_end_io+0x125/0x160 blk_update_request+0xea/0x3e0 scsi_end_request+0x27/0x190 scsi_io_completion+0x43/0x6c0 blk_complete_reqs+0x40/0x50 handle_softirqs+0xd1/0x280 irq_exit_rcu+0x91/0xb0 common_interrupt+0x3b/0xa0 asm_common_interrupt+0x22/0x40 RIP: 0033:0x55fe8470d2ab Code: 00 00 3c 7e 74 3b 3c b6 0f 84 dd 03 00 00 3c 1e 74 2f 83 c1 01 48 83 c2 38 48 83 c7 30 44 39 d1 74 3e 48 63 42 08 85 c0 79 a3 <49> 8b 46 48 8b 04 38 f6 c4 04 75 0b 0f b6 42 30 83 e0 0c 3c 04 75 RSP: 002b:00007ffca5ef2720 EFLAGS: 00000216 RAX: 0000000000000023 RBX: 0000000000000008 RCX: 000000000000001b RDX: 00007ff2e0cdb6f8 RSI: 0000000000000006 RDI: 0000000000000510 RBP: 00007ffca5ef27a0 R08: 00007ffca5ef2720 R09: 0000000000000001 R10: 000000000000001e R11: 00007ff2e0c10d08 R12: 0000000000000001 R13: 0000000000000120 R14: 00007ff2e0cb1ed0 R15: 00000000000000b0 </TASK> Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- David/Greg: just like the other two netfs patches I sent yesterday, this one doesn't apply to v6.14 as it was obsoleted by commit e2d46f2ec332 ("netfs: Change the read result collector to only use one work item"). v1->v2: duplicate "prev" assigment removed. Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/netfs/read_collect.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/fs/netfs/read_collect.c b/fs/netfs/read_collect.c index e8624f5c7fcc..8878b46589ff 100644 --- a/fs/netfs/read_collect.c +++ b/fs/netfs/read_collect.c @@ -258,17 +258,18 @@ static bool netfs_consume_read_data(struct netfs_io_subrequest *subreq, bool was */ if (!subreq->consumed && !prev_donated && - !list_is_first(&subreq->rreq_link, &rreq->subrequests) && - subreq->start == prev->start + prev->len) { + !list_is_first(&subreq->rreq_link, &rreq->subrequests)) { prev = list_prev_entry(subreq, rreq_link); - WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); - subreq->start += subreq->len; - subreq->len = 0; - subreq->transferred = 0; - trace_netfs_donate(rreq, subreq, prev, subreq->len, - netfs_trace_donate_to_prev); - trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); - goto remove_subreq_locked; + if (subreq->start == prev->start + prev->len) { + WRITE_ONCE(prev->next_donated, prev->next_donated + subreq->len); + subreq->start += subreq->len; + subreq->len = 0; + subreq->transferred = 0; + trace_netfs_donate(rreq, subreq, prev, subreq->len, + netfs_trace_donate_to_prev); + trace_netfs_sreq(subreq, netfs_sreq_trace_donate_to_prev); + goto remove_subreq_locked; + } } /* If we can't donate down the chain, donate up the chain instead. */ -- 2.47.2

6 months, 1 week

5
4
0 0

FAILED: patch "[PATCH] mm: hugetlb: Add huge page size param to" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 02410ac72ac3707936c07ede66e94360d0d65319 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030437-specks-impotency-d026@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02410ac72ac3707936c07ede66e94360d0d65319 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Wed, 26 Feb 2025 12:06:51 +0000 Subject: [PATCH] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being cleared in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> # riscv Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> # s390 Link: https://lore.kernel.org/r/20250226120656.2400136-2-ryan.roberts@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..663e87220e89 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -25,8 +25,16 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep); + #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +56,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +67,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +77,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..2e568f175cd4 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page);

6 months, 1 week

4
3
0 0

Patch "iio: dac: ad3552r: clear reset status flag" has been added to the 6.1-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3552r: clear reset status flag to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-dac-ad3552r-clear-reset-status-flag.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. From e17b9f20da7d2bc1f48878ab2230523b2512d965 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Sat, 25 Jan 2025 17:24:32 +0100 Subject: iio: dac: ad3552r: clear reset status flag From: Angelo Dureghello <adureghello(a)baylibre.com> commit e17b9f20da7d2bc1f48878ab2230523b2512d965 upstream. Clear reset status flag, to keep error status register clean after reset (ad3552r manual, rev B table 38). Reset error flag was left to 1, so debugging registers, the "Error Status Register" was dirty (0x01). It is important to clear this bit, so if there is any reset event over normal working mode, it is possible to detect it. Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250125-wip-bl-ad3552r-clear-reset-v2-1-aa3a27f3f… Cc: <Stable@vger..kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/dac/ad3552r.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/iio/dac/ad3552r.c +++ b/drivers/iio/dac/ad3552r.c @@ -703,6 +703,12 @@ static int ad3552r_reset(struct ad3552r_ return ret; } + /* Clear reset error flag, see ad3552r manual, rev B table 38. */ + ret = ad3552r_write_reg(dac, AD3552R_REG_ADDR_ERR_STATUS, + AD3552R_MASK_RESET_STATUS); + if (ret) + return ret; + return ad3552r_update_reg_field(dac, addr_mask_map[AD3552R_ADDR_ASCENSION][0], addr_mask_map[AD3552R_ADDR_ASCENSION][1], Patches currently in stable-queue which might be from adureghello(a)baylibre.com are queue-6.1/iio-dac-ad3552r-clear-reset-status-flag.patch

6 months, 1 week

1
0
0 0

Patch "iio: dac: ad3552r: clear reset status flag" has been added to the 6.12-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3552r: clear reset status flag to the 6.12-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-dac-ad3552r-clear-reset-status-flag.patch and it can be found in the queue-6.12 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. From e17b9f20da7d2bc1f48878ab2230523b2512d965 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Sat, 25 Jan 2025 17:24:32 +0100 Subject: iio: dac: ad3552r: clear reset status flag From: Angelo Dureghello <adureghello(a)baylibre.com> commit e17b9f20da7d2bc1f48878ab2230523b2512d965 upstream. Clear reset status flag, to keep error status register clean after reset (ad3552r manual, rev B table 38). Reset error flag was left to 1, so debugging registers, the "Error Status Register" was dirty (0x01). It is important to clear this bit, so if there is any reset event over normal working mode, it is possible to detect it. Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250125-wip-bl-ad3552r-clear-reset-v2-1-aa3a27f3f… Cc: <Stable@vger..kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/dac/ad3552r.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/iio/dac/ad3552r.c +++ b/drivers/iio/dac/ad3552r.c @@ -714,6 +714,12 @@ static int ad3552r_reset(struct ad3552r_ return ret; } + /* Clear reset error flag, see ad3552r manual, rev B table 38. */ + ret = ad3552r_write_reg(dac, AD3552R_REG_ADDR_ERR_STATUS, + AD3552R_MASK_RESET_STATUS); + if (ret) + return ret; + return ad3552r_update_reg_field(dac, addr_mask_map[AD3552R_ADDR_ASCENSION][0], addr_mask_map[AD3552R_ADDR_ASCENSION][1], Patches currently in stable-queue which might be from adureghello(a)baylibre.com are queue-6.12/iio-dac-ad3552r-clear-reset-status-flag.patch

6 months, 1 week

1
0
0 0

[PATCH] block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone

by Ming Lei

Make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone(), otherwise zero ->nr_integrity_segments will be observed in sg_alloc_table_chained(), in which BUG() is hit. Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index 40490ac88045..005c520d3498 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -3314,6 +3314,7 @@ int blk_rq_prep_clone(struct request *rq, struct request *rq_src, rq->special_vec = rq_src->special_vec; } rq->nr_phys_segments = rq_src->nr_phys_segments; + rq->nr_integrity_segments = rq_src->nr_integrity_segments; if (rq->bio && blk_crypto_rq_bio_prep(rq, rq->bio, gfp_mask) < 0) goto free_and_out; -- 2.47.0

6 months, 1 week

2
1
0 0

Patch "iio: dac: ad3552r: clear reset status flag" has been added to the 6.13-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3552r: clear reset status flag to the 6.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: iio-dac-ad3552r-clear-reset-status-flag.patch and it can be found in the queue-6.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. From e17b9f20da7d2bc1f48878ab2230523b2512d965 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <adureghello(a)baylibre.com> Date: Sat, 25 Jan 2025 17:24:32 +0100 Subject: iio: dac: ad3552r: clear reset status flag From: Angelo Dureghello <adureghello(a)baylibre.com> commit e17b9f20da7d2bc1f48878ab2230523b2512d965 upstream. Clear reset status flag, to keep error status register clean after reset (ad3552r manual, rev B table 38). Reset error flag was left to 1, so debugging registers, the "Error Status Register" was dirty (0x01). It is important to clear this bit, so if there is any reset event over normal working mode, it is possible to detect it. Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250125-wip-bl-ad3552r-clear-reset-v2-1-aa3a27f3f… Cc: <Stable@vger..kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/iio/dac/ad3552r.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/iio/dac/ad3552r.c +++ b/drivers/iio/dac/ad3552r.c @@ -410,6 +410,12 @@ static int ad3552r_reset(struct ad3552r_ return ret; } + /* Clear reset error flag, see ad3552r manual, rev B table 38. */ + ret = ad3552r_write_reg(dac, AD3552R_REG_ADDR_ERR_STATUS, + AD3552R_MASK_RESET_STATUS); + if (ret) + return ret; + return ad3552r_update_reg_field(dac, AD3552R_REG_ADDR_INTERFACE_CONFIG_A, AD3552R_MASK_ADDR_ASCENSION, Patches currently in stable-queue which might be from adureghello(a)baylibre.com are queue-6.13/iio-dac-ad3552r-clear-reset-status-flag.patch

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cdx: Fix possible UAF error in driver_override_show()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 91d44c1afc61a2fec37a9c7a3485368309391e0b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031035-dangle-briskness-0e29@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91d44c1afc61a2fec37a9c7a3485368309391e0b Mon Sep 17 00:00:00 2001 From: Qiu-ji Chen <chenqiuji666(a)gmail.com> Date: Sat, 18 Jan 2025 15:08:33 +0800 Subject: [PATCH] cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. Fixes: 1f86a00c1159 ("bus/fsl-mc: add support for 'driver_override' in the mc-bus") Cc: stable <stable(a)kernel.org> Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Link: https://lore.kernel.org/r/20250118070833.27201-1-chenqiuji666@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/cdx/cdx.c b/drivers/cdx/cdx.c index c573ed2ee71a..7811aa734053 100644 --- a/drivers/cdx/cdx.c +++ b/drivers/cdx/cdx.c @@ -473,8 +473,12 @@ static ssize_t driver_override_show(struct device *dev, struct device_attribute *attr, char *buf) { struct cdx_device *cdx_dev = to_cdx_device(dev); + ssize_t len; - return sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_lock(dev); + len = sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_unlock(dev); + return len; } static DEVICE_ATTR_RW(driver_override);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cdx: Fix possible UAF error in driver_override_show()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 91d44c1afc61a2fec37a9c7a3485368309391e0b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031035-unmoving-oak-e2a9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91d44c1afc61a2fec37a9c7a3485368309391e0b Mon Sep 17 00:00:00 2001 From: Qiu-ji Chen <chenqiuji666(a)gmail.com> Date: Sat, 18 Jan 2025 15:08:33 +0800 Subject: [PATCH] cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. Fixes: 1f86a00c1159 ("bus/fsl-mc: add support for 'driver_override' in the mc-bus") Cc: stable <stable(a)kernel.org> Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Link: https://lore.kernel.org/r/20250118070833.27201-1-chenqiuji666@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/cdx/cdx.c b/drivers/cdx/cdx.c index c573ed2ee71a..7811aa734053 100644 --- a/drivers/cdx/cdx.c +++ b/drivers/cdx/cdx.c @@ -473,8 +473,12 @@ static ssize_t driver_override_show(struct device *dev, struct device_attribute *attr, char *buf) { struct cdx_device *cdx_dev = to_cdx_device(dev); + ssize_t len; - return sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_lock(dev); + len = sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_unlock(dev); + return len; } static DEVICE_ATTR_RW(driver_override);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cdx: Fix possible UAF error in driver_override_show()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 91d44c1afc61a2fec37a9c7a3485368309391e0b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031034-faction-uphold-6310@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91d44c1afc61a2fec37a9c7a3485368309391e0b Mon Sep 17 00:00:00 2001 From: Qiu-ji Chen <chenqiuji666(a)gmail.com> Date: Sat, 18 Jan 2025 15:08:33 +0800 Subject: [PATCH] cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. Fixes: 1f86a00c1159 ("bus/fsl-mc: add support for 'driver_override' in the mc-bus") Cc: stable <stable(a)kernel.org> Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> Link: https://lore.kernel.org/r/20250118070833.27201-1-chenqiuji666@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/cdx/cdx.c b/drivers/cdx/cdx.c index c573ed2ee71a..7811aa734053 100644 --- a/drivers/cdx/cdx.c +++ b/drivers/cdx/cdx.c @@ -473,8 +473,12 @@ static ssize_t driver_override_show(struct device *dev, struct device_attribute *attr, char *buf) { struct cdx_device *cdx_dev = to_cdx_device(dev); + ssize_t len; - return sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_lock(dev); + len = sysfs_emit(buf, "%s\n", cdx_dev->driver_override); + device_unlock(dev); + return len; } static DEVICE_ATTR_RW(driver_override);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 189ecdb3e112da703ac0699f4ec76aa78122f911 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031003-unstitch-arbitrate-baa1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 189ecdb3e112da703ac0699f4ec76aa78122f911 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:10 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Snapshot the host's DEBUGCTL after disabling IRQs, as perf can toggle debugctl bits from IRQ context, e.g. when enabling/disabling events via smp_call_function_single(). Taking the snapshot (long) before IRQs are disabled could result in KVM effectively clobbering DEBUGCTL due to using a stale snapshot. Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5c6fd0edc41f..12d5f47c1bbe 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,7 +4968,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); - vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) { @@ -10969,6 +10968,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(0, 7); } + vcpu->arch.host_debugctl = get_debugctlmsr(); + guest_timing_enter_irqoff(); for (;;) {

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 189ecdb3e112da703ac0699f4ec76aa78122f911 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031002-campsite-railroad-4d13@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 189ecdb3e112da703ac0699f4ec76aa78122f911 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:10 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Snapshot the host's DEBUGCTL after disabling IRQs, as perf can toggle debugctl bits from IRQ context, e.g. when enabling/disabling events via smp_call_function_single(). Taking the snapshot (long) before IRQs are disabled could result in KVM effectively clobbering DEBUGCTL due to using a stale snapshot. Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5c6fd0edc41f..12d5f47c1bbe 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,7 +4968,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); - vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) { @@ -10969,6 +10968,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(0, 7); } + vcpu->arch.host_debugctl = get_debugctlmsr(); + guest_timing_enter_irqoff(); for (;;) {

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fb71c795935652fa20eaf9517ca9547f5af99a76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031034-latitude-stinking-09c1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb71c795935652fa20eaf9517ca9547f5af99a76 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:08 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86 Move KVM's snapshot of DEBUGCTL to kvm_vcpu_arch and take the snapshot in common x86, so that SVM can also use the snapshot. Opportunistically change the field to a u64. While bits 63:32 are reserved on AMD, not mentioned at all in Intel's SDM, and managed as an "unsigned long" by the kernel, DEBUGCTL is an MSR and therefore a 64-bit value. Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0b7af5902ff7..32ae3aa50c7e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -780,6 +780,7 @@ struct kvm_vcpu_arch { u32 pkru; u32 hflags; u64 efer; + u64 host_debugctl; u64 apic_base; struct kvm_lapic *apic; /* kernel irqchip context */ bool load_eoi_exitmap_pending; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6c56d5235f0f..3b92f893b239 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1514,16 +1514,12 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, */ void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { - struct vcpu_vmx *vmx = to_vmx(vcpu); - if (vcpu->scheduled_out && !kvm_pause_in_guest(vcpu->kvm)) shrink_ple_window(vcpu); vmx_vcpu_load_vmcs(vcpu, cpu, NULL); vmx_vcpu_pi_load(vcpu, cpu); - - vmx->host_debugctlmsr = get_debugctlmsr(); } void vmx_vcpu_put(struct kvm_vcpu *vcpu) @@ -7458,8 +7454,8 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) } /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ - if (vmx->host_debugctlmsr) - update_debugctlmsr(vmx->host_debugctlmsr); + if (vcpu->arch.host_debugctl) + update_debugctlmsr(vcpu->arch.host_debugctl); #ifndef CONFIG_X86_64 /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 8b111ce1087c..951e44dc9d0e 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -340,8 +340,6 @@ struct vcpu_vmx { /* apic deadline value in host tsc */ u64 hv_deadline_tsc; - unsigned long host_debugctlmsr; - /* * Only bits masked by msr_ia32_feature_control_valid_bits can be set in * msr_ia32_feature_control. FEAT_CTL_LOCKED is always included diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 02159c967d29..5c6fd0edc41f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,6 +4968,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); + vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) {

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fb71c795935652fa20eaf9517ca9547f5af99a76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031034-twister-stash-ba87@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb71c795935652fa20eaf9517ca9547f5af99a76 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:08 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86 Move KVM's snapshot of DEBUGCTL to kvm_vcpu_arch and take the snapshot in common x86, so that SVM can also use the snapshot. Opportunistically change the field to a u64. While bits 63:32 are reserved on AMD, not mentioned at all in Intel's SDM, and managed as an "unsigned long" by the kernel, DEBUGCTL is an MSR and therefore a 64-bit value. Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0b7af5902ff7..32ae3aa50c7e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -780,6 +780,7 @@ struct kvm_vcpu_arch { u32 pkru; u32 hflags; u64 efer; + u64 host_debugctl; u64 apic_base; struct kvm_lapic *apic; /* kernel irqchip context */ bool load_eoi_exitmap_pending; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6c56d5235f0f..3b92f893b239 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1514,16 +1514,12 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, */ void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { - struct vcpu_vmx *vmx = to_vmx(vcpu); - if (vcpu->scheduled_out && !kvm_pause_in_guest(vcpu->kvm)) shrink_ple_window(vcpu); vmx_vcpu_load_vmcs(vcpu, cpu, NULL); vmx_vcpu_pi_load(vcpu, cpu); - - vmx->host_debugctlmsr = get_debugctlmsr(); } void vmx_vcpu_put(struct kvm_vcpu *vcpu) @@ -7458,8 +7454,8 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) } /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ - if (vmx->host_debugctlmsr) - update_debugctlmsr(vmx->host_debugctlmsr); + if (vcpu->arch.host_debugctl) + update_debugctlmsr(vcpu->arch.host_debugctl); #ifndef CONFIG_X86_64 /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 8b111ce1087c..951e44dc9d0e 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -340,8 +340,6 @@ struct vcpu_vmx { /* apic deadline value in host tsc */ u64 hv_deadline_tsc; - unsigned long host_debugctlmsr; - /* * Only bits masked by msr_ia32_feature_control_valid_bits can be set in * msr_ia32_feature_control. FEAT_CTL_LOCKED is always included diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 02159c967d29..5c6fd0edc41f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,6 +4968,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); + vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) {

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031025-hurry-muster-0e93@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031024-bootleg-parkway-393c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031023-dodge-ungodly-172a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031022-debunk-winner-e8fe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

6 months, 1 week

1
0
0 0

[PATCH v2 0/2] R-Car CANFD fixes

by Biju Das

This patch series addresses 2 issues 1) Fix typo in pattern properties for R-Car V4M. 2) Fix page entries in the AFL list. v1->v2: * Split fixes patches as separate series. * Added Rb tag from Geert for binding patch. * Added the tag Cc:stable@vger.kernel.org Biju Das (2): dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M can: rcar_canfd: Fix page entries in the AFL list .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- drivers/net/can/rcar/rcar_canfd.c | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) -- 2.43.0

6 months, 1 week

4
15
0 0

[PATCH V3] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaked when an entity was being killed and adding its callback failed. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..1c0c14bcf726 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,12 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

6 months, 1 week

2
4
0 0

[PATCH v4 0/2] Allow non-coherent video capture buffers on Rockchip ISP V1

by Mikhail Rudenko

This small series adds support for non-coherent video capture buffers on Rockchip ISP V1. Patch 1 fixes cache management for dmabuf's allocated by dma-contig allocator. Patch 2 allows non-coherent allocations on the rkisp1 capture queue. Some timing measurements are provided in the commit message of patch 2. Signed-off-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> --- Changes in v4: - rebase to media/next - use `direction` instead of `buf->dma_dir` in dma_sync_sgtable_* - Link to v3: https://lore.kernel.org/r/20250128-b4-rkisp-noncoherent-v3-0-baf39c997d2a@g… Changes in v3: - ignore skip_cache_sync_* flags in vb2_dc_dmabuf_ops_{begin,end}_cpu_access - invalidate/flush kernel mappings as appropriate if they exist - use dma_sync_sgtable_* instead of dma_sync_sg_* - Link to v2: https://lore.kernel.org/r/20250115-b4-rkisp-noncoherent-v2-0-0853e1a24012@g… Changes in v2: - Fix vb2_dc_dmabuf_ops_{begin,end}_cpu_access() for non-coherent buffers. - Add cache management timing information to patch 2 commit message. - Link to v1: https://lore.kernel.org/r/20250102-b4-rkisp-noncoherent-v1-1-bba164f7132c@g… --- Mikhail Rudenko (2): media: videobuf2: Fix dmabuf cache sync/flush in dma-contig media: rkisp1: Allow non-coherent video capture buffers .../media/common/videobuf2/videobuf2-dma-contig.c | 22 ++++++++++++++++++++++ .../platform/rockchip/rkisp1/rkisp1-capture.c | 1 + 2 files changed, 23 insertions(+) --- base-commit: b2c4bf0c102084e77ed1b12090d77a76469a6814 change-id: 20241231-b4-rkisp-noncoherent-ad6e7c7a68ba Best regards, -- Mikhail Rudenko <mike.rudenko(a)gmail.com>

6 months, 1 week

3
6
0 0

[PATCH 1/1] mcb: fix a double free bug in chameleon_parse_gdd()

by Johannes Thumshirn

From: Haoxiang Li <haoxiang_li2024(a)163.com> In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. Fixes: 3764e82e5150 ("drivers: Introduce MEN Chameleon Bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Signed-off-by: Johannes Thumshirn <jth(a)kernel.org> --- drivers/mcb/mcb-parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mcb/mcb-parse.c b/drivers/mcb/mcb-parse.c index 02a680c73979..bf0d7d58c8b0 100644 --- a/drivers/mcb/mcb-parse.c +++ b/drivers/mcb/mcb-parse.c @@ -96,7 +96,7 @@ static int chameleon_parse_gdd(struct mcb_bus *bus, ret = mcb_device_register(bus, mdev); if (ret < 0) - goto err; + return ret; return 0; -- 2.43.0

6 months, 1 week

1
0
0 0

Re: Patch "fs/pipe: Read pipe->{head,tail} atomically outside pipe->mutex" has been added to the 5.10-stable tree

by Linus Torvalds

Note that this was a real fix, but the fix only matters if commit aaec5a95d596 ("pipe_read: don't wake up the writer if the pipe is still full") is in the tree. Now, the bug was pre-existing, and *maybe* it could be hit without that commit aaec5a95d596, but nobody has ever reported it, so it's very very unlikely. Also, this fix then had some fall-out, and while I think you've queued all the fallout fixes too, I think it might be a good idea to wait for more reports from the development tree before considering these for stable. Put another way: this fix caused some pain. It might not be worth back-porting to stable at all, and if it is, it might be worth waiting to see that there's no other fallout. Linus On Sun, 9 Mar 2025 at 09:52, Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > fs/pipe: Read pipe->{head,tail} atomically outside pipe->mutex

6 months, 1 week

2
1
0 0

[PATCH 5.15] sched: sch_cake: add bounds checks to host bulk flow fairness counts

by Hagar Hemdan

From: Toke Høiland-Jørgensen <toke(a)redhat.com> [ Upstream commit 737d4d91d35b5f7fa5bb442651472277318b0bfd ] Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error). As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour. Fixes: 546ea84d07e3 ("sched: sch_cake: fix bulk flow accounting logic for host fairness") Reported-by: syzbot+f63600d288bfb7057424(a)syzkaller.appspotmail.com Signed-off-by: Toke Høiland-Jørgensen <toke(a)redhat.com> Acked-by: Dave Taht <dave.taht(a)gmail.com> Link: https://patch.msgid.link/20250107120105.70685-1-toke@redhat.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Hagar: needed contextual fixes due to missing commit 7e3cf0843fe5] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- net/sched/sch_cake.c | 140 +++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 65 deletions(-) diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c index 8d9c0b98a747..d9535129f4e9 100644 --- a/net/sched/sch_cake.c +++ b/net/sched/sch_cake.c @@ -643,6 +643,63 @@ static bool cake_ddst(int flow_mode) return (flow_mode & CAKE_FLOW_DUAL_DST) == CAKE_FLOW_DUAL_DST; } +static void cake_dec_srchost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_dsrc(flow_mode) && + q->hosts[flow->srchost].srchost_bulk_flow_count)) + q->hosts[flow->srchost].srchost_bulk_flow_count--; +} + +static void cake_inc_srchost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_dsrc(flow_mode) && + q->hosts[flow->srchost].srchost_bulk_flow_count < CAKE_QUEUES)) + q->hosts[flow->srchost].srchost_bulk_flow_count++; +} + +static void cake_dec_dsthost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_ddst(flow_mode) && + q->hosts[flow->dsthost].dsthost_bulk_flow_count)) + q->hosts[flow->dsthost].dsthost_bulk_flow_count--; +} + +static void cake_inc_dsthost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_ddst(flow_mode) && + q->hosts[flow->dsthost].dsthost_bulk_flow_count < CAKE_QUEUES)) + q->hosts[flow->dsthost].dsthost_bulk_flow_count++; +} + +static u16 cake_get_flow_quantum(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + u16 host_load = 1; + + if (cake_dsrc(flow_mode)) + host_load = max(host_load, + q->hosts[flow->srchost].srchost_bulk_flow_count); + + if (cake_ddst(flow_mode)) + host_load = max(host_load, + q->hosts[flow->dsthost].dsthost_bulk_flow_count); + + /* The shifted prandom_u32() is a way to apply dithering to avoid + * accumulating roundoff errors + */ + return (q->flow_quantum * quantum_div[host_load] + + (prandom_u32() >> 16)) >> 16; +} + static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, int flow_mode, u16 flow_override, u16 host_override) { @@ -789,10 +846,8 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, allocate_dst = cake_ddst(flow_mode); if (q->flows[outer_hash + k].set == CAKE_SET_BULK) { - if (allocate_src) - q->hosts[q->flows[reduced_hash].srchost].srchost_bulk_flow_count--; - if (allocate_dst) - q->hosts[q->flows[reduced_hash].dsthost].dsthost_bulk_flow_count--; + cake_dec_srchost_bulk_flow_count(q, &q->flows[outer_hash + k], flow_mode); + cake_dec_dsthost_bulk_flow_count(q, &q->flows[outer_hash + k], flow_mode); } found: /* reserve queue for future packets in same flow */ @@ -817,9 +872,10 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, q->hosts[outer_hash + k].srchost_tag = srchost_hash; found_src: srchost_idx = outer_hash + k; - if (q->flows[reduced_hash].set == CAKE_SET_BULK) - q->hosts[srchost_idx].srchost_bulk_flow_count++; q->flows[reduced_hash].srchost = srchost_idx; + + if (q->flows[reduced_hash].set == CAKE_SET_BULK) + cake_inc_srchost_bulk_flow_count(q, &q->flows[reduced_hash], flow_mode); } if (allocate_dst) { @@ -840,9 +896,10 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, q->hosts[outer_hash + k].dsthost_tag = dsthost_hash; found_dst: dsthost_idx = outer_hash + k; - if (q->flows[reduced_hash].set == CAKE_SET_BULK) - q->hosts[dsthost_idx].dsthost_bulk_flow_count++; q->flows[reduced_hash].dsthost = dsthost_idx; + + if (q->flows[reduced_hash].set == CAKE_SET_BULK) + cake_inc_dsthost_bulk_flow_count(q, &q->flows[reduced_hash], flow_mode); } } @@ -1855,10 +1912,6 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, /* flowchain */ if (!flow->set || flow->set == CAKE_SET_DECAYING) { - struct cake_host *srchost = &b->hosts[flow->srchost]; - struct cake_host *dsthost = &b->hosts[flow->dsthost]; - u16 host_load = 1; - if (!flow->set) { list_add_tail(&flow->flowchain, &b->new_flows); } else { @@ -1868,18 +1921,8 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, flow->set = CAKE_SET_SPARSE; b->sparse_flow_count++; - if (cake_dsrc(q->flow_mode)) - host_load = max(host_load, srchost->srchost_bulk_flow_count); - - if (cake_ddst(q->flow_mode)) - host_load = max(host_load, dsthost->dsthost_bulk_flow_count); - - flow->deficit = (b->flow_quantum * - quantum_div[host_load]) >> 16; + flow->deficit = cake_get_flow_quantum(b, flow, q->flow_mode); } else if (flow->set == CAKE_SET_SPARSE_WAIT) { - struct cake_host *srchost = &b->hosts[flow->srchost]; - struct cake_host *dsthost = &b->hosts[flow->dsthost]; - /* this flow was empty, accounted as a sparse flow, but actually * in the bulk rotation. */ @@ -1887,12 +1930,8 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, b->sparse_flow_count--; b->bulk_flow_count++; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count++; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count++; - + cake_inc_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_inc_dsthost_bulk_flow_count(b, flow, q->flow_mode); } if (q->buffer_used > q->buffer_max_used) @@ -1949,13 +1988,11 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) { struct cake_sched_data *q = qdisc_priv(sch); struct cake_tin_data *b = &q->tins[q->cur_tin]; - struct cake_host *srchost, *dsthost; ktime_t now = ktime_get(); struct cake_flow *flow; struct list_head *head; bool first_flow = true; struct sk_buff *skb; - u16 host_load; u64 delay; u32 len; @@ -2055,11 +2092,6 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) q->cur_flow = flow - b->flows; first_flow = false; - /* triple isolation (modified DRR++) */ - srchost = &b->hosts[flow->srchost]; - dsthost = &b->hosts[flow->dsthost]; - host_load = 1; - /* flow isolation (DRR++) */ if (flow->deficit <= 0) { /* Keep all flows with deficits out of the sparse and decaying @@ -2071,11 +2103,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) b->sparse_flow_count--; b->bulk_flow_count++; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count++; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count++; + cake_inc_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_inc_dsthost_bulk_flow_count(b, flow, q->flow_mode); flow->set = CAKE_SET_BULK; } else { @@ -2087,19 +2116,7 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) } } - if (cake_dsrc(q->flow_mode)) - host_load = max(host_load, srchost->srchost_bulk_flow_count); - - if (cake_ddst(q->flow_mode)) - host_load = max(host_load, dsthost->dsthost_bulk_flow_count); - - WARN_ON(host_load > CAKE_QUEUES); - - /* The shifted prandom_u32() is a way to apply dithering to - * avoid accumulating roundoff errors - */ - flow->deficit += (b->flow_quantum * quantum_div[host_load] + - (prandom_u32() >> 16)) >> 16; + flow->deficit += cake_get_flow_quantum(b, flow, q->flow_mode); list_move_tail(&flow->flowchain, &b->old_flows); goto retry; @@ -2123,11 +2140,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) if (flow->set == CAKE_SET_BULK) { b->bulk_flow_count--; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count--; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count--; + cake_dec_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_dec_dsthost_bulk_flow_count(b, flow, q->flow_mode); b->decaying_flow_count++; } else if (flow->set == CAKE_SET_SPARSE || @@ -2145,12 +2159,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) else if (flow->set == CAKE_SET_BULK) { b->bulk_flow_count--; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count--; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count--; - + cake_dec_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_dec_dsthost_bulk_flow_count(b, flow, q->flow_mode); } else b->decaying_flow_count--; -- 2.47.1

6 months, 1 week

3
6
0 0

[PATCH v4] sched/topology: Enable topology_span_sane check only for debug builds

by Naman Jain

From: Saurabh Sengar <ssengar(a)linux.microsoft.com> On a x86 system under test with 1780 CPUs, topology_span_sane() takes around 8 seconds cumulatively for all the iterations. It is an expensive operation which does the sanity of non-NUMA topology masks. CPU topology is not something which changes very frequently hence make this check optional for the systems where the topology is trusted and need faster bootup. Restrict this to sched_verbose kernel cmdline option so that this penalty can be avoided for the systems who want to avoid it. Cc: stable(a)vger.kernel.org Fixes: ccf74128d66c ("sched/topology: Assert non-NUMA topology masks don't (partially) overlap") Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Co-developed-by: Naman Jain <namjain(a)linux.microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Tested-by: K Prateek Nayak <kprateek.nayak(a)amd.com> --- Changes since v3: https://lore.kernel.org/all/20250203114738.3109-1-namjain@linux.microsoft.c… - Minor typo correction in comment - Added Tested-by tag from Prateek for x86 Changes since v2: https://lore.kernel.org/all/1731922777-7121-1-git-send-email-ssengar@linux.… - Use sched_debug() instead of using sched_debug_verbose variable directly (addressing Prateek's comment) Changes since v1: https://lore.kernel.org/all/1729619853-2597-1-git-send-email-ssengar@linux.… - Use kernel cmdline param instead of compile time flag. Adding a link to the other patch which is under review. https://lore.kernel.org/lkml/20241031200431.182443-1-steve.wahl@hpe.com/ Above patch tries to optimize the topology sanity check, whereas this patch makes it optional. We believe both patches can coexist, as even with optimization, there will still be some performance overhead for this check. --- kernel/sched/topology.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c index c49aea8c1025..666f0a18cc6c 100644 --- a/kernel/sched/topology.c +++ b/kernel/sched/topology.c @@ -2359,6 +2359,13 @@ static bool topology_span_sane(struct sched_domain_topology_level *tl, { int i = cpu + 1; + /* Skip the topology sanity check for non-debug, as it is a time-consuming operation */ + if (!sched_debug()) { + pr_info_once("%s: Skipping topology span sanity check. Use `sched_verbose` boot parameter to enable it.\n", + __func__); + return true; + } + /* NUMA levels are allowed to overlap */ if (tl->flags & SDTL_OVERLAP) return true; -- 2.34.1

6 months, 1 week

3
4
0 0

[PATCH] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..b78d119ed1f7 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -157,6 +157,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

6 months, 1 week

4
4
0 0

[PATCH 5.4] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.4 s/ATOM_GRACEMONT/ALDERLAKE_N/ added microcode matching to INTEL_MATCH() and invlpg_miss_ids ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 086b274fa60f..b3bed9a9f78d 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -211,33 +211,39 @@ static void __init probe_page_size_mask(void) } } -#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ - .family = 6, \ - .model = _model, \ - } +#define INTEL_MATCH(_model, ucode) { .vendor = X86_VENDOR_INTEL, \ + .family = 6, \ + .model = _model, \ + .driver_data = ucode, \ + } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE, 0x2e), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L, 0x42c), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N, 0x11), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE, 0x118), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P, 0x4117), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 856a224845f949243d6719165c88a70e4b473ec4 change-id: 20250308-clear-pcid-5-4-cc78be4ffaaf Best regards, -- Thanks, Pawan

6 months, 1 week

2
1
0 0

[PATCH 6.6] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.6 ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 6215dfa23578..71d29dd7ad76 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -262,28 +262,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ATOM_GRACEMONT, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_GRACEMONT, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 568e253c3e3bdfecf5a4d65ccc8fc971c6c4b31f change-id: 20250307-clear-pcid-6-6-ce51baab3b5b Best regards, -- Thanks, Pawan

6 months, 1 week

2
1
0 0

[PATCH v2 6.1] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by Alexey Panov

From: David Hildenbrand <david(a)redhat.com> commit 091c1dd2d4df6edd1beebe0e5863d4034ade9572 upstream. We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm(a)linux-foundation.org: add unlikely()] Link: https://lkml.kernel.org/r/20241120201151.9518-1-david@redhat.com Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [ Alexey: mmap_read_lock is not used in this context, so mmap_read_unlock is removed. Synchronization is provided by an external context in do_migrate_pages(). ] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in changes summary. Fix braces for a single statement block. Rearrange the changes with a comment and VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 399d8cb48813..f60ff4727f46 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1062,13 +1062,17 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, nodes_clear(nmask); node_set(source, nmask); + VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + + vma = find_vma(mm, 0); + if (unlikely(!vma)) + return 0; + /* * This does not "check" the range but isolates all pages that * need migration. Between passing in the full user address * space range and MPOL_MF_DISCONTIG_OK, this call can not fail. */ - vma = find_vma(mm, 0); - VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); queue_pages_range(mm, vma->vm_start, mm->task_size, &nmask, flags | MPOL_MF_DISCONTIG_OK, &pagelist); -- 2.30.2

6 months, 1 week

2
1
0 0

[PATCH v2 5.10/5.15] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by Alexey Panov

From: David Hildenbrand <david(a)redhat.com> commit 091c1dd2d4df6edd1beebe0e5863d4034ade9572 upstream. We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm(a)linux-foundation.org: add unlikely()] Link: https://lkml.kernel.org/r/20241120201151.9518-1-david@redhat.com Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [ Alexey: mmap_read_lock is not used in this context, so mmap_read_unlock is removed. Synchronization is provided by an external context in do_migrate_pages(). find_vma(mm, 0) is the same as mm->mmap. ] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in changes summary. Fix braces for a single statement block. Rearrange the changes with a comment and VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 6c98585f20df..db94aec0ea17 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1067,6 +1067,7 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, int flags) { nodemask_t nmask; + struct vm_area_struct *vma; LIST_HEAD(pagelist); int err = 0; struct migration_target_control mtc = { @@ -1077,13 +1078,18 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, nodes_clear(nmask); node_set(source, nmask); + VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + + vma = find_vma(mm, 0); + if (unlikely(!vma)) + return 0; + /* * This does not "check" the range but isolates all pages that * need migration. Between passing in the full user address * space range and MPOL_MF_DISCONTIG_OK, this call can not fail. */ - VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); - queue_pages_range(mm, mm->mmap->vm_start, mm->task_size, &nmask, + queue_pages_range(mm, vma->vm_start, mm->task_size, &nmask, flags | MPOL_MF_DISCONTIG_OK, &pagelist); if (!list_empty(&pagelist)) { -- 2.30.2

6 months, 1 week

2
1
0 0

[PATCH 6.12/6.13] loongarch: Use ASM_REACHABLE

by Huacai Chen

From: Peter Zijlstra <peterz(a)infradead.org> commit 624bde3465f660e54a7cd4c1efc3e536349fead5 upstream. annotate_reachable() is unreliable since the compiler is free to place random code inbetween two consecutive asm() statements. This removes the last and only annotate_reachable() user. Backport to solve a build error since relevant commits have already been backported. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Link: https://lore.kernel.org/r/20241128094312.133437051@infradead.org Closes: https://lore.kernel.org/loongarch/20250307214943.372210-1-ojeda@kernel.org/ Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/bug.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/loongarch/include/asm/bug.h b/arch/loongarch/include/asm/bug.h index 08388876ade4..561ac1bf79e2 100644 --- a/arch/loongarch/include/asm/bug.h +++ b/arch/loongarch/include/asm/bug.h @@ -4,6 +4,7 @@ #include <asm/break.h> #include <linux/stringify.h> +#include <linux/objtool.h> #ifndef CONFIG_DEBUG_BUGVERBOSE #define _BUGVERBOSE_LOCATION(file, line) @@ -33,25 +34,25 @@ #define ASM_BUG_FLAGS(flags) \ __BUG_ENTRY(flags) \ - break BRK_BUG + break BRK_BUG; #define ASM_BUG() ASM_BUG_FLAGS(0) -#define __BUG_FLAGS(flags) \ - asm_inline volatile (__stringify(ASM_BUG_FLAGS(flags))); +#define __BUG_FLAGS(flags, extra) \ + asm_inline volatile (__stringify(ASM_BUG_FLAGS(flags)) \ + extra); #define __WARN_FLAGS(flags) \ do { \ instrumentation_begin(); \ - __BUG_FLAGS(BUGFLAG_WARNING|(flags)); \ - annotate_reachable(); \ + __BUG_FLAGS(BUGFLAG_WARNING|(flags), ASM_REACHABLE); \ instrumentation_end(); \ } while (0) #define BUG() \ do { \ instrumentation_begin(); \ - __BUG_FLAGS(0); \ + __BUG_FLAGS(0, ""); \ unreachable(); \ } while (0) -- 2.47.1

6 months, 1 week

3
2
0 0

[PATCH 5.15] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.15 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 5953c7482016..1110f6dda352 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -264,28 +264,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: c16c81c81336c0912eb3542194f16215c0a40037 change-id: 20250307-clear-pcid-5-15-e9740c3b5649 Best regards, -- Thanks, Pawan

6 months, 1 week

2
1
0 0

[PATCH 6.12] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.12 ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index eb503f53c319..101725c149c4 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_VFM(INTEL_ALDERLAKE, 0), - X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0), - X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0), + X86_MATCH_VFM(INTEL_ALDERLAKE, 0x2e), + X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0x42c), + X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0x11), + X86_MATCH_VFM(INTEL_RAPTORLAKE, 0x118), + X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0x4117), + X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 105a31925e2d17b766cebcff5d173f469e7b9e52 change-id: 20250307-clear-pcid-6-12-f3e4c84c7206 Best regards, -- Pawan

6 months, 1 week

2
1
0 0

[PATCH 5.10] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.10 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 17f1a89e26fc..d4b6ca0221a7 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -258,28 +258,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: f0a53361993a94f602df6f35e78149ad2ac12c89 change-id: 20250307-clear-pcid-5-10-64f4287b45c7 Best regards, -- Thanks, Pawan

6 months, 1 week

2
1
0 0

[PATCH linux-6.12.y] selftests/bpf: Clean up open-coded gettid syscall invocations

by Alan Maguire

From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Availability of the gettid definition across glibc versions supported by BPF selftests is not certain. Currently, all users in the tree open-code syscall to gettid. Convert them to a common macro definition. Reviewed-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/r/20241104171959.2938862-3-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> (cherry picked from commit 0e2fb011a0ba8e2258ce776fdf89fbd589c2a3a6) This backport is needed to build BPF selftests successfully for linux-6.12.y, as when currently building BPF selftests, the following error is seen: TEST-OBJ [test_progs] raw_tp_null.test.o prog_tests/raw_tp_null.c: In function ‘test_raw_tp_null’: prog_tests/raw_tp_null.c:15:26: error: implicit declaration of function ‘sys_gettid’; did you mean ‘gettid’? [-Werror=implicit-function-declaration] 15 | skel->bss->tid = sys_gettid(); | ^~~~~~~~~~ | gettid cc1: all warnings being treated as errors Fixes: abd30e947f70 ("selftests/bpf: Add tests for raw_tp null handling") Reported-by: Colm Harrington <colm.harrington(a)oracle.com> Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Conflicts: tools/testing/selftests/bpf/prog_tests/task_local_storage.c Conflicts were due to new unrelated context in the upstream version. --- tools/testing/selftests/bpf/benchs/bench_trigger.c | 3 ++- tools/testing/selftests/bpf/bpf_util.h | 9 +++++++++ .../testing/selftests/bpf/map_tests/task_storage_map.c | 3 ++- tools/testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +++--- .../selftests/bpf/prog_tests/cgrp_local_storage.c | 10 +++++----- tools/testing/selftests/bpf/prog_tests/core_reloc.c | 2 +- tools/testing/selftests/bpf/prog_tests/linked_funcs.c | 2 +- .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 +- tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c | 4 ++-- .../selftests/bpf/prog_tests/task_local_storage.c | 8 ++++---- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 2 +- 12 files changed, 32 insertions(+), 21 deletions(-) diff --git a/tools/testing/selftests/bpf/benchs/bench_trigger.c b/tools/testing/selftests/bpf/benchs/bench_trigger.c index 2ed0ef6f21ee..32e9f194d449 100644 --- a/tools/testing/selftests/bpf/benchs/bench_trigger.c +++ b/tools/testing/selftests/bpf/benchs/bench_trigger.c @@ -4,6 +4,7 @@ #include <argp.h> #include <unistd.h> #include <stdint.h> +#include "bpf_util.h" #include "bench.h" #include "trigger_bench.skel.h" #include "trace_helpers.h" @@ -72,7 +73,7 @@ static __always_inline void inc_counter(struct counter *counters) unsigned slot; if (unlikely(tid == 0)) - tid = syscall(SYS_gettid); + tid = sys_gettid(); /* multiplicative hashing, it's fast */ slot = 2654435769U * tid; diff --git a/tools/testing/selftests/bpf/bpf_util.h b/tools/testing/selftests/bpf/bpf_util.h index 10587a29b967..feff92219e21 100644 --- a/tools/testing/selftests/bpf/bpf_util.h +++ b/tools/testing/selftests/bpf/bpf_util.h @@ -6,6 +6,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <syscall.h> #include <bpf/libbpf.h> /* libbpf_num_possible_cpus */ static inline unsigned int bpf_num_possible_cpus(void) @@ -59,4 +60,12 @@ static inline void bpf_strlcpy(char *dst, const char *src, size_t sz) (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER)) #endif +/* Availability of gettid across glibc versions is hit-and-miss, therefore + * fallback to syscall in this macro and use it everywhere. + */ +#ifndef sys_gettid +#define sys_gettid() syscall(SYS_gettid) +#endif + + #endif /* __BPF_UTIL__ */ diff --git a/tools/testing/selftests/bpf/map_tests/task_storage_map.c b/tools/testing/selftests/bpf/map_tests/task_storage_map.c index 7d050364efca..62971dbf2996 100644 --- a/tools/testing/selftests/bpf/map_tests/task_storage_map.c +++ b/tools/testing/selftests/bpf/map_tests/task_storage_map.c @@ -12,6 +12,7 @@ #include <bpf/bpf.h> #include <bpf/libbpf.h> +#include "bpf_util.h" #include "test_maps.h" #include "task_local_storage_helpers.h" #include "read_bpf_task_storage_busy.skel.h" @@ -115,7 +116,7 @@ void test_task_storage_map_stress_lookup(void) CHECK(err, "attach", "error %d\n", err); /* Trigger program */ - syscall(SYS_gettid); + sys_gettid(); skel->bss->pid = 0; CHECK(skel->bss->busy != 0, "bad bpf_task_storage_busy", "got %d\n", skel->bss->busy); diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c index 070c52c312e5..6befa870434b 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c @@ -690,7 +690,7 @@ void test_bpf_cookie(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->my_tid = syscall(SYS_gettid); + skel->bss->my_tid = sys_gettid(); if (test__start_subtest("kprobe")) kprobe_subtest(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c index 9006549a1294..b8e1224cfd19 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c @@ -226,7 +226,7 @@ static void test_task_common_nocheck(struct bpf_iter_attach_opts *opts, ASSERT_OK(pthread_create(&thread_id, NULL, &do_nothing_wait, NULL), "pthread_create"); - skel->bss->tid = syscall(SYS_gettid); + skel->bss->tid = sys_gettid(); do_dummy_read_opts(skel->progs.dump_task, opts); @@ -255,10 +255,10 @@ static void *run_test_task_tid(void *arg) union bpf_iter_link_info linfo; int num_unknown_tid, num_known_tid; - ASSERT_NEQ(getpid(), syscall(SYS_gettid), "check_new_thread_id"); + ASSERT_NEQ(getpid(), sys_gettid(), "check_new_thread_id"); memset(&linfo, 0, sizeof(linfo)); - linfo.task.tid = syscall(SYS_gettid); + linfo.task.tid = sys_gettid(); opts.link_info = &linfo; opts.link_info_len = sizeof(linfo); test_task_common(&opts, 0, 1); diff --git a/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c b/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c index 747761572098..9015e2c2ab12 100644 --- a/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c +++ b/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c @@ -63,14 +63,14 @@ static void test_tp_btf(int cgroup_fd) if (!ASSERT_OK(err, "map_delete_elem")) goto out; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); err = cgrp_ls_tp_btf__attach(skel); if (!ASSERT_OK(err, "skel_attach")) goto out; - syscall(SYS_gettid); - syscall(SYS_gettid); + sys_gettid(); + sys_gettid(); skel->bss->target_pid = 0; @@ -154,7 +154,7 @@ static void test_recursion(int cgroup_fd) goto out; /* trigger sys_enter, make sure it does not cause deadlock */ - syscall(SYS_gettid); + sys_gettid(); out: cgrp_ls_recursion__destroy(skel); @@ -224,7 +224,7 @@ static void test_yes_rcu_lock(__u64 cgroup_id) return; CGROUP_MODE_SET(skel); - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.yes_rcu_lock, true); err = cgrp_ls_sleepable__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/core_reloc.c b/tools/testing/selftests/bpf/prog_tests/core_reloc.c index 26019313e1fc..1c682550e0e7 100644 --- a/tools/testing/selftests/bpf/prog_tests/core_reloc.c +++ b/tools/testing/selftests/bpf/prog_tests/core_reloc.c @@ -1010,7 +1010,7 @@ static void run_core_reloc_tests(bool use_btfgen) struct data *data; void *mmap_data = NULL; - my_pid_tgid = getpid() | ((uint64_t)syscall(SYS_gettid) << 32); + my_pid_tgid = getpid() | ((uint64_t)sys_gettid() << 32); for (i = 0; i < ARRAY_SIZE(test_cases); i++) { char btf_file[] = "/tmp/core_reloc.btf.XXXXXX"; diff --git a/tools/testing/selftests/bpf/prog_tests/linked_funcs.c b/tools/testing/selftests/bpf/prog_tests/linked_funcs.c index cad664546912..fa639b021f7e 100644 --- a/tools/testing/selftests/bpf/prog_tests/linked_funcs.c +++ b/tools/testing/selftests/bpf/prog_tests/linked_funcs.c @@ -20,7 +20,7 @@ void test_linked_funcs(void) bpf_program__set_autoload(skel->progs.handler1, true); bpf_program__set_autoload(skel->progs.handler2, true); - skel->rodata->my_tid = syscall(SYS_gettid); + skel->rodata->my_tid = sys_gettid(); skel->bss->syscall_id = SYS_getpgid; err = linked_funcs__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c index c29787e092d6..761ce24bce38 100644 --- a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c @@ -23,7 +23,7 @@ static int get_pid_tgid(pid_t *pid, pid_t *tgid, struct stat st; int err; - *pid = syscall(SYS_gettid); + *pid = sys_gettid(); *tgid = getpid(); err = stat("/proc/self/ns/pid", &st); diff --git a/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c b/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c index a1f7e7378a64..ebe0c12b5536 100644 --- a/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c +++ b/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c @@ -21,7 +21,7 @@ static void test_success(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.get_cgroup_id, true); bpf_program__set_autoload(skel->progs.task_succ, true); @@ -58,7 +58,7 @@ static void test_rcuptr_acquire(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.task_acquire, true); err = rcu_read_lock__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/task_local_storage.c b/tools/testing/selftests/bpf/prog_tests/task_local_storage.c index c33c05161a9e..0d42ce00166f 100644 --- a/tools/testing/selftests/bpf/prog_tests/task_local_storage.c +++ b/tools/testing/selftests/bpf/prog_tests/task_local_storage.c @@ -23,14 +23,14 @@ static void test_sys_enter_exit(void) if (!ASSERT_OK_PTR(skel, "skel_open_and_load")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); err = task_local_storage__attach(skel); if (!ASSERT_OK(err, "skel_attach")) goto out; - syscall(SYS_gettid); - syscall(SYS_gettid); + sys_gettid(); + sys_gettid(); /* 3x syscalls: 1x attach and 2x gettid */ ASSERT_EQ(skel->bss->enter_cnt, 3, "enter_cnt"); @@ -99,7 +99,7 @@ static void test_recursion(void) /* trigger sys_enter, make sure it does not cause deadlock */ skel->bss->test_pid = getpid(); - syscall(SYS_gettid); + sys_gettid(); skel->bss->test_pid = 0; task_ls_recursion__detach(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c index c1ac813ff9ba..02a484b22aa6 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c @@ -125,7 +125,7 @@ static void *child_thread(void *ctx) struct child *child = ctx; int c = 0, err; - child->tid = syscall(SYS_gettid); + child->tid = sys_gettid(); /* let parent know we are ready */ err = write(child->c2p[1], &c, 1); -- 2.43.5

6 months, 1 week

2
1
0 0

[PATCH stable v5.4 v2 0/3] Missing overflow changes

by Florian Fainelli

This patch series backports the minimum set of changes in order to fix this warning that popped up with >= 5.4.284 stable kernels: In file included from ./include/linux/mm.h:29, from ./include/linux/pagemap.h:8, from ./include/linux/buffer_head.h:14, from fs/udf/udfdecl.h:12, from fs/udf/super.c:41: fs/udf/super.c: In function 'udf_fill_partdesc_info': ./include/linux/overflow.h:70:15: warning: comparison of distinct pointer types lacks a cast (void) (&__a == &__b); \ ^~ fs/udf/super.c:1162:7: note: in expansion of macro 'check_add_overflow' if (check_add_overflow(map->s_partition_len, ^~~~~~~~~~~~~~~~~~ Changes in v2: - added missing upstream commit ID to the last patch in the series Kees Cook (2): overflow: Add __must_check attribute to check_*() helpers overflow: Allow mixed type arguments Keith Busch (1): overflow: Correct check_shl_overflow() comment include/linux/overflow.h | 101 +++++++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 41 deletions(-) -- 2.34.1

6 months, 1 week

2
6
0 0

[PATCH 6.1] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.1 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index ed861ef33f80..ab697ee64528 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 6ae7ac5c4251b139da4b672fe4157f2089a9d922 change-id: 20250307-clear-pcid-6-1-3f7b1af35cb2 Best regards, -- Thanks, Pawan

6 months, 1 week

2
1
0 0

[PATCH 1/2] virt: sev-guest: Allocate request data dynamically

by Alexey Kardashevskiy

From: Nikunj A Dadhania <nikunj(a)amd.com> Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") narrowed the command mutex scope to snp_send_guest_request. However, GET_REPORT, GET_DERIVED_KEY, and GET_EXT_REPORT share the req structure in snp_guest_dev. Without the mutex protection, concurrent requests can overwrite each other's data. Fix it by dynamically allocating the request structure. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Cc: stable(a)vger.kernel.org Reported-by: andreas.stuehrk(a)yaxi.tech Closes: https://github.com/AMDESE/AMDSEV/issues/265 Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com> --- drivers/virt/coco/sev-guest/sev-guest.c | 24 ++++++++++++-------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index ddec5677e247..4699fdc9ed44 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -39,12 +39,6 @@ struct snp_guest_dev { struct miscdevice misc; struct snp_msg_desc *msg_desc; - - union { - struct snp_report_req report; - struct snp_derived_key_req derived_key; - struct snp_ext_report_req ext_report; - } req; }; /* @@ -72,7 +66,7 @@ struct snp_req_resp { static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_report_req *report_req = &snp_dev->req.report; + struct snp_report_req *report_req __free(kfree) = NULL; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_report_resp *report_resp; struct snp_guest_req req = {}; @@ -81,6 +75,10 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!arg->req_data || !arg->resp_data) return -EINVAL; + report_req = kzalloc(sizeof(*report_req), GFP_KERNEL_ACCOUNT); + if (!report_req) + return -ENOMEM; + if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req))) return -EFAULT; @@ -117,7 +115,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key; + struct snp_derived_key_req *derived_key_req __free(kfree) = NULL; struct snp_derived_key_resp derived_key_resp = {0}; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_guest_req req = {}; @@ -137,6 +135,10 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque if (sizeof(buf) < resp_len) return -ENOMEM; + derived_key_req = kzalloc(sizeof(*derived_key_req), GFP_KERNEL_ACCOUNT); + if (!derived_key_req) + return -ENOMEM; + if (copy_from_user(derived_key_req, (void __user *)arg->req_data, sizeof(*derived_key_req))) return -EFAULT; @@ -169,7 +171,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_req_resp *io) { - struct snp_ext_report_req *report_req = &snp_dev->req.ext_report; + struct snp_ext_report_req *report_req __free(kfree) = NULL; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_report_resp *report_resp; struct snp_guest_req req = {}; @@ -179,6 +181,10 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; + report_req = kzalloc(sizeof(*report_req), GFP_KERNEL_ACCOUNT); + if (!report_req) + return -ENOMEM; + if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req))) return -EFAULT; -- 2.47.1

6 months, 1 week

3
3
0 0

[PATCH 5.15.y] fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super

by Miguel García

6 months, 1 week

2
1
0 0

[PATCH 5.10] crypto: hisilicon/qm - inject error before stopping queue

by Xiangyu Chen

From: Weili Qian <qianweili(a)huawei.com> commit b04f06fc0243600665b3b50253869533b7938468 upstream. The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory. Fixes: 6c6dd5802c2d ("crypto: hisilicon/qm - add controller reset interface") Signed-off-by: Weili Qian <qianweili(a)huawei.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the code compile on arm64 toolchain --- drivers/crypto/hisilicon/qm.c | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index 530f23116d7c..8988ee714ce1 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3354,6 +3354,27 @@ static int qm_set_vf_mse(struct hisi_qm *qm, bool set) return -ETIMEDOUT; } +static void qm_dev_ecc_mbit_handle(struct hisi_qm *qm) +{ + u32 nfe_enb = 0; + + if (!qm->err_status.is_dev_ecc_mbit && + qm->err_status.is_qm_ecc_mbit && + qm->err_ini->close_axi_master_ooo) { + + qm->err_ini->close_axi_master_ooo(qm); + + } else if (qm->err_status.is_dev_ecc_mbit && + !qm->err_status.is_qm_ecc_mbit && + !qm->err_ini->close_axi_master_ooo) { + + nfe_enb = readl(qm->io_base + QM_RAS_NFE_ENABLE); + writel(nfe_enb & QM_RAS_NFE_MBIT_DISABLE, + qm->io_base + QM_RAS_NFE_ENABLE); + writel(QM_ECC_MBIT, qm->io_base + QM_ABNORMAL_INT_SET); + } +} + static int qm_set_msi(struct hisi_qm *qm, bool set) { struct pci_dev *pdev = qm->pdev; @@ -3433,6 +3454,8 @@ static int qm_controller_reset_prepare(struct hisi_qm *qm) return ret; } + qm_dev_ecc_mbit_handle(qm); + if (qm->vfs_num) { ret = qm_vf_reset_prepare(qm, QM_SOFT_RESET); if (ret) { @@ -3450,27 +3473,6 @@ static int qm_controller_reset_prepare(struct hisi_qm *qm) return 0; } -static void qm_dev_ecc_mbit_handle(struct hisi_qm *qm) -{ - u32 nfe_enb = 0; - - if (!qm->err_status.is_dev_ecc_mbit && - qm->err_status.is_qm_ecc_mbit && - qm->err_ini->close_axi_master_ooo) { - - qm->err_ini->close_axi_master_ooo(qm); - - } else if (qm->err_status.is_dev_ecc_mbit && - !qm->err_status.is_qm_ecc_mbit && - !qm->err_ini->close_axi_master_ooo) { - - nfe_enb = readl(qm->io_base + QM_RAS_NFE_ENABLE); - writel(nfe_enb & QM_RAS_NFE_MBIT_DISABLE, - qm->io_base + QM_RAS_NFE_ENABLE); - writel(QM_ECC_MBIT, qm->io_base + QM_ABNORMAL_INT_SET); - } -} - static int qm_soft_reset(struct hisi_qm *qm) { struct pci_dev *pdev = qm->pdev; @@ -3496,8 +3498,6 @@ static int qm_soft_reset(struct hisi_qm *qm) return ret; } - qm_dev_ecc_mbit_handle(qm); - /* OOO register set and check */ writel(ACC_MASTER_GLOBAL_CTRL_SHUTDOWN, qm->io_base + ACC_MASTER_GLOBAL_CTRL); -- 2.25.1

6 months, 1 week

2
1
0 0

[PATCH v2 6.6] mm/mempolicy: fix unbalanced unlock in backported VMA check

by Alexey Panov

No upstream commit exists for this commit. The issue was introduced with backporting upstream commit 091c1dd2d4df ("mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM"). The backport incorrectly added unlock logic to a path where mmap_lock was provided by external context in do_migrate_pages(), creating lock imbalance when no VMAs are found. This fixes the report: WARNING: bad unlock balance detected! 6.6.79 #1 Not tainted ------------------------------------- repro/9655 is trying to release lock (&mm->mmap_lock) at: [<ffffffff81daa36f>] mmap_read_unlock include/linux/mmap_lock.h:173 [inline] [<ffffffff81daa36f>] do_migrate_pages+0x59f/0x700 mm/mempolicy.c:1196 but there are no more locks to release! other info that might help us debug this: no locks held by repro/9655. stack backtrace: CPU: 1 PID: 9655 Comm: a Not tainted 6.6.79 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd5/0x1b0 lib/dump_stack.c:106 __lock_release kernel/locking/lockdep.c:5431 [inline] lock_release+0x4b1/0x680 kernel/locking/lockdep.c:5774 up_read+0x12/0x20 kernel/locking/rwsem.c:1615 mmap_read_unlock include/linux/mmap_lock.h:173 [inline] do_migrate_pages+0x59f/0x700 mm/mempolicy.c:1196 kernel_migrate_pages+0x59b/0x780 mm/mempolicy.c:1665 __do_sys_migrate_pages mm/mempolicy.c:1684 [inline] __se_sys_migrate_pages mm/mempolicy.c:1680 [inline] __x64_sys_migrate_pages+0x92/0xf0 mm/mempolicy.c:1680 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: a13b2b9b0b0b ("mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM") Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in commit description. Fix braces for a single statement block. Add empty line after VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 94c74c594d10..d2855507d2e9 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1070,11 +1070,10 @@ static long migrate_to_node(struct mm_struct *mm, int source, int dest, node_set(source, nmask); VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + vma = find_vma(mm, 0); - if (unlikely(!vma)) { - mmap_read_unlock(mm); + if (unlikely(!vma)) return 0; - } /* * This does not migrate the range, but isolates all pages that -- 2.30.2

6 months, 1 week

2
1
0 0

[PATCH 6.1 000/176] 6.1.130-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.130 release. There are 176 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Mar 2025 17:44:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.130-rc1 Fullway Wang <fullwaywang(a)outlook.com> media: mtk-vcodec: potential null pointer deference in SCP Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() David Howells <dhowells(a)redhat.com> mm: Don't pin ZERO_PAGE in pin_user_pages() Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Or Har-Toov <ohartoov(a)nvidia.com> IB/core: Add support for XDR link speed Leon Romanovsky <leon(a)kernel.org> RDMA/mlx5: Reduce QP table exposure Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx: Calling qp event handler in workqueue context Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP Shay Drory <shayd(a)nvidia.com> RDMA/mlx5: Implement mkeys management via LIFO queue Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Add work to remove temporary entries from the cache Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Cache all user cacheable mkeys on dereg MR flow Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Introduce mlx5r_cache_rb_key Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Change the cache structure to an RB-tree Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Remove implicit ODP cache entry Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Don't keep umrable 'page_shift' in cache entries Xin Long <lucien.xin(a)gmail.com> netfilter: allow exp not to be removed in nf_ct_find_expectation Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Paolo Valente <paolo.valente(a)linaro.org> block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Yang Yingliang <yangyingliang(a)huawei.com> media: Switch to use dev_err_probe() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: trim addresses to 8 digits Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Add dummy clock ops Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Yang Yingliang <yangyingliang(a)huawei.com> spi: atmel-quadspi: switch to use modern name Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: atmel-quadspi: Add support for configuring CS timing Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Yu Kuai <yukuai3(a)huawei.com> md: simplify md_seq_ops Yu Kuai <yukuai3(a)huawei.com> md: factor out a helper from mddev_put() Yu Kuai <yukuai3(a)huawei.com> md: use separate work_struct for md_start_sync() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/core-api/pin_user_pages.rst | 6 + Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 20 +- arch/x86/kernel/cpu/cyrix.c | 4 +- block/bfq-cgroup.c | 97 +-- block/bfq-iosched.c | 195 ++++-- block/bfq-iosched.h | 51 +- drivers/bluetooth/btqca.c | 110 ++- drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mediatek/clk-mtk.c | 16 + drivers/clk/mediatek/clk-mtk.h | 19 + drivers/edac/qcom_edac.c | 4 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/tidss/tidss_dispc.c | 22 +- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/core/sysfs.c | 4 + drivers/infiniband/core/uverbs_std_types_device.c | 3 +- drivers/infiniband/core/verbs.c | 3 + drivers/infiniband/hw/mlx4/main.c | 8 + drivers/infiniband/hw/mlx4/mlx4_ib.h | 3 + drivers/infiniband/hw/mlx4/qp.c | 121 +++- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/main.c | 7 + drivers/infiniband/hw/mlx5/mlx5_ib.h | 60 +- drivers/infiniband/hw/mlx5/mr.c | 742 ++++++++++++++------- drivers/infiniband/hw/mlx5/odp.c | 40 +- drivers/infiniband/hw/mlx5/qp.c | 129 ++-- drivers/infiniband/hw/mlx5/qp.h | 14 +- drivers/infiniband/hw/mlx5/qpc.c | 3 +- drivers/infiniband/hw/mlx5/umr.c | 87 ++- drivers/md/md-bitmap.c | 34 +- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 +- drivers/md/md.c | 171 +++-- drivers/md/md.h | 5 +- drivers/media/cec/platform/stm32/stm32-cec.c | 9 +- drivers/media/i2c/ad5820.c | 18 +- drivers/media/i2c/imx274.c | 5 +- drivers/media/i2c/tc358743.c | 9 +- drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 +- .../platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 + .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +- .../media/platform/samsung/exynos4-is/media-dev.c | 4 +- drivers/media/platform/st/stm32/stm32-dcmi.c | 27 +- drivers/media/platform/ti/omap3isp/isp.c | 3 +- drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 +- drivers/media/rc/gpio-ir-recv.c | 10 +- drivers/media/rc/gpio-ir-tx.c | 9 +- drivers/media/rc/ir-rx51.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 ++- drivers/media/usb/uvc/uvc_driver.c | 35 +- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++- drivers/net/ethernet/ibm/ibmvnic.c | 85 ++- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx4/qp.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/ipvlan/ipvlan_core.c | 24 +- drivers/net/loopback.c | 14 + drivers/net/usb/gl620a.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/power/supply/da9150-fg.c | 4 +- drivers/scsi/scsi_lib.c | 22 +- drivers/scsi/sd.c | 4 + drivers/soc/mediatek/mtk-devapc.c | 36 +- drivers/spi/atmel-quadspi.c | 172 +++-- drivers/tee/optee/supp.c | 35 +- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 +- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 +++- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 4 + fs/squashfs/inode.c | 5 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/mlx4/qp.h | 1 + include/linux/mlx5/driver.h | 10 - include/linux/mm.h | 26 +- include/linux/netdevice.h | 2 + include/linux/ptrace.h | 4 + include/linux/skmsg.h | 2 + include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/route.h | 5 +- include/net/strparser.h | 2 + include/net/tcp.h | 22 + include/rdma/ib_verbs.h | 4 +- include/trace/events/icmp.h | 67 ++ include/trace/events/oom.h | 36 +- include/trace/events/sunrpc.h | 3 +- include/uapi/rdma/ib_user_ioctl_verbs.h | 3 +- io_uring/net.c | 4 +- kernel/acct.c | 134 ++-- kernel/bpf/syscall.c | 18 +- kernel/events/core.c | 17 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 30 +- kernel/trace/trace_events_hist.c | 34 +- kernel/trace/trace_functions.c | 6 +- mm/gup.c | 31 +- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/memory.c | 4 +- mm/oom_kill.c | 14 +- net/bluetooth/l2cap_core.c | 9 +- net/bpf/test_run.c | 5 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/skmsg.c | 7 + net/core/sysctl_net_core.c | 3 +- net/ipv4/arp.c | 2 +- net/ipv4/icmp.c | 24 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +- net/ipv6/seg6_iptunnel.c | 97 ++- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nft_ct.c | 2 + net/sched/sch_fifo.c | 3 + net/strparser/strparser.c | 11 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + 199 files changed, 3053 insertions(+), 1460 deletions(-)

6 months, 1 week

9
184
0 0

[PATCH] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model

by Thomas Mizrahi

The internal microphone on the Lenovo ThinkPad E16 model requires a quirk entry to work properly. This was fixed in a previous patch (linked below), but depending on the specific variant of the model, the product name may be "21M5" or "21M6". The following patch fixed this issue for the 21M5 variant: https://lore.kernel.org/all/20240725065442.9293-1-tiwai@suse.de/ This patch adds support for the microphone on the 21M6 variant. Link: https://github.com/ramaureirac/thinkpad-e14-linux/issues/31 Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Mizrahi <thomasmizra(a)gmail.com> --- I recently acquired a ThinkPad E16 Gen 2 AMD and could not get the internal microphone working. After some research, I discovered this issue. Since my machine is a 21M6 variant, the required quirk was not applied by the existing patch. After applying this patch and testing on my machine, the microphone was immediately recognized and worked without further issues. sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index b16587d8f97a..a7637056972a 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -248,6 +248,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "21M5"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "21M6"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.48.1

6 months, 1 week

2
1
0 0

Re: [PATCH v1] usb: core: fix pipe creation for get_bMaxPacketSize0

by Alan Stern

On Thu, Mar 06, 2025 at 09:06:23PM +0000, Colin Evans wrote: > > Please try collecting a usbmon trace for bus 2 showing the problem. > > Ideally the trace should show what happens from system boot-up, but > > there's no way to do that. Instead, you can do this (the first command > > below disables the bus, the second starts the usbmon trace, and the > > third re-enables the bus): > > > > echo 0 >/sys/bus/usb/devices/usb2/bConfigurationValue > > cat /sys/kernel/debug/usb/usbmon/2u >usbmon.txt & > > echo 1 >/sys/bus/usb/devices/usb2/bConfigurationValue > > > > Then after enough time has passed for the errors to show up, kill the > > "cat" process and post the resulting trace file. (Note: If your > > keyboard is attached to bus 2, you won't be able to use it to issue the > > second and third commands. You could use a network login, or put the > > commands into a shell file and run them that way.) > > > > In fact, you should do this twice: The second time, run it on machine 2 > > with the powered hub plugged in to suppress the errors. > > > > Alan Stern > > Happy to try this, but as it stands there is no such file, or file-like > thing, on my machine- > > # ls /sys/kernel/debug/usb/usbmon/2u > ls: cannot access '/sys/kernel/debug/usb/usbmon/2u': No such file or > directory > > # find /sys/kernel/debug/usb -name "2u" > # > > # ls /sys/kernel/debug/usb > devices ehci ohci uhci uvcvideo xhci > > > It seems something is missing? Ah -- you have to load the usbmon module first: modprobe usbmon Some distributions do this for you automatically. Alan Stern

6 months, 1 week

2
4
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030900-slaw-onstage-6b47@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

6 months, 1 week

3
3
0 0

Re: patch "acpi: typec: ucsi: Introduce a ->poll_cci method" added to usb-linus

by Fedor Pchelkin

On Wed, 19. Feb 15:20, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > acpi: typec: ucsi: Introduce a ->poll_cci method > > to my usb git tree which can be found at > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git > in the usb-linus branch. > > The patch will show up in the next release of the linux-next tree > (usually sometime within the next 24 hours during the week.) > > The patch will hopefully also be merged in Linus's tree for the > next -rc kernel release. > > If you have any questions about this process, please let me know. > > > From 976e7e9bdc7719a023a4ecccd2e3daec9ab20a40 Mon Sep 17 00:00:00 2001 > From: "Christian A. Ehrhardt" <lk(a)c--e.de> > Date: Mon, 17 Feb 2025 13:54:39 +0300 > Subject: acpi: typec: ucsi: Introduce a ->poll_cci method > > For the ACPI backend of UCSI the UCSI "registers" are just a memory copy > of the register values in an opregion. The ACPI implementation in the > BIOS ensures that the opregion contents are synced to the embedded > controller and it ensures that the registers (in particular CCI) are > synced back to the opregion on notifications. While there is an ACPI call > that syncs the actual registers to the opregion there is rarely a need to > do this and on some ACPI implementations it actually breaks in various > interesting ways. > > The only reason to force a sync from the embedded controller is to poll > CCI while notifications are disabled. Only the ucsi core knows if this > is the case and guessing based on the current command is suboptimal, i.e. > leading to the following spurious assertion splat: > > WARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] > CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1 > Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023 > Workqueue: events_long ucsi_init_work [typec_ucsi] > RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] > Call Trace: > <TASK> > ucsi_init_work+0x3c/0xac0 [typec_ucsi] > process_one_work+0x179/0x330 > worker_thread+0x252/0x390 > kthread+0xd2/0x100 > ret_from_fork+0x34/0x50 > ret_from_fork_asm+0x1a/0x30 > </TASK> > > Thus introduce a ->poll_cci() method that works like ->read_cci() with an > additional forced sync and document that this should be used when polling > with notifications disabled. For all other backends that presumably don't > have this issue use the same implementation for both methods. > > Fixes: fa48d7e81624 ("usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations") > Cc: stable <stable(a)kernel.org> Oh, the stable tag has been mangled here.. I didn't notice this, sorry. Now Cc'ing the appropriate list. Could you apply the patch to stables based on Fixes tag then, please? They are 6.12 and 6.13. Thanks! > Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> > Tested-by: Fedor Pchelkin <boddah8794(a)gmail.com> > Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> > Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> > Link: https://lore.kernel.org/r/20250217105442.113486-2-boddah8794@gmail.com > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/typec/ucsi/ucsi.c | 10 +++++----- > drivers/usb/typec/ucsi/ucsi.h | 2 ++ > drivers/usb/typec/ucsi/ucsi_acpi.c | 21 ++++++++++++++------- > drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + > drivers/usb/typec/ucsi/ucsi_glink.c | 1 + > drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + > drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + > 7 files changed, 25 insertions(+), 12 deletions(-) > > diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c > index fcf499cc9458..0fe1476f4c29 100644 > --- a/drivers/usb/typec/ucsi/ucsi.c > +++ b/drivers/usb/typec/ucsi/ucsi.c > @@ -1346,7 +1346,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > > mutex_lock(&ucsi->ppm_lock); > > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret < 0) > goto out; > > @@ -1364,7 +1364,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > > tmo = jiffies + msecs_to_jiffies(UCSI_TIMEOUT_MS); > do { > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret < 0) > goto out; > if (cci & UCSI_CCI_COMMAND_COMPLETE) > @@ -1393,7 +1393,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > /* Give the PPM time to process a reset before reading CCI */ > msleep(20); > > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret) > goto out; > > @@ -1929,8 +1929,8 @@ struct ucsi *ucsi_create(struct device *dev, const struct ucsi_operations *ops) > struct ucsi *ucsi; > > if (!ops || > - !ops->read_version || !ops->read_cci || !ops->read_message_in || > - !ops->sync_control || !ops->async_control) > + !ops->read_version || !ops->read_cci || !ops->poll_cci || > + !ops->read_message_in || !ops->sync_control || !ops->async_control) > return ERR_PTR(-EINVAL); > > ucsi = kzalloc(sizeof(*ucsi), GFP_KERNEL); > diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h > index 82735eb34f0e..28780acc4af2 100644 > --- a/drivers/usb/typec/ucsi/ucsi.h > +++ b/drivers/usb/typec/ucsi/ucsi.h > @@ -62,6 +62,7 @@ struct dentry; > * struct ucsi_operations - UCSI I/O operations > * @read_version: Read implemented UCSI version > * @read_cci: Read CCI register > + * @poll_cci: Read CCI register while polling with notifications disabled > * @read_message_in: Read message data from UCSI > * @sync_control: Blocking control operation > * @async_control: Non-blocking control operation > @@ -76,6 +77,7 @@ struct dentry; > struct ucsi_operations { > int (*read_version)(struct ucsi *ucsi, u16 *version); > int (*read_cci)(struct ucsi *ucsi, u32 *cci); > + int (*poll_cci)(struct ucsi *ucsi, u32 *cci); > int (*read_message_in)(struct ucsi *ucsi, void *val, size_t val_len); > int (*sync_control)(struct ucsi *ucsi, u64 command); > int (*async_control)(struct ucsi *ucsi, u64 command); > diff --git a/drivers/usb/typec/ucsi/ucsi_acpi.c b/drivers/usb/typec/ucsi/ucsi_acpi.c > index 5c5515551963..ac1ebb5d9527 100644 > --- a/drivers/usb/typec/ucsi/ucsi_acpi.c > +++ b/drivers/usb/typec/ucsi/ucsi_acpi.c > @@ -59,19 +59,24 @@ static int ucsi_acpi_read_version(struct ucsi *ucsi, u16 *version) > static int ucsi_acpi_read_cci(struct ucsi *ucsi, u32 *cci) > { > struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > - int ret; > - > - if (UCSI_COMMAND(ua->cmd) == UCSI_PPM_RESET) { > - ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); > - if (ret) > - return ret; > - } > > memcpy(cci, ua->base + UCSI_CCI, sizeof(*cci)); > > return 0; > } > > +static int ucsi_acpi_poll_cci(struct ucsi *ucsi, u32 *cci) > +{ > + struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > + int ret; > + > + ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); > + if (ret) > + return ret; > + > + return ucsi_acpi_read_cci(ucsi, cci); > +} > + > static int ucsi_acpi_read_message_in(struct ucsi *ucsi, void *val, size_t val_len) > { > struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > @@ -94,6 +99,7 @@ static int ucsi_acpi_async_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_acpi_ops = { > .read_version = ucsi_acpi_read_version, > .read_cci = ucsi_acpi_read_cci, > + .poll_cci = ucsi_acpi_poll_cci, > .read_message_in = ucsi_acpi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = ucsi_acpi_async_control > @@ -142,6 +148,7 @@ static int ucsi_gram_sync_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_gram_ops = { > .read_version = ucsi_acpi_read_version, > .read_cci = ucsi_acpi_read_cci, > + .poll_cci = ucsi_acpi_poll_cci, > .read_message_in = ucsi_gram_read_message_in, > .sync_control = ucsi_gram_sync_control, > .async_control = ucsi_acpi_async_control > diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c > index 740171f24ef9..4b1668733a4b 100644 > --- a/drivers/usb/typec/ucsi/ucsi_ccg.c > +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c > @@ -664,6 +664,7 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_ccg_ops = { > .read_version = ucsi_ccg_read_version, > .read_cci = ucsi_ccg_read_cci, > + .poll_cci = ucsi_ccg_read_cci, > .read_message_in = ucsi_ccg_read_message_in, > .sync_control = ucsi_ccg_sync_control, > .async_control = ucsi_ccg_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c > index fed39d458090..8af79101a2fc 100644 > --- a/drivers/usb/typec/ucsi/ucsi_glink.c > +++ b/drivers/usb/typec/ucsi/ucsi_glink.c > @@ -206,6 +206,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con) > static const struct ucsi_operations pmic_glink_ucsi_ops = { > .read_version = pmic_glink_ucsi_read_version, > .read_cci = pmic_glink_ucsi_read_cci, > + .poll_cci = pmic_glink_ucsi_read_cci, > .read_message_in = pmic_glink_ucsi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = pmic_glink_ucsi_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_stm32g0.c b/drivers/usb/typec/ucsi/ucsi_stm32g0.c > index 6923fad31d79..57ef7d83a412 100644 > --- a/drivers/usb/typec/ucsi/ucsi_stm32g0.c > +++ b/drivers/usb/typec/ucsi/ucsi_stm32g0.c > @@ -424,6 +424,7 @@ static irqreturn_t ucsi_stm32g0_irq_handler(int irq, void *data) > static const struct ucsi_operations ucsi_stm32g0_ops = { > .read_version = ucsi_stm32g0_read_version, > .read_cci = ucsi_stm32g0_read_cci, > + .poll_cci = ucsi_stm32g0_read_cci, > .read_message_in = ucsi_stm32g0_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = ucsi_stm32g0_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > index 4cae85c0dc12..d33e3f2dd1d8 100644 > --- a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > +++ b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > @@ -74,6 +74,7 @@ static int yoga_c630_ucsi_async_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations yoga_c630_ucsi_ops = { > .read_version = yoga_c630_ucsi_read_version, > .read_cci = yoga_c630_ucsi_read_cci, > + .poll_cci = yoga_c630_ucsi_read_cci, > .read_message_in = yoga_c630_ucsi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = yoga_c630_ucsi_async_control, > -- > 2.48.1 > >

6 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 69c58deec19628c8a686030102176484eb94fed4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030917-porridge-retired-1abd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69c58deec19628c8a686030102176484eb94fed4 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sun, 16 Feb 2025 22:30:02 +0000 Subject: [PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes While commit d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") makes sure that top half(TH) does not end up overwriting the cached events before processing them when the TH gets invoked more than one time, returning IRQ_HANDLED results in occasional irq storm where the TH hogs the CPU. The irq storm can be prevented by the flag before event handler busy is cleared. Default enable interrupt moderation in all versions which support them. ftrace event stub during dwc3 irq storm: irq/504_dwc3-1111 ( 1111) [000] .... 70.000866: irq_handler_exit: irq=14 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000872: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000874: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000881: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000883: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000889: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000892: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000898: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000901: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000907: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000909: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000915: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000918: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000924: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000927: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000933: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000935: irq_handler_exit: irq=504 ret=handled .... Cc: stable <stable(a)kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250216223003.3568039-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index dfa1b5fe48dc..2c472cb97f6c 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1835,8 +1835,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->tx_thr_num_pkt_prd = tx_thr_num_pkt_prd; dwc->tx_max_burst_prd = tx_max_burst_prd; - dwc->imod_interval = 0; - dwc->tx_fifo_resize_max_num = tx_fifo_resize_max_num; } @@ -1854,21 +1852,19 @@ static void dwc3_check_params(struct dwc3 *dwc) unsigned int hwparam_gen = DWC3_GHWPARAMS3_SSPHY_IFC(dwc->hwparams.hwparams3); - /* Check for proper value of imod_interval */ - if (dwc->imod_interval && !dwc3_has_imod(dwc)) { - dev_warn(dwc->dev, "Interrupt moderation not supported\n"); - dwc->imod_interval = 0; - } - /* + * Enable IMOD for all supporting controllers. + * + * Particularly, DWC_usb3 v3.00a must enable this feature for + * the following reason: + * * Workaround for STAR 9000961433 which affects only version * 3.00a of the DWC_usb3 core. This prevents the controller * interrupt from being masked while handling events. IMOD * allows us to work around this issue. Enable it for the * affected version. */ - if (!dwc->imod_interval && - DWC3_VER_IS(DWC3, 300A)) + if (dwc3_has_imod((dwc))) dwc->imod_interval = 1; /* Check the maximum_speed parameter */ diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index ddd6b2ce5710..89a4dc8ebf94 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4501,14 +4501,18 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_SIZE(evt->length)); + evt->flags &= ~DWC3_EVENT_PENDING; + /* + * Add an explicit write memory barrier to make sure that the update of + * clearing DWC3_EVENT_PENDING is observed in dwc3_check_event_buf() + */ + wmb(); + if (dwc->imod_interval) { dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), DWC3_GEVNTCOUNT_EHB); dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); } - /* Keep the clearing of DWC3_EVENT_PENDING at the end */ - evt->flags &= ~DWC3_EVENT_PENDING; - return ret; }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 69c58deec19628c8a686030102176484eb94fed4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030916-expenses-extended-20cc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69c58deec19628c8a686030102176484eb94fed4 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sun, 16 Feb 2025 22:30:02 +0000 Subject: [PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes While commit d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") makes sure that top half(TH) does not end up overwriting the cached events before processing them when the TH gets invoked more than one time, returning IRQ_HANDLED results in occasional irq storm where the TH hogs the CPU. The irq storm can be prevented by the flag before event handler busy is cleared. Default enable interrupt moderation in all versions which support them. ftrace event stub during dwc3 irq storm: irq/504_dwc3-1111 ( 1111) [000] .... 70.000866: irq_handler_exit: irq=14 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000872: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000874: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000881: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000883: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000889: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000892: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000898: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000901: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000907: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000909: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000915: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000918: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000924: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000927: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000933: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000935: irq_handler_exit: irq=504 ret=handled .... Cc: stable <stable(a)kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250216223003.3568039-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index dfa1b5fe48dc..2c472cb97f6c 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1835,8 +1835,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->tx_thr_num_pkt_prd = tx_thr_num_pkt_prd; dwc->tx_max_burst_prd = tx_max_burst_prd; - dwc->imod_interval = 0; - dwc->tx_fifo_resize_max_num = tx_fifo_resize_max_num; } @@ -1854,21 +1852,19 @@ static void dwc3_check_params(struct dwc3 *dwc) unsigned int hwparam_gen = DWC3_GHWPARAMS3_SSPHY_IFC(dwc->hwparams.hwparams3); - /* Check for proper value of imod_interval */ - if (dwc->imod_interval && !dwc3_has_imod(dwc)) { - dev_warn(dwc->dev, "Interrupt moderation not supported\n"); - dwc->imod_interval = 0; - } - /* + * Enable IMOD for all supporting controllers. + * + * Particularly, DWC_usb3 v3.00a must enable this feature for + * the following reason: + * * Workaround for STAR 9000961433 which affects only version * 3.00a of the DWC_usb3 core. This prevents the controller * interrupt from being masked while handling events. IMOD * allows us to work around this issue. Enable it for the * affected version. */ - if (!dwc->imod_interval && - DWC3_VER_IS(DWC3, 300A)) + if (dwc3_has_imod((dwc))) dwc->imod_interval = 1; /* Check the maximum_speed parameter */ diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index ddd6b2ce5710..89a4dc8ebf94 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4501,14 +4501,18 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_SIZE(evt->length)); + evt->flags &= ~DWC3_EVENT_PENDING; + /* + * Add an explicit write memory barrier to make sure that the update of + * clearing DWC3_EVENT_PENDING is observed in dwc3_check_event_buf() + */ + wmb(); + if (dwc->imod_interval) { dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), DWC3_GEVNTCOUNT_EHB); dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); } - /* Keep the clearing of DWC3_EVENT_PENDING at the end */ - evt->flags &= ~DWC3_EVENT_PENDING; - return ret; }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Set SUSPENDENABLE soon after phy init" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cc5bfc4e16fc1d1c520cd7bb28646e82b6e69217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030953-washboard-overcrowd-fed5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc5bfc4e16fc1d1c520cd7bb28646e82b6e69217 Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Thu, 30 Jan 2025 23:49:31 +0000 Subject: [PATCH] usb: dwc3: Set SUSPENDENABLE soon after phy init After phy initialization, some phy operations can only be executed while in lower P states. Ensure GUSB3PIPECTL.SUSPENDENABLE and GUSB2PHYCFG.SUSPHY are set soon after initialization to avoid blocking phy ops. Previously the SUSPENDENABLE bits are only set after the controller initialization, which may not happen right away if there's no gadget driver or xhci driver bound. Revise this to clear SUSPENDENABLE bits only when there's mode switching (change in GCTL.PRTCAPDIR). Fixes: 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init") Cc: stable <stable(a)kernel.org> Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/633aef0afee7d56d2316f7cc3e1b2a6d518a8cc9.17382809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2c472cb97f6c..66a08b527165 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -131,11 +131,24 @@ void dwc3_enable_susphy(struct dwc3 *dwc, bool enable) } } -void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode) +void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode, bool ignore_susphy) { + unsigned int hw_mode; u32 reg; reg = dwc3_readl(dwc->regs, DWC3_GCTL); + + /* + * For DRD controllers, GUSB3PIPECTL.SUSPENDENABLE and + * GUSB2PHYCFG.SUSPHY should be cleared during mode switching, + * and they can be set after core initialization. + */ + hw_mode = DWC3_GHWPARAMS0_MODE(dwc->hwparams.hwparams0); + if (hw_mode == DWC3_GHWPARAMS0_MODE_DRD && !ignore_susphy) { + if (DWC3_GCTL_PRTCAP(reg) != mode) + dwc3_enable_susphy(dwc, false); + } + reg &= ~(DWC3_GCTL_PRTCAPDIR(DWC3_GCTL_PRTCAP_OTG)); reg |= DWC3_GCTL_PRTCAPDIR(mode); dwc3_writel(dwc->regs, DWC3_GCTL, reg); @@ -216,7 +229,7 @@ static void __dwc3_set_mode(struct work_struct *work) spin_lock_irqsave(&dwc->lock, flags); - dwc3_set_prtcap(dwc, desired_dr_role); + dwc3_set_prtcap(dwc, desired_dr_role, false); spin_unlock_irqrestore(&dwc->lock, flags); @@ -658,16 +671,7 @@ static int dwc3_ss_phy_setup(struct dwc3 *dwc, int index) */ reg &= ~DWC3_GUSB3PIPECTL_UX_EXIT_PX; - /* - * Above DWC_usb3.0 1.94a, it is recommended to set - * DWC3_GUSB3PIPECTL_SUSPHY to '0' during coreConsultant configuration. - * So default value will be '0' when the core is reset. Application - * needs to set it to '1' after the core initialization is completed. - * - * Similarly for DRD controllers, GUSB3PIPECTL.SUSPENDENABLE must be - * cleared after power-on reset, and it can be set after core - * initialization. - */ + /* Ensure the GUSB3PIPECTL.SUSPENDENABLE is cleared prior to phy init. */ reg &= ~DWC3_GUSB3PIPECTL_SUSPHY; if (dwc->u2ss_inp3_quirk) @@ -747,15 +751,7 @@ static int dwc3_hs_phy_setup(struct dwc3 *dwc, int index) break; } - /* - * Above DWC_usb3.0 1.94a, it is recommended to set - * DWC3_GUSB2PHYCFG_SUSPHY to '0' during coreConsultant configuration. - * So default value will be '0' when the core is reset. Application - * needs to set it to '1' after the core initialization is completed. - * - * Similarly for DRD controllers, GUSB2PHYCFG.SUSPHY must be cleared - * after power-on reset, and it can be set after core initialization. - */ + /* Ensure the GUSB2PHYCFG.SUSPHY is cleared prior to phy init. */ reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; if (dwc->dis_enblslpm_quirk) @@ -830,6 +826,25 @@ static int dwc3_phy_init(struct dwc3 *dwc) goto err_exit_usb3_phy; } + /* + * Above DWC_usb3.0 1.94a, it is recommended to set + * DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY to '0' during + * coreConsultant configuration. So default value will be '0' when the + * core is reset. Application needs to set it to '1' after the core + * initialization is completed. + * + * Certain phy requires to be in P0 power state during initialization. + * Make sure GUSB3PIPECTL.SUSPENDENABLE and GUSB2PHYCFG.SUSPHY are clear + * prior to phy init to maintain in the P0 state. + * + * After phy initialization, some phy operations can only be executed + * while in lower P states. Ensure GUSB3PIPECTL.SUSPENDENABLE and + * GUSB2PHYCFG.SUSPHY are set soon after initialization to avoid + * blocking phy ops. + */ + if (!DWC3_VER_IS_WITHIN(DWC3, ANY, 194A)) + dwc3_enable_susphy(dwc, true); + return 0; err_exit_usb3_phy: @@ -1588,7 +1603,7 @@ static int dwc3_core_init_mode(struct dwc3 *dwc) switch (dwc->dr_mode) { case USB_DR_MODE_PERIPHERAL: - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, false); if (dwc->usb2_phy) otg_set_vbus(dwc->usb2_phy->otg, false); @@ -1600,7 +1615,7 @@ static int dwc3_core_init_mode(struct dwc3 *dwc) return dev_err_probe(dev, ret, "failed to initialize gadget\n"); break; case USB_DR_MODE_HOST: - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST, false); if (dwc->usb2_phy) otg_set_vbus(dwc->usb2_phy->otg, true); @@ -1645,7 +1660,7 @@ static void dwc3_core_exit_mode(struct dwc3 *dwc) } /* de-assert DRVVBUS for HOST and OTG mode */ - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, true); } static void dwc3_get_software_properties(struct dwc3 *dwc) @@ -2453,7 +2468,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (ret) return ret; - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, true); dwc3_gadget_resume(dwc); break; case DWC3_GCTL_PRTCAP_HOST: @@ -2461,7 +2476,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) ret = dwc3_core_init_for_resume(dwc); if (ret) return ret; - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST, true); break; } /* Restore GUSB2PHYCFG bits that were modified in suspend */ @@ -2490,7 +2505,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (ret) return ret; - dwc3_set_prtcap(dwc, dwc->current_dr_role); + dwc3_set_prtcap(dwc, dwc->current_dr_role, true); dwc3_otg_init(dwc); if (dwc->current_otg_role == DWC3_OTG_ROLE_HOST) { diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c955039bb4f6..aaa39e663f60 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1558,7 +1558,7 @@ struct dwc3_gadget_ep_cmd_params { #define DWC3_HAS_OTG BIT(3) /* prototypes */ -void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode); +void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode, bool ignore_susphy); void dwc3_set_mode(struct dwc3 *dwc, u32 mode); u32 dwc3_core_fifo_space(struct dwc3_ep *dep, u8 type); diff --git a/drivers/usb/dwc3/drd.c b/drivers/usb/dwc3/drd.c index d76ae676783c..7977860932b1 100644 --- a/drivers/usb/dwc3/drd.c +++ b/drivers/usb/dwc3/drd.c @@ -173,7 +173,7 @@ void dwc3_otg_init(struct dwc3 *dwc) * block "Initialize GCTL for OTG operation". */ /* GCTL.PrtCapDir=2'b11 */ - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG, true); /* GUSB2PHYCFG0.SusPHY=0 */ reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; @@ -556,7 +556,7 @@ int dwc3_drd_init(struct dwc3 *dwc) dwc3_drd_update(dwc); } else { - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG, true); /* use OTG block to get ID event */ irq = dwc3_otg_get_irq(dwc);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030902-fernlike-flashback-65c0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030959-thee-uniformed-b4eb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030959-character-delouse-db17@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

6 months, 1 week

1
0
0 0