- Linux-stable-mirror - lists.linaro.org

[PATCH 5.15.y] drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links

by jianqi.ren.cn＠windriver.com

From: Hersen Wu <hersenxs.wu(a)amd.com> [ Upstream commit cf8b16857db702ceb8d52f9219a4613363e2b1cf ] [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Minor conflict resolved due to code context change. And the macro MAX_LINKS is introduced by Commit 60df5628144b ("drm/amd/display: handle invalid connector indices") after 6.10. So here we still use the original array length MAX_PIPES * 2] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index a33ca712a89c..b1f4d8a84e1b 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4321,17 +4321,17 @@ static int amdgpu_dm_initialize_drm_device(struct amdgpu_device *adev) } #endif + if (link_cnt > (MAX_PIPES * 2)) { + DRM_ERROR( + "KMS: Cannot support more than %d display indexes\n", + MAX_PIPES * 2); + goto fail; + } + /* loops over all connectors on the board */ for (i = 0; i < link_cnt; i++) { struct dc_link *link = NULL; - if (i > AMDGPU_DM_MAX_DISPLAY_INDEX) { - DRM_ERROR( - "KMS: Cannot support more than %d display indexes\n", - AMDGPU_DM_MAX_DISPLAY_INDEX); - continue; - } - aconnector = kzalloc(sizeof(*aconnector), GFP_KERNEL); if (!aconnector) goto fail; -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH 6.6.y] drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links

by jianqi.ren.cn＠windriver.com

From: Hersen Wu <hersenxs.wu(a)amd.com> [ Upstream commit cf8b16857db702ceb8d52f9219a4613363e2b1cf ] [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Minor conflict resolved due to code context change. And the macro MAX_LINKS is introduced by Commit 60df5628144b ("drm/amd/display: handle invalid connector indices") after 6.10. So here we still use the original array length MAX_PIPES * 2] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 3696b9112c74..28f2b4022d34 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4484,17 +4484,17 @@ static int amdgpu_dm_initialize_drm_device(struct amdgpu_device *adev) } } + if (link_cnt > (MAX_PIPES * 2)) { + DRM_ERROR( + "KMS: Cannot support more than %d display indexes\n", + MAX_PIPES * 2); + goto fail; + } + /* loops over all connectors on the board */ for (i = 0; i < link_cnt; i++) { struct dc_link *link = NULL; - if (i > AMDGPU_DM_MAX_DISPLAY_INDEX) { - DRM_ERROR( - "KMS: Cannot support more than %d display indexes\n", - AMDGPU_DM_MAX_DISPLAY_INDEX); - continue; - } - aconnector = kzalloc(sizeof(*aconnector), GFP_KERNEL); if (!aconnector) goto fail; -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH 6.1.y] btrfs: fix qgroup reserve leaks in cow_file_range

by jianqi.ren.cn＠windriver.com

From: Boris Burkov <boris(a)bur.io> [ Upstream commit 30479f31d44d47ed00ae0c7453d9b253537005b2 ] In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note that because we *do* clear delalloc, we are likely to remove the inode from the delalloc list, so the inodes/pages to not have invalidate/launder called on them in the commit abort path. This results in failures at the unmount stage of the test that look like: BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:close_ctree+0x222/0x4d0 [btrfs] RSP: 0018:ffffb4465283be00 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8 RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0 Call Trace: <TASK> ? close_ctree+0x222/0x4d0 [btrfs] ? __warn.cold+0x8e/0xea ? close_ctree+0x222/0x4d0 [btrfs] ? report_bug+0xff/0x140 ? handle_bug+0x3b/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? close_ctree+0x222/0x4d0 [btrfs] generic_shutdown_super+0x70/0x160 kill_anon_super+0x11/0x40 btrfs_kill_super+0x11/0x20 [btrfs] deactivate_locked_super+0x2e/0xa0 cleanup_mnt+0xb5/0x150 task_work_run+0x57/0x80 syscall_exit_to_user_mode+0x121/0x130 do_syscall_64+0xab/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f916847a887 ---[ end trace 0000000000000000 ]--- BTRFS error (device dm-8 state EA): qgroup reserved space leaked Cases 2 and 3 in the out_reserve path both pertain to this type of leak and must free the reserved qgroup data. Because it is already an error path, I opted not to handle the possible errors in btrfs_free_qgroup_data. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/inode.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index a13ab3abef12..2102cd676be3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1428,6 +1428,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode, locked_page, clear_bits, page_ops); + btrfs_qgroup_free_data(inode, NULL, start, cur_alloc_size, NULL); start += cur_alloc_size; } @@ -1441,6 +1442,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode, clear_bits |= EXTENT_CLEAR_DATA_RESV; extent_clear_unlock_delalloc(inode, start, end, locked_page, clear_bits, page_ops); + btrfs_qgroup_free_data(inode, NULL, start, cur_alloc_size, NULL); } return ret; } @@ -2168,13 +2170,15 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, if (nocow) btrfs_dec_nocow_writers(bg); - if (ret && cur_offset < end) + if (ret && cur_offset < end) { extent_clear_unlock_delalloc(inode, cur_offset, end, locked_page, EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DEFRAG | EXTENT_DO_ACCOUNTING, PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK); + btrfs_qgroup_free_data(inode, NULL, cur_offset, end - cur_offset + 1, NULL); + } btrfs_free_path(path); return ret; } -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH 5.15.y] smb: client: fix potential deadlock when releasing mids

by Cliff Liu

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit e6322fd177c6885a21dd4609dc5e5c973d1a2eb7 ] All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&server->mid_lock); spin_lock(&cifs_tcp_ses_lock) spin_lock(&server->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) *deadlock* Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [cifs_mid_q_entry_release() is renamed to release_mid() and _cifs_mid_q_entry_release() is renamed to __release_mid() by commit 70f08f914a37 ("cifs: remove useless DeleteMidQEntry()") which is integrated into v6.0, so preserve old names in v5.15.] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- fs/cifs/cifsproto.h | 7 ++++++- fs/cifs/smb2misc.c | 2 +- fs/cifs/transport.c | 9 +-------- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 50844d51da5d..7d00802f9722 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h @@ -83,7 +83,7 @@ extern struct mid_q_entry *AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server); extern void DeleteMidQEntry(struct mid_q_entry *midEntry); extern void cifs_delete_mid(struct mid_q_entry *mid); -extern void cifs_mid_q_entry_release(struct mid_q_entry *midEntry); +void _cifs_mid_q_entry_release(struct kref *refcount); extern void cifs_wake_up_task(struct mid_q_entry *mid); extern int cifs_handle_standard(struct TCP_Server_Info *server, struct mid_q_entry *mid); @@ -637,4 +637,9 @@ static inline int cifs_create_options(struct cifs_sb_info *cifs_sb, int options) struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon); void cifs_put_tcon_super(struct super_block *sb); +static inline void cifs_mid_q_entry_release(struct mid_q_entry *midEntry) +{ + kref_put(&midEntry->refcount, _cifs_mid_q_entry_release); +} + #endif /* _CIFSPROTO_H */ diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 8f409404aee1..89a2f38f17f3 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -759,7 +759,7 @@ __smb2_handle_cancelled_cmd(struct cifs_tcon *tcon, __u16 cmd, __u64 mid, { struct close_cancelled_open *cancelled; - cancelled = kzalloc(sizeof(*cancelled), GFP_ATOMIC); + cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); if (!cancelled) return -ENOMEM; diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 49b7edbe3497..57d72eb13f8b 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -73,7 +73,7 @@ AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) return temp; } -static void _cifs_mid_q_entry_release(struct kref *refcount) +void _cifs_mid_q_entry_release(struct kref *refcount) { struct mid_q_entry *midEntry = container_of(refcount, struct mid_q_entry, refcount); @@ -152,13 +152,6 @@ static void _cifs_mid_q_entry_release(struct kref *refcount) mempool_free(midEntry, cifs_mid_poolp); } -void cifs_mid_q_entry_release(struct mid_q_entry *midEntry) -{ - spin_lock(&GlobalMid_Lock); - kref_put(&midEntry->refcount, _cifs_mid_q_entry_release); - spin_unlock(&GlobalMid_Lock); -} - void DeleteMidQEntry(struct mid_q_entry *midEntry) { cifs_mid_q_entry_release(midEntry); -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH v3] arm/memremap: fix arch_memremap_can_ram_remap()

by Ross Stutterheim

commit 260364d112bc ("arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map") added the definition of arch_memremap_can_ram_remap() for arm[64] specific filtering of what pages can be used from the linear mapping. memblock_is_map_memory() was called with the pfn of the address given to arch_memremap_can_ram_remap(); however, memblock_is_map_memory() expects to be given an address for arm, not a pfn. This results in calls to memremap() returning a newly mapped area when it should return an address in the existing linear mapping. Fix this by removing the address to pfn translation and pass the address directly. Fixes: 260364d112bc ("arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map") Signed-off-by: Ross Stutterheim <ross.stutterheim(a)garmin.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Russell King <linux(a)armlinux.org.uk> Cc: stable(a)vger.kernel.org Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- arch/arm/mm/ioremap.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 748698e91a4b..27e64f782cb3 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -515,7 +515,5 @@ void __init early_ioremap_init(void) bool arch_memremap_can_ram_remap(resource_size_t offset, size_t size, unsigned long flags) { - unsigned long pfn = PHYS_PFN(offset); - - return memblock_is_map_memory(pfn); + return memblock_is_map_memory(offset); } -- 2.49.0

6 months, 1 week

1
0
0 0

[PATCH v2] dm-bufio: don't schedule in atomic context

by LongPing Wei

A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. Fixes: 7cd326747f46 ("dm bufio: remove dm_bufio_cond_resched()") Signed-off-by: LongPing Wei <weilongping(a)oppo.com> Cc: stable(a)vger.kernel.org --- v2: When no_sleep is enabled, drops the lock after every 16 iterations and calls cond_resched() with the lock dropped. --- drivers/md/dm-bufio.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 9c8ed65cd87e..e82e85591499 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -2424,7 +2424,15 @@ static void __scan(struct dm_bufio_client *c) atomic_long_dec(&c->need_shrink); freed++; - cond_resched(); + + if (static_branch_unlikely(&no_sleep_enabled) && c->no_sleep) { + if (!(freed & 15)) { + dm_bufio_unlock(c); + cond_resched(); + dm_bufio_lock(c); + } + } else + cond_resched(); } } } -- 2.34.1

6 months, 1 week

1
0
0 0

[tip: irq/urgent] irqchip/renesas-rzv2h: Prevent TINT spurious interrupt

by tip-bot2 for Biju Das

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 28e89cdac6482f3c980df3e2e245db7366269124 Gitweb: https://git.kernel.org/tip/28e89cdac6482f3c980df3e2e245db7366269124 Author: Biju Das <biju.das.jz(a)bp.renesas.com> AuthorDate: Tue, 15 Apr 2025 11:33:41 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 16 Apr 2025 14:29:38 +02:00 irqchip/renesas-rzv2h: Prevent TINT spurious interrupt A spurious TINT interrupt is seen during boot on RZ/G3E SMARC EVK. A glitch in the edge detection circuit can cause a spurious interrupt. Clear the status flag after setting the ICU_TSSRk registers, which is recommended in the hardware manual as a countermeasure. Fixes: 0d7605e75ac2 ("irqchip: Add RZ/V2H(P) Interrupt Control Unit (ICU) driver") Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-renesas-rzv2h.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/irqchip/irq-renesas-rzv2h.c b/drivers/irqchip/irq-renesas-rzv2h.c index 3d5b5fd..0f0fd7d 100644 --- a/drivers/irqchip/irq-renesas-rzv2h.c +++ b/drivers/irqchip/irq-renesas-rzv2h.c @@ -170,6 +170,14 @@ static void rzv2h_tint_irq_endisable(struct irq_data *d, bool enable) else tssr &= ~ICU_TSSR_TIEN(tssel_n, priv->info->field_width); writel_relaxed(tssr, priv->base + priv->info->t_offs + ICU_TSSR(k)); + + /* + * A glitch in the edge detection circuit can cause a spurious + * interrupt. Clear the status flag after setting the ICU_TSSRk + * registers, which is recommended by the hardware manual as a + * countermeasure. + */ + writel_relaxed(BIT(tint_nr), priv->base + priv->info->t_offs + ICU_TSCLR); } static void rzv2h_icu_irq_disable(struct irq_data *d)

6 months, 1 week

1
0
0 0

[PATCH v3] usb: dwc3: Abort suspend on soft disconnect failure

by Kuen-Han Tsai

When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: 9f8a67b65a49 ("usb: dwc3: gadget: fix gadget suspend/resume") CC: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- Kernel panic - not syncing: Asynchronous SError Interrupt Workqueue: events vbus_event_work Call trace: dump_backtrace+0xf4/0x118 show_stack+0x18/0x24 dump_stack_lvl+0x60/0x7c dump_stack+0x18/0x3c panic+0x16c/0x390 nmi_panic+0xa4/0xa8 arm64_serror_panic+0x6c/0x94 do_serror+0xc4/0xd0 el1h_64_error_handler+0x34/0x48 el1h_64_error+0x68/0x6c readl+0x4c/0x8c __dwc3_gadget_ep_disable+0x48/0x230 dwc3_gadget_ep_disable+0x50/0xc0 usb_ep_disable+0x44/0xe4 ffs_func_eps_disable+0x64/0xc8 ffs_func_set_alt+0x74/0x368 ffs_func_disable+0x18/0x28 composite_disconnect+0x90/0xec configfs_composite_disconnect+0x64/0x88 usb_gadget_disconnect_locked+0xc0/0x168 vbus_event_work+0x3c/0x58 process_one_work+0x1e4/0x43c worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 --- Changelog: v3: - change the Fixes tag v2: - move declarations in separate lines - add the Fixes tag --- drivers/usb/dwc3/core.c | 9 +++++++-- drivers/usb/dwc3/gadget.c | 22 +++++++++------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 66a08b527165..1cf1996ae1fb 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2388,6 +2388,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2406,7 +2407,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2441,7 +2444,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89a4dc8ebf94..316c1589618e 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4776,26 +4776,22 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; - - spin_lock_irqsave(&dwc->lock, flags); - if (dwc->gadget_driver) - dwc3_disconnect_gadget(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); - - return 0; - -err: /* * Attempt to reset the controller's state. Likely no * communication can be established until the host * performs a port reset. */ - if (dwc->softconnect) + if (ret && dwc->softconnect) { dwc3_gadget_soft_connect(dwc); + return ret; + } - return ret; + spin_lock_irqsave(&dwc->lock, flags); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); + spin_unlock_irqrestore(&dwc->lock, flags); + + return 0; } int dwc3_gadget_resume(struct dwc3 *dwc) -- 2.49.0.472.ge94155a9ec-goog

6 months, 1 week

3
4
0 0

[PATCH] cpufreq: cppc: Fix invalid return value in .get() callback

by Marc Zyngier

Returning a negative error code in a function with an unsigned return type is a pretty bad idea. It is probably worse when the justification for the change is "our static analisys tool found it". Fixes: cf7de25878a1 ("cppc_cpufreq: Fix possible null pointer dereference") Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org Cc: "Rafael J. Wysocki" <rafael(a)kernel.org> Cc: Viresh Kumar <viresh.kumar(a)linaro.org> --- drivers/cpufreq/cppc_cpufreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index b3d74f9adcf0b..cb93f00bafdba 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -747,7 +747,7 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu) int ret; if (!policy) - return -ENODEV; + return 0; cpu_data = policy->driver_data; -- 2.39.2

6 months, 1 week

3
2
0 0

[PATCH] sched/fair: Add null pointer check to pick_next_entity()

by Pat Cody

pick_eevdf() can return null, resulting in a null pointer dereference crash in pick_next_entity() The other call site of pick_eevdf() can already handle a null pointer, and pick_next_entity() can already return null as well. Add an extra check to handle the null return here. Cc: stable(a)vger.kernel.org Fixes: f12e148892ed ("sched/fair: Prepare pick_next_task() for delayed dequeue") Signed-off-by: Pat Cody <pat(a)patcody.io> --- kernel/sched/fair.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index a553181dc764..f2157298cbce 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -5560,6 +5560,8 @@ pick_next_entity(struct rq *rq, struct cfs_rq *cfs_rq) } struct sched_entity *se = pick_eevdf(cfs_rq); + if (!se) + return NULL; if (se->sched_delayed) { dequeue_entities(rq, se, DEQUEUE_SLEEP | DEQUEUE_DELAYED); /* -- 2.47.1

6 months, 1 week

5
15
0 0

[PATCH v3 1/7] arm64: dts: ti: j721e-sk: Add DT nodes for power regulators

by Yemike Abhilash Chandra

Add device tree nodes for two power regulators on the J721E SK board. vsys_5v0: A fixed regulator representing the 5V supply output from the LM61460 and vdd_sd_dv: A GPIO-controlled TLV71033 regulator. J721E-SK schematics: https://www.ti.com/lit/zip/sprr438 Fixes: 1bfda92a3a36 ("arm64: dts: ti: Add support for J721E SK") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- Changelog: Changes in v3: - Change the PIN_INPUT to PIN_OUTPUT to control the regulator. arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 31 ++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk.dts b/arch/arm64/boot/dts/ti/k3-j721e-sk.dts index 440ef57be294..ffef3d1cfd55 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk.dts @@ -184,6 +184,17 @@ vsys_3v3: fixedregulator-vsys3v3 { regulator-boot-on; }; + vsys_5v0: fixedregulator-vsys5v0 { + /* Output of LM61460 */ + compatible = "regulator-fixed"; + regulator-name = "vsys_5v0"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; + vin-supply = <&vusb_main>; + regulator-always-on; + regulator-boot-on; + }; + vdd_mmc1: fixedregulator-sd { compatible = "regulator-fixed"; pinctrl-names = "default"; @@ -211,6 +222,20 @@ vdd_sd_dv_alt: gpio-regulator-tps659411 { <3300000 0x1>; }; + vdd_sd_dv: gpio-regulator-TLV71033 { + compatible = "regulator-gpio"; + pinctrl-names = "default"; + pinctrl-0 = <&vdd_sd_dv_pins_default>; + regulator-name = "tlv71033"; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <3300000>; + regulator-boot-on; + vin-supply = <&vsys_5v0>; + gpios = <&main_gpio0 118 GPIO_ACTIVE_HIGH>; + states = <1800000 0x0>, + <3300000 0x1>; + }; + transceiver1: can-phy1 { compatible = "ti,tcan1042"; #phy-cells = <0>; @@ -613,6 +638,12 @@ J721E_WKUP_IOPAD(0xd4, PIN_OUTPUT, 7) /* (G26) WKUP_GPIO0_9 */ >; }; + vdd_sd_dv_pins_default: vdd-sd-dv-default-pins { + pinctrl-single,pins = < + J721E_IOPAD(0x1dc, PIN_OUTPUT, 7) /* (Y1) SPI1_CLK.GPIO0_118 */ + >; + }; + wkup_uart0_pins_default: wkup-uart0-default-pins { pinctrl-single,pins = < J721E_WKUP_IOPAD(0xa0, PIN_INPUT, 0) /* (J29) WKUP_UART0_RXD */ -- 2.34.1

6 months, 1 week

2
1
0 0

[alternative-merged] lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/test_ubsan.c: fix panic from test_ubsan_out_of_bounds has been removed from the -mm tree. Its filename was lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Mostafa Saleh <smostafa(a)google.com> Subject: lib/test_ubsan.c: fix panic from test_ubsan_out_of_bounds Date: Mon, 14 Apr 2025 21:36:48 +0000 Running lib_ubsan.ko on arm64 (without CONFIG_UBSAN_TRAP) panics the kernel [ 31.616546] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: test_ubsan_out_of_bounds+0x158/0x158 [test_ubsan] [ 31.646817] CPU: 3 UID: 0 PID: 179 Comm: insmod Not tainted 6.15.0-rc2 #1 PREEMPT [ 31.648153] Hardware name: linux,dummy-virt (DT) [ 31.648970] Call trace: [ 31.649345] show_stack+0x18/0x24 (C) [ 31.650960] dump_stack_lvl+0x40/0x84 [ 31.651559] dump_stack+0x18/0x24 [ 31.652264] panic+0x138/0x3b4 [ 31.652812] __ktime_get_real_seconds+0x0/0x10 [ 31.653540] test_ubsan_load_invalid_value+0x0/0xa8 [test_ubsan] [ 31.654388] init_module+0x24/0xff4 [test_ubsan] [ 31.655077] do_one_initcall+0xd4/0x280 [ 31.655680] do_init_module+0x58/0x2b4 That happens because the test corrupts other data in the stack: 400: d5384108 mrs x8, sp_el0 404: f9426d08 ldr x8, [x8, #1240] 408: f85f83a9 ldur x9, [x29, #-8] 40c: eb09011f cmp x8, x9 410: 54000301 b.ne 470 <test_ubsan_out_of_bounds+0x154> // b.any As there is no guarantee the compiler will order the local variables as declared in the module: volatile char above[4] = { }; /* Protect surrounding memory. */ volatile int arr[4]; volatile char below[4] = { }; /* Protect surrounding memory. */ So, instead of writing out-of-bound, we can read out-of-bound which still triggers UBSAN but doesn't corrupt the stack. Link: https://lkml.kernel.org/r/20250414213648.2660150-1-smostafa@google.com Fixes: 4a26f49b7b3d ubsan: ("expand tests and reporting") Signed-off-by: Mostafa Saleh <smostafa(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Macro Elver <elver(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/test_ubsan.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) --- a/lib/test_ubsan.c~lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds +++ a/lib/test_ubsan.c @@ -77,18 +77,15 @@ static void test_ubsan_shift_out_of_boun static void test_ubsan_out_of_bounds(void) { - volatile int i = 4, j = 5, k = -1; - volatile char above[4] = { }; /* Protect surrounding memory. */ + volatile int j = 5, k = -1; + volatile int scratch[4] = { }; volatile int arr[4]; - volatile char below[4] = { }; /* Protect surrounding memory. */ - - above[0] = below[0]; UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "above"); - arr[j] = i; + scratch[1] = arr[j]; UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "below"); - arr[k] = i; + scratch[2] = arr[k]; } enum ubsan_test_enum { _ Patches currently in -mm which might be from smostafa(a)google.com are

6 months, 1 week

1
0
0 0

[PATCH v2] mm: fix ratelimit_pages update error in dirty_ratio_handler()

by alexjlzheng＠gmail.com

From: Jinliang Zheng <alexjlzheng(a)tencent.com> In the dirty_ratio_handler() function, vm_dirty_bytes must be set to zero before calling writeback_set_ratelimit(), as global_dirty_limits() always prioritizes the value of vm_dirty_bytes. That causes ratelimit_pages to still use the value calculated based on vm_dirty_bytes, which is wrong now. Fixes: 9d823e8f6b1b ("writeback: per task dirty rate limit") Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com> Reviewed-by: MengEn Sun <mengensun(a)tencent.com> Cc: stable(a)vger.kernel.org --- Changelog: v2: A more detailed description v1: https://lore.kernel.org/linux-fsdevel/20250415083542.6946-1-alexjlzheng@ten… --- mm/page-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/page-writeback.c b/mm/page-writeback.c index c81624bc3969..20e1d76f1eba 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -520,8 +520,8 @@ static int dirty_ratio_handler(const struct ctl_table *table, int write, void *b ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_ratio != old_ratio) { - writeback_set_ratelimit(); vm_dirty_bytes = 0; + writeback_set_ratelimit(); } return ret; } -- 2.49.0

6 months, 1 week

3
2
0 0

[PATCH] Revert "virtio_pci: Support surprise removal of virtio pci device"

by Parav Pandit

This reverts commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device"). The cited commit introduced a fix that marks the device as broken during surprise removal. However, this approach causes uncompleted I/O requests on virtio-blk device. The presence of uncompleted I/O requests prevents the successful removal of virtio-blk devices. This fix allows devices that simulate a surprise removal but actually remove gracefully to continue working as before. For surprise removals, a better solution will be preferred in the future. Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") Cc: stable(a)vger.kernel.org Reported-by: lirongqing(a)baidu.com Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… Reviewed-by: Max Gurtovoy<mgurtovoy(a)nvidia.com> Signed-off-by: Parav Pandit <parav(a)nvidia.com> --- drivers/virtio/virtio_pci_common.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c index d6d79af44569..dba5eb2eaff9 100644 --- a/drivers/virtio/virtio_pci_common.c +++ b/drivers/virtio/virtio_pci_common.c @@ -747,13 +747,6 @@ static void virtio_pci_remove(struct pci_dev *pci_dev) struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev); struct device *dev = get_device(&vp_dev->vdev.dev); - /* - * Device is marked broken on surprise removal so that virtio upper - * layers can abort any ongoing operation. - */ - if (!pci_device_is_present(pci_dev)) - virtio_break_device(&vp_dev->vdev); - pci_disable_sriov(pci_dev); unregister_virtio_device(&vp_dev->vdev); -- 2.26.2

6 months, 1 week

2
4
0 0

[PATCH REGRESSION-FIX] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

by Brett Mastbergen via B4 Relay

From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com --- 6.12.23 fails to build with the following error if CONFIG_XEN_PV is not set: arch/x86/coco/tdx/tdx.c: In function ‘tdx_early_init’: arch/x86/coco/tdx/tdx.c:1080:19: error: ‘struct pv_irq_ops’ has no member named ‘safe_halt’ 1080 | pv_ops.irq.safe_halt = tdx_safe_halt; | ^ arch/x86/coco/tdx/tdx.c:1081:19: error: ‘struct pv_irq_ops’ has no member named ‘halt’ 1081 | pv_ops.irq.halt = tdx_halt; | ^ This is because XEN_PV selects PARAVIRT_XXL, and 'safe_halt' and 'halt' are only defined for pv_irq_ops if PARAVIRT_XXL is defined. The build breakage was introduced in 6.12.23 by stable commit 805e3ce5e0e3 which is a backport of 9f98a4f4e721 ("x86/tdx: Fix arch_safe_halt() execution for TDX VMs"). Consider picking up upstream commit 22cc5ca5de52 ("x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT") for stable 6.12.y which fixes the build regression by moving 'safe_halt' and 'halt' out from under the PARAVIRT_XXL config. This patch is 22cc5ca5de52 backported to 6.12.23. There were a couple of merge conflicts due to the missing upstream commits below: 29188c160061 ("x86/paravirt: Remove the WBINVD callback") 3101900218d7 ("x86/paravirt: Remove unused paravirt_disable_iospace()") I wasn't sure if it was appropriate to pull those to stable as well and the merge conflicts were trivial. Thanks! Signed-off-by: Brett Mastbergen <bmastbergen(a)ciq.com> --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++++++---------------- arch/x86/include/asm/paravirt.h | 20 +++++++++--------- arch/x86/include/asm/paravirt_types.h | 3 +-- arch/x86/kernel/paravirt.c | 13 +++++++----- 4 files changed, 41 insertions(+), 35 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index cf7fc2b8e3ce1f4e5f5703ae9fbb5a7e1182ad4f..1c2db11a2c3cb9a289d80d4900b9933275d1eea6 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index d4eb9e1d61b8ef8a3fc3a2510b0615ea93c11cb8..75d4c994f5e2a5dcbc2edbf7eed617de4a141fa0 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - extern noinstr void pv_native_wbinvd(void); static __always_inline void wbinvd(void) diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 8d4fbe1be489549ad33c968c2132bdbaf739b871..9334fdd1f6350231af7089802dfb94daa1653965 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -122,10 +122,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index fec38153355581215eb93b6301ae90b6f0bd06c5..0c1b915d7efac895b2c8be67eb3b84b998d00fbc 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -100,6 +100,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -121,10 +126,6 @@ noinstr void pv_native_wbinvd(void) native_wbinvd(); } -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -182,9 +183,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local, --- base-commit: 83b4161a63b87ce40d9f24f09b5b006f63d95b7c change-id: 20250415-stable_fixup-c7b936473f53 Best regards, -- Brett Mastbergen <bmastbergen(a)ciq.com>

6 months, 1 week

2
1
0 0

+ mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix ratelimit_pages update error in dirty_ratio_handler() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinliang Zheng <alexjlzheng(a)tencent.com> Subject: mm: fix ratelimit_pages update error in dirty_ratio_handler() Date: Tue, 15 Apr 2025 17:02:32 +0800 In dirty_ratio_handler(), vm_dirty_bytes must be set to zero before calling writeback_set_ratelimit(), as global_dirty_limits() always prioritizes the value of vm_dirty_bytes. That causes ratelimit_pages to still use the value calculated based on vm_dirty_bytes, which is wrong now. Link: https://lkml.kernel.org/r/20250415090232.7544-1-alexjlzheng@tencent.com Fixes: 9d823e8f6b1b ("writeback: per task dirty rate limit") Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com> Reviewed-by: MengEn Sun <mengensun(a)tencent.com> Cc: Andrea Righi <andrea(a)betterlinux.com> Cc: Fenggaung Wu <fengguang.wu(a)intel.com> Cc: Jinliang Zheng <alexjlzheng(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/page-writeback.c~mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler +++ a/mm/page-writeback.c @@ -520,8 +520,8 @@ static int dirty_ratio_handler(const str ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_ratio != old_ratio) { - writeback_set_ratelimit(); vm_dirty_bytes = 0; + writeback_set_ratelimit(); } return ret; } _ Patches currently in -mm which might be from alexjlzheng(a)tencent.com are mm-fix-ratelimit_pages-update-error-in-dirty_ratio_handler.patch

6 months, 1 week

1
0
0 0

[PATCH] drm/xe/userptr: fix notifier vs folio deadlock

by Matthew Auld

User is reporting what smells like notifier vs folio deadlock, where migrate_pages_batch() on core kernel side is holding folio lock(s) and then interacting with the mappings of it, however those mappings are tied to some userptr, which means calling into the notifier callback and grabbing the notifier lock. With perfect timing it looks possible that the pages we pulled from the hmm fault can get sniped by migrate_pages_batch() at the same time that we are holding the notifier lock to mark the pages as accessed/dirty, but at this point we also want to grab the folio locks(s) to mark them as dirty, but if they are contended from notifier/migrate_pages_batch side then we deadlock since folio lock won't be dropped until we drop the notifier lock. Fortunately the mark_page_accessed/dirty is not really needed in the first place it seems and should have already been done by hmm fault, so just remove it. Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4765 Fixes: 0a98219bcc96 ("drm/xe/hmm: Don't dereference struct page pointers without notifier lock") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_hmm.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hmm.c b/drivers/gpu/drm/xe/xe_hmm.c index c3cc0fa105e8..57b71956ddf4 100644 --- a/drivers/gpu/drm/xe/xe_hmm.c +++ b/drivers/gpu/drm/xe/xe_hmm.c @@ -19,29 +19,6 @@ static u64 xe_npages_in_range(unsigned long start, unsigned long end) return (end - start) >> PAGE_SHIFT; } -/** - * xe_mark_range_accessed() - mark a range is accessed, so core mm - * have such information for memory eviction or write back to - * hard disk - * @range: the range to mark - * @write: if write to this range, we mark pages in this range - * as dirty - */ -static void xe_mark_range_accessed(struct hmm_range *range, bool write) -{ - struct page *page; - u64 i, npages; - - npages = xe_npages_in_range(range->start, range->end); - for (i = 0; i < npages; i++) { - page = hmm_pfn_to_page(range->hmm_pfns[i]); - if (write) - set_page_dirty_lock(page); - - mark_page_accessed(page); - } -} - static int xe_alloc_sg(struct xe_device *xe, struct sg_table *st, struct hmm_range *range, struct rw_semaphore *notifier_sem) { @@ -331,7 +308,6 @@ int xe_hmm_userptr_populate_range(struct xe_userptr_vma *uvma, if (ret) goto out_unlock; - xe_mark_range_accessed(&hmm_range, write); userptr->sg = &userptr->sgt; xe_hmm_userptr_set_mapped(uvma); userptr->notifier_seq = hmm_range.notifier_seq; -- 2.49.0

6 months, 1 week

3
2
0 0

[PATCH 5.15.y 0/6] Few missing CVE fixes

by Harshit Mogalapalli

Hi stable maintainers, I have tried backporting some fixes to stable kernel 5.15.y which also have CVE numbers and are fixing commits in 5.15.y. I am not a subsystem expert and have only done overall testing that we do for stable release candidate testing and not any patch specific testing. Note: All these patches are present in 6.1.y. Patch 1 -- minor conflicts resolved due to few missing commits. Patch 2, 3, 4 -- clean cherry-picks from 6.1.y commits and will therefore have additional SOBs from backporter/stable maintainers Patch 5 -- Minor conflict resolved as 5.15.y don't have folios. Patch 6 -- Resolve conflicts due to missing unrcu_pointer() helper and other commit Please let me know if there are any comments. Thanks, Harshit Michal Schmidt (1): bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Paolo Abeni (1): ipv6: release nexthop on device removal Rémi Denis-Courmont (1): phonet/pep: fix racy skb_queue_empty() use Souradeep Chakrabarti (1): net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Trond Myklebust (1): filemap: Fix bounds checking in filemap_read() Wang Liang (1): net: fix crash when config small gso_max_size/gso_ipv4_max_size drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/net/ethernet/microsoft/mana/mana.h | 2 + drivers/net/ethernet/microsoft/mana/mana_en.c | 21 ++++++---- mm/filemap.c | 2 +- net/core/rtnetlink.c | 2 +- net/ipv6/route.c | 6 +-- net/phonet/pep.c | 41 +++++++++++++++---- 7 files changed, 54 insertions(+), 23 deletions(-) -- 2.47.1

6 months, 1 week

2
12
0 0

[PATCH V2 6.12.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9 registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already being used in the kernel. This is required to prevent their EL1 access trap into EL2. The following commits that enabled access into FEAT_PMUv3p9 registers have already been merged upstream from 6.12 onwards. d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") The sysreg patches in this series are required for the final patch which fixes the actual problem. Changes in V2: - Dropped [PATCH 1/8] perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control - Folded ID_AA64DFR0_EL1_PMUVer_V3P9 definition in arch/arm64/tools/sysreg which was added in commit 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Documentation/arch/arm64/booting.rst | 22 ++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++ arch/arm64/tools/sysreg | 104 +++++++++++++++++++++++++++ 3 files changed, 151 insertions(+) -- 2.30.2

6 months, 1 week

2
14
0 0

[PATCH v2 6.6.y 0/2] wifi: rtw89: RTL8852BE: Fix a shutdown issue

by Zenm Chen

This patch series addresses a shutdown issue reported in [1]. This problem has been fixed on kernel 6.12 and later, kernel 6.6 is the last kernel these upstream patches should go to because the Realtek RTL8852BE chip supported by kernel since v6.2 is the only chip known to have this problem. [1] https://github.com/lwfinger/rtw89/issues/372 Zenm Chen (2): wifi: rtw89: pci: add pre_deinit to be called after probe complete wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit drivers/net/wireless/realtek/rtw89/core.c | 2 ++ drivers/net/wireless/realtek/rtw89/core.h | 6 ++++++ drivers/net/wireless/realtek/rtw89/pci.c | 10 ++++++++++ 3 files changed, 18 insertions(+) -- 2.49.0

6 months, 1 week

2
4
0 0

[PATCH] bpf: Remove tracing program restriction on map types

by Devaansh Kumar

[ Upstream commit 96da3f7d489d11b43e7c1af90d876b9a2492cca8 ] The hash map is now fully converted to bpf_mem_alloc. Its implementation is not allocating synchronously and not calling call_rcu() directly. It's now safe to use non-preallocated hash maps in all types of tracing programs including BPF_PROG_TYPE_PERF_EVENT that runs out of NMI context. Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20220902211058.60789-13-alexei.starovoitov@gmai… Signed-off-by: Devaansh Kumar <devaanshk840(a)gmail.com> --- kernel/bpf/verifier.c | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 7049a85a78ab..77a75ccaae5e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -11700,35 +11700,6 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env, { enum bpf_prog_type prog_type = resolve_prog_type(prog); - /* - * Validate that trace type programs use preallocated hash maps. - * - * For programs attached to PERF events this is mandatory as the - * perf NMI can hit any arbitrary code sequence. - * - * All other trace types using preallocated hash maps are unsafe as - * well because tracepoint or kprobes can be inside locked regions - * of the memory allocator or at a place where a recursion into the - * memory allocator would see inconsistent state. - * - * On RT enabled kernels run-time allocation of all trace type - * programs is strictly prohibited due to lock type constraints. On - * !RT kernels it is allowed for backwards compatibility reasons for - * now, but warnings are emitted so developers are made aware of - * the unsafety and can fix their programs before this is enforced. - */ - if (is_tracing_prog_type(prog_type) && !is_preallocated_map(map)) { - if (prog_type == BPF_PROG_TYPE_PERF_EVENT) { - verbose(env, "perf_event programs can only use preallocated hash map\n"); - return -EINVAL; - } - if (IS_ENABLED(CONFIG_PREEMPT_RT)) { - verbose(env, "trace type programs can only use preallocated hash map\n"); - return -EINVAL; - } - WARN_ONCE(1, "trace type BPF program uses run-time allocation\n"); - verbose(env, "trace type programs with run-time allocated hash maps are unsafe. Switch to preallocated hash maps.\n"); - } if (map_value_has_spin_lock(map)) { if (prog_type == BPF_PROG_TYPE_SOCKET_FILTER) { -- 2.49.0

6 months, 1 week

4
4
0 0

[PATCH 6.6.y 1/2] usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

by bin.lan.cn＠windriver.com

From: Dan Carpenter <dan.carpenter(a)linaro.org> [ Upstream commit e56aac6e5a25630645607b6856d4b2a17b2311a5 ] The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. Fixes: 170a6726d0e2 ("usb: typec: ucsi: add support for separate DP altmode devices") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/c69ef0b3-61b0-4dde-98dd-97b97f81d912@stanley.moun… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Minor context change fixed. 13f2ec3115c8 ("usb: typec: ucsi: simplify command sending API") rename ucsi_ccg_sync_write to ucsi_ccg_sync_control in v6.11, so this patch is applied in ucsi_ccg_sync_write in v6.6.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c index 7c7f388aac96..3ef02d35bfbe 100644 --- a/drivers/usb/typec/ucsi/ucsi_ccg.c +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c @@ -585,6 +585,10 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, uc->has_multiple_dp) { con_index = (uc->last_cmd_sent >> 16) & UCSI_CMD_CONNECTOR_MASK; + if (con_index == 0) { + ret = -EINVAL; + goto unlock; + } con = &uc->ucsi->connector[con_index - 1]; ucsi_ccg_update_set_new_cam_cmd(uc, con, (u64 *)val); } @@ -600,6 +604,7 @@ static int ucsi_ccg_sync_write(struct ucsi *ucsi, unsigned int offset, err_clear_bit: clear_bit(DEV_CMD_PENDING, &uc->flags); pm_runtime_put_sync(uc->dev); +unlock: mutex_unlock(&uc->lock); return ret; -- 2.34.1

6 months, 1 week

2
3
0 0

[PATCH 6.6.y] btrfs: fix qgroup reserve leaks in cow_file_range

by jianqi.ren.cn＠windriver.com

From: Boris Burkov <boris(a)bur.io> [ Upstream commit 30479f31d44d47ed00ae0c7453d9b253537005b2 ] In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note that because we *do* clear delalloc, we are likely to remove the inode from the delalloc list, so the inodes/pages to not have invalidate/launder called on them in the commit abort path. This results in failures at the unmount stage of the test that look like: BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:close_ctree+0x222/0x4d0 [btrfs] RSP: 0018:ffffb4465283be00 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8 RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0 Call Trace: <TASK> ? close_ctree+0x222/0x4d0 [btrfs] ? __warn.cold+0x8e/0xea ? close_ctree+0x222/0x4d0 [btrfs] ? report_bug+0xff/0x140 ? handle_bug+0x3b/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? close_ctree+0x222/0x4d0 [btrfs] generic_shutdown_super+0x70/0x160 kill_anon_super+0x11/0x40 btrfs_kill_super+0x11/0x20 [btrfs] deactivate_locked_super+0x2e/0xa0 cleanup_mnt+0xb5/0x150 task_work_run+0x57/0x80 syscall_exit_to_user_mode+0x121/0x130 do_syscall_64+0xab/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f916847a887 ---[ end trace 0000000000000000 ]--- BTRFS error (device dm-8 state EA): qgroup reserved space leaked Cases 2 and 3 in the out_reserve path both pertain to this type of leak and must free the reserved qgroup data. Because it is already an error path, I opted not to handle the possible errors in btrfs_free_qgroup_data. Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/btrfs/inode.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index cedffa567a75..fc127182067b 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1546,6 +1546,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode, locked_page, clear_bits, page_ops); + btrfs_qgroup_free_data(inode, NULL, start, cur_alloc_size, NULL); start += cur_alloc_size; } @@ -1559,6 +1560,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode, clear_bits |= EXTENT_CLEAR_DATA_RESV; extent_clear_unlock_delalloc(inode, start, end, locked_page, clear_bits, page_ops); + btrfs_qgroup_free_data(inode, NULL, start, cur_alloc_size, NULL); } return ret; } @@ -2222,13 +2224,15 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, */ if (cow_start != (u64)-1) cur_offset = cow_start; - if (cur_offset < end) + if (cur_offset < end) { extent_clear_unlock_delalloc(inode, cur_offset, end, locked_page, EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DEFRAG | EXTENT_DO_ACCOUNTING, PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK); + btrfs_qgroup_free_data(inode, NULL, cur_offset, end - cur_offset + 1, NULL); + } btrfs_free_path(path); return ret; } -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH 5.15.y] smb: client: fix potential UAF in is_valid_oplock_break()

by Cliff Liu

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit 69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 ] Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- fs/cifs/misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 33328eae03d7..c7e2bf7a0a0d 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -464,6 +464,8 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv) spin_lock(&cifs_tcp_ses_lock); list_for_each(tmp, &srv->smb_ses_list) { ses = list_entry(tmp, struct cifs_ses, smb_ses_list); + if (cifs_ses_exiting(ses)) + continue; list_for_each(tmp1, &ses->tcon_list) { tcon = list_entry(tmp1, struct cifs_tcon, tcon_list); if (tcon->tid != buf->Tid) -- 2.34.1

6 months, 1 week

2
1
0 0

[REQUEST] efi backport for 6.6+

by Hamza Mahfooz

Hi, Please include commit ec4696925da6 ("efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32") in kernel 6.6+, it allows us to be able to boot some arm64 efi machines without any workarounds. Thanks, Hamza

6 months, 1 week

1
0
0 0

[PATCH] Revert "PCI: Avoid reset when disabled via sysfs"

by Alex Williamson

This reverts commit 479380efe1625e251008d24b2810283db60d6fcd. The reset_method attribute on a PCI device is only intended to manage the availability of function scoped resets for a device. It was never intended to restrict resets targeting the bus or slot. In introducing a restriction that each device must support function level reset by testing pci_reset_supported(), we essentially create a catch-22, that a device must have a function scope reset in order to support bus/slot reset, when we use bus/slot reset to effect a reset of a device that does not support a function scoped reset, especially multi-function devices. This breaks the majority of uses cases where vfio-pci uses bus/slot resets to manage multifunction devices that do not support function scoped resets. Fixes: 479380efe162 ("PCI: Avoid reset when disabled via sysfs") Reported-by: Cal Peake <cp(a)absolutedigital.net> Link: https://lore.kernel.org/all/808e1111-27b7-f35b-6d5c-5b275e73677b@absolutedi… Cc: stable(a)vger.kernel.org Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> --- drivers/pci/pci.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 4d7c9f64ea24..e77d5b53c0ce 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5429,8 +5429,6 @@ static bool pci_bus_resettable(struct pci_bus *bus) return false; list_for_each_entry(dev, &bus->devices, bus_list) { - if (!pci_reset_supported(dev)) - return false; if (dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET || (dev->subordinate && !pci_bus_resettable(dev->subordinate))) return false; @@ -5507,8 +5505,6 @@ static bool pci_slot_resettable(struct pci_slot *slot) list_for_each_entry(dev, &slot->bus->devices, bus_list) { if (!dev->slot || dev->slot != slot) continue; - if (!pci_reset_supported(dev)) - return false; if (dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET || (dev->subordinate && !pci_bus_resettable(dev->subordinate))) return false; -- 2.48.1

6 months, 1 week

3
2
0 0

[PATCH] Bluetooth: vhci: Avoid needless snprintf() calls

by Kees Cook

Avoid double-copying of string literals. Use a "const char *" for each string instead of copying from .rodata into stack and then into the skb. We can go directly from .rodata to the skb. This also works around a Clang bug (that has since been fixed[1]). Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202401250927.1poZERd6-lkp@intel.com/ Fixes: ab4e4380d4e1 ("Bluetooth: Add vhci devcoredump support") Link: https://github.com/llvm/llvm-project/commit/ea2e66aa8b6e363b89df66dc44275a0… [1] Cc: stable(a)vger.kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> --- Cc: Marcel Holtmann <marcel(a)holtmann.org> Cc: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: linux-bluetooth(a)vger.kernel.org --- drivers/bluetooth/hci_vhci.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c index 7651321d351c..9ac22e4a070b 100644 --- a/drivers/bluetooth/hci_vhci.c +++ b/drivers/bluetooth/hci_vhci.c @@ -289,18 +289,18 @@ static void vhci_coredump(struct hci_dev *hdev) static void vhci_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb) { - char buf[80]; + const char *buf; - snprintf(buf, sizeof(buf), "Controller Name: vhci_ctrl\n"); + buf = "Controller Name: vhci_ctrl\n"; skb_put_data(skb, buf, strlen(buf)); - snprintf(buf, sizeof(buf), "Firmware Version: vhci_fw\n"); + buf = "Firmware Version: vhci_fw\n"; skb_put_data(skb, buf, strlen(buf)); - snprintf(buf, sizeof(buf), "Driver: vhci_drv\n"); + buf = "Driver: vhci_drv\n"; skb_put_data(skb, buf, strlen(buf)); - snprintf(buf, sizeof(buf), "Vendor: vhci\n"); + buf = "Vendor: vhci\n"; skb_put_data(skb, buf, strlen(buf)); } -- 2.34.1

6 months, 1 week

4
3
0 0

[PATCH v3] loop: LOOP_SET_FD: send uevents for partitions

by Thomas Weißschuh

Remove the suppression of the uevents before scanning for partitions. The partitions inherit their suppression settings from their parent device, which lead to the uevents being dropped. This is similar to the same changes for LOOP_CONFIGURE done in commit bb430b694226 ("loop: LOOP_CONFIGURE: send uevents for partitions"). Fixes: 498ef5c777d9 ("loop: suppress uevents while reconfiguring the device") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- Changes in v3: - Rebase onto block/block-6.15 - Drop already applied patch "loop: properly send KOBJ_CHANGED uevent for disk device" - Add patch to fix partition uevents for LOOP_SET_FD - Link to v2: https://lore.kernel.org/r/20250415-loop-uevent-changed-v2-1-0c4e6a923b2a@li… Changes in v2: - Use correct Fixes tag - Rework commit message slightly - Rebase onto v6.15-rc1 - Link to v1: https://lore.kernel.org/r/20250317-loop-uevent-changed-v1-1-cb29cb91b62d@li… --- drivers/block/loop.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 3be7f00e7fc740da2745ffbccfcebe53eef2ddaa..e9ec7a45f3f2d1dd2a82b3506f3740089a20ae05 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -662,12 +662,12 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, * dependency. */ fput(old_file); + dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 0); if (partscan) loop_reread_partitions(lo); error = 0; done: - dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 0); kobject_uevent(&disk_to_dev(lo->lo_disk)->kobj, KOBJ_CHANGE); return error; @@ -675,6 +675,7 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, loop_global_unlock(lo, is_loop); out_putf: fput(file); + dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 0); goto done; } --- base-commit: 7ed2a771b5fb3edee9c4608181235c30b40bb042 change-id: 20250307-loop-uevent-changed-aa3690f43e03 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

6 months, 1 week

3
2
0 0

Re: [regression 6.1.y] Regression from 476c1dfefab8 ("mm: Don't pin ZERO_PAGE in pin_user_pages()") with pci-passthrough for both KVM VMs and booting in xen DomU

by Salvatore Bonaccorso

[resent with correct stable(a)vger.kernel.org list] On Tue, Apr 15, 2025 at 08:59:19PM +0200, Salvatore Bonaccorso wrote: > Hi > > [Apologies if this has been reported already but I have not found an > already filled corresponding report] > > After updating from the 6.1.129 based version to 6.1.133, various > users have reported that their VMs do not boot anymore up (both KVM > and under Xen) if pci-passthrough is involved. The reports are at: > > https://bugs.debian.org/1102889 > https://bugs.debian.org/1102914 > https://bugs.debian.org/1103153 > > Milan Broz bisected the issues and found that the commit introducing > the problems can be tracked down to backport of c8070b787519 ("mm: > Don't pin ZERO_PAGE in pin_user_pages()") from 6.5-rc1 which got > backported as 476c1dfefab8 ("mm: Don't pin ZERO_PAGE in > pin_user_pages()") in 6.1.130. See https://bugs.debian.org/1102914#60 > > #regzbot introduced: 476c1dfefab8b98ae9c3e3ad283c2ac10d30c774 > > 476c1dfefab8b98ae9c3e3ad283c2ac10d30c774 is the first bad commit > commit 476c1dfefab8b98ae9c3e3ad283c2ac10d30c774 > Author: David Howells <dhowells(a)redhat.com> > Date: Fri May 26 22:41:40 2023 +0100 > > mm: Don't pin ZERO_PAGE in pin_user_pages() > > [ Upstream commit c8070b78751955e59b42457b974bea4a4fe00187 ] > > Make pin_user_pages*() leave a ZERO_PAGE unpinned if it extracts a pointer > to it from the page tables and make unpin_user_page*() correspondingly > ignore a ZERO_PAGE when unpinning. We don't want to risk overrunning a > zero page's refcount as we're only allowed ~2 million pins on it - > something that userspace can conceivably trigger. > > Add a pair of functions to test whether a page or a folio is a ZERO_PAGE. > > Signed-off-by: David Howells <dhowells(a)redhat.com> > cc: Christoph Hellwig <hch(a)infradead.org> > cc: David Hildenbrand <david(a)redhat.com> > cc: Lorenzo Stoakes <lstoakes(a)gmail.com> > cc: Andrew Morton <akpm(a)linux-foundation.org> > cc: Jens Axboe <axboe(a)kernel.dk> > cc: Al Viro <viro(a)zeniv.linux.org.uk> > cc: Matthew Wilcox <willy(a)infradead.org> > cc: Jan Kara <jack(a)suse.cz> > cc: Jeff Layton <jlayton(a)kernel.org> > cc: Jason Gunthorpe <jgg(a)nvidia.com> > cc: Logan Gunthorpe <logang(a)deltatee.com> > cc: Hillf Danton <hdanton(a)sina.com> > cc: Christian Brauner <brauner(a)kernel.org> > cc: Linus Torvalds <torvalds(a)linux-foundation.org> > cc: linux-fsdevel(a)vger.kernel.org > cc: linux-block(a)vger.kernel.org > cc: linux-kernel(a)vger.kernel.org > cc: linux-mm(a)kvack.org > Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> > Reviewed-by: Christoph Hellwig <hch(a)lst.de> > Acked-by: David Hildenbrand <david(a)redhat.com> > Link: https://lore.kernel.org/r/20230526214142.958751-2-dhowells@redhat.com > Signed-off-by: Jens Axboe <axboe(a)kernel.dk> > Stable-dep-of: bddf10d26e6e ("uprobes: Reject the shared zeropage in uprobe_write_opcode()") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > Documentation/core-api/pin_user_pages.rst | 6 ++++++ > include/linux/mm.h | 26 ++++++++++++++++++++++++-- > mm/gup.c | 31 ++++++++++++++++++++++++++++++- > 3 files changed, 60 insertions(+), 3 deletions(-) > > Milan verified that the issue persists in 6.1.134 so far and the patch > itself cannot be just reverted. > > The failures all have a similar pattern, when pci-passthrough is used > for a pci devide, for instance under qemu the bootup will fail with: > > qemu-system-x86_64: -device {"driver":"vfio-pci","host":"0000:03:00.0","id":"hostdev0","bus":"pci.3","addr":"0x0"}: VFIO_MAP_DMA failed: Cannot allocate memory > qemu-system-x86_64: -device {"driver":"vfio-pci","host":"0000:03:00.0","id":"hostdev0","bus":"pci.3","addr":"0x0"}: vfio 0000:03:00.0: failed to setup container > > (in the case as reported by Milan). > > Any ideas here? > > Regards, > Salvatore

6 months, 1 week

1
0
0 0

[PATCH] rust: kbuild: use `pound` to support GNU Make < 4.3

by Miguel Ojeda

GNU Make 4.3 changed the behavior of `#` inside commands in commit c6966b323811 ("[SV 20513] Un-escaped # are not comments in function invocations"): * WARNING: Backward-incompatibility! Number signs (#) appearing inside a macro reference or function invocation no longer introduce comments and should not be escaped with backslashes: thus a call such as: foo := $(shell echo '#') is legal. Previously the number sign needed to be escaped, for example: foo := $(shell echo '\#') Now this latter will resolve to "\#". If you want to write makefiles portable to both versions, assign the number sign to a variable: H := \# foo := $(shell echo '$H') This was claimed to be fixed in 3.81, but wasn't, for some reason. To detect this change search for 'nocomment' in the .FEATURES variable. Unlike other commits in the kernel about this issue, such as commit 633174a7046e ("lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3"), that fixed the issue for newer GNU Makes, in our case it was the opposite, i.e. we need to fix it for the older ones: someone building with e.g. 4.2.1 gets the following error: scripts/Makefile.compiler:81: *** unterminated call to function 'call': missing ')'. Stop. Thus use the existing variable to fix it. Reported-by: moyi geek Closes: https://rust-for-linux.zulipchat.com/#narrow/channel/291565/topic/x/near/51… Cc: stable(a)vger.kernel.org Fixes: e72a076c620f ("kbuild: fix issues with rustc-option") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- scripts/Makefile.compiler | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Makefile.compiler b/scripts/Makefile.compiler index 7ed7f92a7daa..f4fcc1eaaeae 100644 --- a/scripts/Makefile.compiler +++ b/scripts/Makefile.compiler @@ -79,7 +79,7 @@ ld-option = $(call try-run, $(LD) $(KBUILD_LDFLAGS) $(1) -v,$(1),$(2),$(3)) # Usage: MY_RUSTFLAGS += $(call __rustc-option,$(RUSTC),$(MY_RUSTFLAGS),-Cinstrument-coverage,-Zinstrument-coverage) # TODO: remove RUSTC_BOOTSTRAP=1 when we raise the minimum GNU Make version to 4.4 __rustc-option = $(call try-run,\ - echo '#![allow(missing_docs)]#![feature(no_core)]#![no_core]' | RUSTC_BOOTSTRAP=1\ + echo '$(pound)![allow(missing_docs)]$(pound)![feature(no_core)]$(pound)![no_core]' | RUSTC_BOOTSTRAP=1\ $(1) --sysroot=/dev/null $(filter-out --sysroot=/dev/null --target=%,$(2)) $(3)\ --crate-type=rlib --out-dir=$(TMPOUT) --emit=obj=- - >/dev/null,$(3),$(4)) base-commit: a3cd5f507b72c0532c3345b6913557efab34f405 -- 2.49.0

6 months, 1 week

4
4
0 0

+ lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/test_ubsan.c: fix panic from test_ubsan_out_of_bounds has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mostafa Saleh <smostafa(a)google.com> Subject: lib/test_ubsan.c: fix panic from test_ubsan_out_of_bounds Date: Mon, 14 Apr 2025 21:36:48 +0000 Running lib_ubsan.ko on arm64 (without CONFIG_UBSAN_TRAP) panics the kernel [ 31.616546] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: test_ubsan_out_of_bounds+0x158/0x158 [test_ubsan] [ 31.646817] CPU: 3 UID: 0 PID: 179 Comm: insmod Not tainted 6.15.0-rc2 #1 PREEMPT [ 31.648153] Hardware name: linux,dummy-virt (DT) [ 31.648970] Call trace: [ 31.649345] show_stack+0x18/0x24 (C) [ 31.650960] dump_stack_lvl+0x40/0x84 [ 31.651559] dump_stack+0x18/0x24 [ 31.652264] panic+0x138/0x3b4 [ 31.652812] __ktime_get_real_seconds+0x0/0x10 [ 31.653540] test_ubsan_load_invalid_value+0x0/0xa8 [test_ubsan] [ 31.654388] init_module+0x24/0xff4 [test_ubsan] [ 31.655077] do_one_initcall+0xd4/0x280 [ 31.655680] do_init_module+0x58/0x2b4 That happens because the test corrupts other data in the stack: 400: d5384108 mrs x8, sp_el0 404: f9426d08 ldr x8, [x8, #1240] 408: f85f83a9 ldur x9, [x29, #-8] 40c: eb09011f cmp x8, x9 410: 54000301 b.ne 470 <test_ubsan_out_of_bounds+0x154> // b.any As there is no guarantee the compiler will order the local variables as declared in the module: volatile char above[4] = { }; /* Protect surrounding memory. */ volatile int arr[4]; volatile char below[4] = { }; /* Protect surrounding memory. */ So, instead of writing out-of-bound, we can read out-of-bound which still triggers UBSAN but doesn't corrupt the stack. Link: https://lkml.kernel.org/r/20250414213648.2660150-1-smostafa@google.com Fixes: 4a26f49b7b3d ubsan: ("expand tests and reporting") Signed-off-by: Mostafa Saleh <smostafa(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Macro Elver <elver(a)google.com> Cc: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/test_ubsan.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) --- a/lib/test_ubsan.c~lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds +++ a/lib/test_ubsan.c @@ -77,18 +77,15 @@ static void test_ubsan_shift_out_of_boun static void test_ubsan_out_of_bounds(void) { - volatile int i = 4, j = 5, k = -1; - volatile char above[4] = { }; /* Protect surrounding memory. */ + volatile int j = 5, k = -1; + volatile int scratch[4] = { }; volatile int arr[4]; - volatile char below[4] = { }; /* Protect surrounding memory. */ - - above[0] = below[0]; UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "above"); - arr[j] = i; + scratch[1] = arr[j]; UBSAN_TEST(CONFIG_UBSAN_BOUNDS, "below"); - arr[k] = i; + scratch[2] = arr[k]; } enum ubsan_test_enum { _ Patches currently in -mm which might be from smostafa(a)google.com are lib-test_ubsanc-fix-panic-from-test_ubsan_out_of_bounds.patch

6 months, 1 week

2
1
0 0

[PATCH v2] loop: properly send KOBJ_CHANGED uevent for disk device

by Thomas Weißschuh

The original commit message and the wording "uncork" in the code comment indicate that it is expected that the suppressed event instances are automatically sent after unsuppressing. This is not the case, instead they are discarded. In effect this means that no "changed" events are emitted on the device itself by default. While each discovered partition does trigger a changed event on the device, devices without partitions don't have any event emitted. This makes udev miss the device creation and prompted workarounds in userspace. See the linked util-linux/losetup bug. Explicitly emit the events and drop the confusingly worded comments. Link: https://github.com/util-linux/util-linux/issues/2434 Fixes: 498ef5c777d9 ("loop: suppress uevents while reconfiguring the device") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- Changes in v2: - Use correct Fixes tag - Rework commit message slightly - Rebase onto v6.15-rc1 - Link to v1: https://lore.kernel.org/r/20250317-loop-uevent-changed-v1-1-cb29cb91b62d@li… --- drivers/block/loop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 674527d770dc669e982a2b441af1171559aa427c..09a725710a21171e0adf5888f929ccaf94e98992 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -667,8 +667,8 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, error = 0; done: - /* enable and uncork uevent now that we are done */ dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 0); + kobject_uevent(&disk_to_dev(lo->lo_disk)->kobj, KOBJ_CHANGE); return error; out_err: @@ -1129,8 +1129,8 @@ static int loop_configure(struct loop_device *lo, blk_mode_t mode, if (partscan) clear_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state); - /* enable and uncork uevent now that we are done */ dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 0); + kobject_uevent(&disk_to_dev(lo->lo_disk)->kobj, KOBJ_CHANGE); loop_global_unlock(lo, is_loop); if (partscan) --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250307-loop-uevent-changed-aa3690f43e03 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

6 months, 1 week

4
5
0 0

[PATCH] lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP

by Nathan Chancellor

CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a couple of reasons. The first is that this sanitizer is under active development on the compiler side to come up with a solution that is maintainable on the compiler side and usable on the kernel side. As a result of this, there are many warnings when the sanitizer is enabled that have no clear path to resolution yet but users may see them and report them in the meantime. The second is that this option was renamed from CONFIG_UBSAN_SIGNED_WRAP, meaning that if a configuration has CONFIG_UBSAN=y but CONFIG_UBSAN_SIGNED_WRAP=n and it is upgraded via olddefconfig (common in non-interactive scenarios such as CI), CONFIG_UBSAN_INTEGER_WRAP will be silently enabled again. Remove 'default UBSAN' from CONFIG_UBSAN_INTEGER_WRAP until it is ready for regular usage and testing from a broader community than the folks actively working on the feature. Cc: stable(a)vger.kernel.org Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- lib/Kconfig.ubsan | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan index 4216b3a4ff21..f6ea0c5b5da3 100644 --- a/lib/Kconfig.ubsan +++ b/lib/Kconfig.ubsan @@ -118,7 +118,6 @@ config UBSAN_UNREACHABLE config UBSAN_INTEGER_WRAP bool "Perform checking for integer arithmetic wrap-around" - default UBSAN depends on !COMPILE_TEST depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all) depends on $(cc-option,-fsanitize=signed-integer-overflow) --- base-commit: 26fe62cc5e8420d5c650d6b86fee061952d348cd change-id: 20250414-drop-default-ubsan-integer-wrap-bf0eb6efb29b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

6 months, 1 week

2
1
0 0

[PATCH bpf v2] libbpf: Fix buffer overflow in bpf_object__init_prog

by Viktor Malik

As reported by CVE-2025-29481 [1], it is possible to corrupt a BPF ELF file such that arbitrary BPF instructions are loaded by libbpf. This can be done by setting a symbol (BPF program) section offset to a large (unsigned) number such that <section start + symbol offset> overflows and points before the section data in the memory. Consider the situation below where: - prog_start = sec_start + symbol_offset <-- size_t overflow here - prog_end = prog_start + prog_size prog_start sec_start prog_end sec_end | | | | v v v v .....................|################################|............ The CVE report in [1] also provides a corrupted BPF ELF which can be used as a reproducer: $ readelf -S crash Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align ... [ 2] uretprobe.mu[...] PROGBITS 0000000000000000 00000040 0000000000000068 0000000000000000 AX 0 0 8 $ readelf -s crash Symbol table '.symtab' contains 8 entries: Num: Value Size Type Bind Vis Ndx Name ... 6: ffffffffffffffb8 104 FUNC GLOBAL DEFAULT 2 handle_tp Here, the handle_tp prog has section offset ffffffffffffffb8, i.e. will point before the actual memory where section 2 is allocated. This is also reported by AddressSanitizer: ================================================================= ==1232==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7c7302fe0000 at pc 0x7fc3046e4b77 bp 0x7ffe64677cd0 sp 0x7ffe64677490 READ of size 104 at 0x7c7302fe0000 thread T0 #0 0x7fc3046e4b76 in memcpy (/lib64/libasan.so.8+0xe4b76) #1 0x00000040df3e in bpf_object__init_prog /src/libbpf/src/libbpf.c:856 #2 0x00000040df3e in bpf_object__add_programs /src/libbpf/src/libbpf.c:928 #3 0x00000040df3e in bpf_object__elf_collect /src/libbpf/src/libbpf.c:3930 #4 0x00000040df3e in bpf_object_open /src/libbpf/src/libbpf.c:8067 #5 0x00000040f176 in bpf_object__open_file /src/libbpf/src/libbpf.c:8090 #6 0x000000400c16 in main /poc/poc.c:8 #7 0x7fc3043d25b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) #8 0x7fc3043d2667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) #9 0x000000400b34 in _start (/poc/poc+0x400b34) 0x7c7302fe0000 is located 64 bytes before 104-byte region [0x7c7302fe0040,0x7c7302fe00a8) allocated by thread T0 here: #0 0x7fc3046e716b in malloc (/lib64/libasan.so.8+0xe716b) #1 0x7fc3045ee600 in __libelf_set_rawdata_wrlock (/lib64/libelf.so.1+0xb600) #2 0x7fc3045ef018 in __elf_getdata_rdlock (/lib64/libelf.so.1+0xc018) #3 0x00000040642f in elf_sec_data /src/libbpf/src/libbpf.c:3740 The problem here is that currently, libbpf only checks that the program end is within the section bounds. There used to be a check `while (sec_off < sec_sz)` in bpf_object__add_programs, however, it was removed by commit 6245947c1b3c ("libbpf: Allow gaps in BPF program sections to support overriden weak functions"). Put the above condition back to bpf_object__init_prog to make sure that the program start is also within the bounds of the section to avoid the potential buffer overflow. [1] https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Reported-by: lmarch2 <2524158037(a)qq.com> Cc: stable(a)vger.kernel.org Fixes: 6245947c1b3c ("libbpf: Allow gaps in BPF program sections to support overriden weak functions") Link: https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md Link: https://www.cve.org/CVERecord?id=CVE-2025-29481 Signed-off-by: Viktor Malik <vmalik(a)redhat.com> Reviewed-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- tools/lib/bpf/libbpf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 6b85060f07b3..d0ece3c9618e 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -896,7 +896,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data, return -LIBBPF_ERRNO__FORMAT; } - if (sec_off + prog_sz > sec_sz) { + if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) { pr_warn("sec '%s': program at offset %zu crosses section boundary\n", sec_name, sec_off); return -LIBBPF_ERRNO__FORMAT; -- 2.49.0

6 months, 1 week

4
6
0 0

[PATCH v3] uio: uio_fsl_elbc_gpcm: Add NULL check in the uio_fsl_elbc_gpcm_probe()

by Henry Martin

devm_kasprintf() returns NULL when memory allocation fails. Currently, uio_fsl_elbc_gpcm_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated. Cc: stable(a)vger.kernel.org Fixes: d57801c45f53 ("uio: uio_fsl_elbc_gpcm: use device-managed allocators") Signed-off-by: Henry Martin <bsdhenrymartin(a)gmail.com> --- V2 -> V3: Add Cc: stable(a)vger.kernel.org V1 -> V2: Remove printk after memory failure and add proper resource cleanup. drivers/uio/uio_fsl_elbc_gpcm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/uio/uio_fsl_elbc_gpcm.c b/drivers/uio/uio_fsl_elbc_gpcm.c index 81454c3e2484..26be556d956c 100644 --- a/drivers/uio/uio_fsl_elbc_gpcm.c +++ b/drivers/uio/uio_fsl_elbc_gpcm.c @@ -384,6 +384,10 @@ static int uio_fsl_elbc_gpcm_probe(struct platform_device *pdev) /* set all UIO data */ info->mem[0].name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%pOFn", node); + if (!info->mem[0].name) { + ret = -ENOMEM; + goto out_err3; + } info->mem[0].addr = res.start; info->mem[0].size = resource_size(&res); info->mem[0].memtype = UIO_MEM_PHYS; @@ -423,6 +427,7 @@ static int uio_fsl_elbc_gpcm_probe(struct platform_device *pdev) out_err2: if (priv->shutdown) priv->shutdown(info, true); +out_err3: iounmap(info->mem[0].internal_addr); return ret; } -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH v3] rust: Use `ffi::c_char` type in firmware abstraction `FwFunc`

by Christian Schrefl

The `FwFunc` struct contains an function with a char pointer argument, for which a `*const u8` pointer was used. This is not really the "proper" type for this, so use a `*const kernel::ffi::c_char` pointer instead. This has no real functionality changes, since now `kernel::ffi::c_char` (which bindgen uses for `char`) is now a type alias to `u8` anyways, but before commit 1bae8729e50a ("rust: map `long` to `isize` and `char` to `u8`") the concrete type of `kernel::ffi::c_char` depended on the architecture (However all supported architectures at the time mapped to `i8`). This caused problems on the v6.13 tag when building for 32 bit arm (with my patches), since back then `*const i8` was used in the function argument and the function that bindgen generated used `*const core::ffi::c_char` which Rust mapped to `*const u8` on 32 bit arm. The stable v6.13.y branch does not have this issue since commit 1bae8729e50a ("rust: map `long` to `isize` and `char` to `u8`") was backported. This caused the following build error: ``` error[E0308]: mismatched types --> rust/kernel/firmware.rs:20:4 | 20 | Self(bindings::request_firmware) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {request_firmware}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:24:14 | 24 | Self(bindings::firmware_request_nowarn) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {firmware_request_nowarn}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:64:45 | 64 | let ret = unsafe { func.0(pfw as _, name.as_char_ptr(), dev.as_raw()) }; | ------ ^^^^^^^^^^^^^^^^^^ expected `*const i8`, found `*const u8` | | | arguments to this function are incorrect | = note: expected raw pointer `*const i8` found raw pointer `*const u8` error: aborting due to 3 previous errors ``` Fixes: de6582833db0 ("rust: add firmware abstractions") Cc: stable(a)vger.kernel.org Reviewed-by: Benno Lossin <benno.lossin(a)proton.me> Acked-by: Danilo Krummrich <dakr(a)kernel.org> Signed-off-by: Christian Schrefl <chrisi.schrefl(a)gmail.com> --- Changes in v3: - Clarify build issues with v6.13 in commit message. - Link to v2: https://lore.kernel.org/r/20250412-rust_arm_fix_fw_abstaction-v2-1-8e6fdf09… Changes in v2: - Use `kernel::ffi::c_char` instead of `core::ffi::c_char`. (Danilo & Benno) - Reword the commit message. - Link to v1: https://lore.kernel.org/r/20250411-rust_arm_fix_fw_abstaction-v1-1-0a9e5984… --- rust/kernel/firmware.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rust/kernel/firmware.rs b/rust/kernel/firmware.rs index f04b058b09b2d2397e26344d0e055b3aa5061432..2494c96e105f3a28af74548d63a44464ba50eae3 100644 --- a/rust/kernel/firmware.rs +++ b/rust/kernel/firmware.rs @@ -4,7 +4,7 @@ //! //! C header: [`include/linux/firmware.h`](srctree/include/linux/firmware.h) -use crate::{bindings, device::Device, error::Error, error::Result, str::CStr}; +use crate::{bindings, device::Device, error::Error, error::Result, ffi, str::CStr}; use core::ptr::NonNull; /// # Invariants @@ -12,7 +12,11 @@ /// One of the following: `bindings::request_firmware`, `bindings::firmware_request_nowarn`, /// `bindings::firmware_request_platform`, `bindings::request_firmware_direct`. struct FwFunc( - unsafe extern "C" fn(*mut *const bindings::firmware, *const u8, *mut bindings::device) -> i32, + unsafe extern "C" fn( + *mut *const bindings::firmware, + *const ffi::c_char, + *mut bindings::device, + ) -> i32, ); impl FwFunc { --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250408-rust_arm_fix_fw_abstaction-4c3a89d75e29 Best regards, -- Christian Schrefl <chrisi.schrefl(a)gmail.com>

6 months, 1 week

4
4
0 0

[PATCH 07/22] drm/amd/display: Force full update in gpu reset

by Zaeem Mohamed

From: Roman Li <Roman.Li(a)amd.com> [Why] While system undergoing gpu reset always do full update to sync the dc state before and after reset. [How] Return true in should_reset_plane() if gpu reset detected Cc: <stable(a)vger.kernel.org> Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Roman Li <Roman.Li(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index dace1e42f412..46e0de6cc277 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -11122,6 +11122,9 @@ static bool should_reset_plane(struct drm_atomic_state *state, state->allow_modeset) return true; + if (amdgpu_in_reset(adev) && state->allow_modeset) + return true; + /* Exit early if we know that we're adding or removing the plane. */ if (old_plane_state->crtc != new_plane_state->crtc) return true; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH 06/22] drm/amd/display: Fix gpu reset in multidisplay config

by Zaeem Mohamed

From: Roman Li <Roman.Li(a)amd.com> [Why] The indexing of stream_status in dm_gpureset_commit_state() is incorrect. That leads to asserts in multi-display configuration after gpu reset. [How] Adjust the indexing logic to align stream_status with surface_updates. Fixes: cdaae8371aa9 ("drm/amd/display: Handle GPU reset for DC block") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3808 Cc: <stable(a)vger.kernel.org> Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Roman Li <Roman.Li(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 58e758732338..dace1e42f412 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -3411,16 +3411,16 @@ static void dm_gpureset_commit_state(struct dc_state *dc_state, for (k = 0; k < dc_state->stream_count; k++) { bundle->stream_update.stream = dc_state->streams[k]; - for (m = 0; m < dc_state->stream_status->plane_count; m++) { + for (m = 0; m < dc_state->stream_status[k].plane_count; m++) { bundle->surface_updates[m].surface = - dc_state->stream_status->plane_states[m]; + dc_state->stream_status[k].plane_states[m]; bundle->surface_updates[m].surface->force_full_update = true; } update_planes_and_stream_adapter(dm->dc, UPDATE_TYPE_FULL, - dc_state->stream_status->plane_count, + dc_state->stream_status[k].plane_count, dc_state->streams[k], &bundle->stream_update, bundle->surface_updates); -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH 1/4] firmware: arm_scmi: Ensure that the message-id supports fastchannel

by Cristian Marussi

From: Sibi Sankar <quic_sibis(a)quicinc.com> Currently the perf and powercap protocol relies on the protocol domain attributes, which just ensures that one fastchannel per domain, before instantiating fastchannels for all possible message-ids. Fix this by ensuring that each message-id supports fastchannel before initialization. Logs: scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:0] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:1] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:2] - ret:-95. Using regular messaging. CC: stable(a)vger.kernel.org Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoQjAWse2YxwyRJv@hovoldconsulting.com/ Fixes: 6f9ea4dabd2d ("firmware: arm_scmi: Generalize the fast channel support") Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com> [Cristian: Modified the condition checked to establish support or not] Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- RFC -> V1 - picked up a few tags Since PROTOCOL_MESSAGE_ATTRIBUTES, used to check if message_id is supported, is a mandatory command, it cannot fail so we must bail-out NOT only if FC was not supported for that command but also if the query fails as a whole; so the condition checked for bailing out is modified to: if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { Removed also Tested-by and Reviewed-by tags since I modified the logic. --- drivers/firmware/arm_scmi/driver.c | 76 +++++++++++++++------------ drivers/firmware/arm_scmi/protocols.h | 2 + 2 files changed, 45 insertions(+), 33 deletions(-) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 1cf18cc8e63f..0e281fca0a38 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1738,6 +1738,39 @@ static int scmi_common_get_max_msg_size(const struct scmi_protocol_handle *ph) return info->desc->max_msg_size; } +/** + * scmi_protocol_msg_check - Check protocol message attributes + * + * @ph: A reference to the protocol handle. + * @message_id: The ID of the message to check. + * @attributes: A parameter to optionally return the retrieved message + * attributes, in case of Success. + * + * An helper to check protocol message attributes for a specific protocol + * and message pair. + * + * Return: 0 on SUCCESS + */ +static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, + u32 message_id, u32 *attributes) +{ + int ret; + struct scmi_xfer *t; + + ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, + sizeof(__le32), 0, &t); + if (ret) + return ret; + + put_unaligned_le32(message_id, t->tx.buf); + ret = do_xfer(ph, t); + if (!ret && attributes) + *attributes = get_unaligned_le32(t->rx.buf); + xfer_put(ph, t); + + return ret; +} + /** * struct scmi_iterator - Iterator descriptor * @msg: A reference to the message TX buffer; filled by @prepare_message with @@ -1879,6 +1912,7 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, int ret; u32 flags; u64 phys_addr; + u32 attributes; u8 size; void __iomem *addr; struct scmi_xfer *t; @@ -1887,6 +1921,15 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, struct scmi_msg_resp_desc_fc *resp; const struct scmi_protocol_instance *pi = ph_to_pi(ph); + /* Check if the MSG_ID supports fastchannel */ + ret = scmi_protocol_msg_check(ph, message_id, &attributes); + if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { + dev_dbg(ph->dev, + "Skip FC init for 0x%02X/%d domain:%d - ret:%d\n", + pi->proto->id, message_id, domain, ret); + return; + } + if (!p_addr) { ret = -EINVAL; goto err_out; @@ -2004,39 +2047,6 @@ static void scmi_common_fastchannel_db_ring(struct scmi_fc_db_info *db) SCMI_PROTO_FC_RING_DB(64); } -/** - * scmi_protocol_msg_check - Check protocol message attributes - * - * @ph: A reference to the protocol handle. - * @message_id: The ID of the message to check. - * @attributes: A parameter to optionally return the retrieved message - * attributes, in case of Success. - * - * An helper to check protocol message attributes for a specific protocol - * and message pair. - * - * Return: 0 on SUCCESS - */ -static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, - u32 message_id, u32 *attributes) -{ - int ret; - struct scmi_xfer *t; - - ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, - sizeof(__le32), 0, &t); - if (ret) - return ret; - - put_unaligned_le32(message_id, t->tx.buf); - ret = do_xfer(ph, t); - if (!ret && attributes) - *attributes = get_unaligned_le32(t->rx.buf); - xfer_put(ph, t); - - return ret; -} - static const struct scmi_proto_helpers_ops helpers_ops = { .extended_name_get = scmi_common_extended_name_get, .get_max_msg_size = scmi_common_get_max_msg_size, diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h index aaee57cdcd55..d62c4469d1fd 100644 --- a/drivers/firmware/arm_scmi/protocols.h +++ b/drivers/firmware/arm_scmi/protocols.h @@ -31,6 +31,8 @@ #define SCMI_PROTOCOL_VENDOR_BASE 0x80 +#define MSG_SUPPORTS_FASTCHANNEL(x) ((x) & BIT(0)) + enum scmi_common_cmd { PROTOCOL_VERSION = 0x0, PROTOCOL_ATTRIBUTES = 0x1, -- 2.47.0

6 months, 1 week

1
0
0 0

[PATCH 0/2] platform/x86: alienware-wmi-wmax: Extend support to more laptops

by Kurt Borja

Hi all, This two patches are based on the pdx86/fixes branch. To: Hans de Goede <hdegoede(a)redhat.com> To: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> To: Armin Wolf <W_Armin(a)gmx.de> Cc: platform-driver-x86(a)vger.kernel.org Cc: Dell.Client.Kernel(a)dell.com Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Kurt Borja (2): platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1 platform/x86: alienware-wmi-wmax: Extend support to more laptops drivers/platform/x86/dell/alienware-wmi-wmax.c | 48 ++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) --- base-commit: d8455a63f731b4f585acc4d49fd7ad78db63b3d0 change-id: 20250411-awcc-support-f3a818e17622 Best regards, -- ~ Kurt

6 months, 1 week

2
3
0 0

Re: [PATCH v1 01/10] cpufreq: Reference count policy in cpufreq_update_limits()

by Marek Marczykowski-Górecki

On Fri, Mar 28, 2025 at 09:39:08PM +0100, Rafael J. Wysocki wrote: > From: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> > > Since acpi_processor_notify() can be called before registering a cpufreq > driver or even in cases when a cpufreq driver is not registered at all, > cpufreq_update_limits() needs to check if a cpufreq driver is present > and prevent it from being unregistered. > > For this purpose, make it call cpufreq_cpu_get() to obtain a cpufreq > policy pointer for the given CPU and reference count the corresponding > policy object, if present. > > Fixes: 5a25e3f7cc53 ("cpufreq: intel_pstate: Driver-specific handling of _PPC updates") > Closes: https://lore.kernel.org/linux-acpi/Z-ShAR59cTow0KcR@mail-itl > Reporetd-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> > Cc: All applicable <stable(a)vger.kernel.org> > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> It looks like this patch is missing in stable branches. > --- > drivers/cpufreq/cpufreq.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > --- a/drivers/cpufreq/cpufreq.c > +++ b/drivers/cpufreq/cpufreq.c > @@ -2781,6 +2781,12 @@ > */ > void cpufreq_update_limits(unsigned int cpu) > { > + struct cpufreq_policy *policy __free(put_cpufreq_policy); > + > + policy = cpufreq_cpu_get(cpu); > + if (!policy) > + return; > + > if (cpufreq_driver->update_limits) > cpufreq_driver->update_limits(cpu); > else > > > -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

6 months, 1 week

2
1
0 0

Re: [PATCH v7] staging: rtl8723bs: Add error handling for sd_read()

by Greg KH

On Tue, Apr 15, 2025 at 08:28:18PM +0800, Wentao Liang wrote: > >Again, I think this whole "hal wrapper" should be removed instead, and > >not papered over like this. If you dig deep enough, it all boils down > >to a call to sdio_readb(), which is an 8 bit read, so the alignment > >issues are not a problem, and if an error happens the proper error value> > >is returned from that saying what happened. Why not work on that like I > >recommended? That would allow for at least 3, if not more, layers of > >indirection to be removed from this driver, making it more easy to > >understand and maintain over time. > > Thanks for the guidance and detailed suggestion. But remove the whole > "hal wrapper" layer is beyond my capability. Perhaps this refactoring > work would be better handled by someone with deeper knowledge of the > driver codebase. The changes would ripple through several layers, and > I'm not entirely confident about implementing them correctly. The > current patch might serve as a reasonable stopgap solution. Try it, it should be a "one step at a time" of unwinding the mess that the codebase is in. Shouldn't be that hard, and will give you lots of good things to work on. I don't want to take a "stopgap solution", sorry, I would rather take the real solution, for obvious reasons. thanks, greg k-h

6 months, 1 week

1
0
0 0

Re: [PATCH 1/3] drm/nouveau: Prevent signaled fences in pending list

by Philipp Stanner

On Fri, 2025-04-11 at 13:05 +0200, Christian König wrote: > Am 11.04.25 um 11:29 schrieb Philipp Stanner: > > > [SNIP] > > > > It could be, however, that at the same moment > > nouveau_fence_signal() is > > removing that entry, holding the appropriate lock. > > > > So we have a race. Again. > > > > Ah, yes of course. If signaled is called with or without the lock is > actually undetermined. > > > > > > You see, fixing things in Nouveau is difficult :) > > It gets more difficult if you want to clean it up "properly", so it > > conforms to rules such as those from dma_fence. > > > > I have now provided two fixes that both work, but you are not > > satisfied > > with from the dma_fence-maintainer's perspective. I understand > > that, > > but please also understand that it's actually not my primary task > > to > > work on Nouveau. I just have to fix this bug to move on with my > > scheduler work. > > > > Well I'm happy with whatever solution as long as it works, but as > far as I can see the approach with the callback simply doesn't. > > You just can't drop the fence reference for the list from the > callback. > > > > > > So if you have another idea, feel free to share it. But I'd like to > > know how we can go on here. > > > > Well the fence code actually works, doesn't it? The problem is > rather that setting the error throws a warning because it doesn't > expect signaled fences on the pending list. > > Maybe we should fix that instead. The fence code works as the author intended, but I would be happy if it were more explicitly documented. Regarding the WARN_ON: It occurs in dma_fence_set_error() because there is an attempt to set an error code on a signaled fence. I don't think that should be "fixed", it works as intended: You must not set an error code of a fence that was already signaled. The reason seems to be that once a fence is signaled, a third party might evaluate the error code. But I think this wasn't wat you meant with "fix". In any case, there must not be signaled fences in nouveau's pending- list. They must be removed immediately once they signal, and this must not race. > > > > > > I'm running out of ideas. What I'm wondering if we couldn't just > > remove > > performance hacky fastpath functions such as > > nouveau_fence_is_signaled() completely. It seems redundant to me. > > > > That would work for me as well. I'll test this approach. Seems a bit like the nuclear approach, but if it works we'd at least clean up a lot of this mess. P. > > > > > > > > Or we might add locking to it, but IDK what was achieved with RCU > > here. > > In any case it's definitely bad that Nouveau has so many redundant > > and > > half-redundant mechanisms. > > > > Yeah, agree messing with the locks even more won't help us here. > > Regards, > Christian. > > > > > > > > > > P. > > > > > > > > > > > > > P. > > > > > > > > > > > > > > Regards, > > > > Christian. > > > > > > > > > > > > > > > > > > P. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > Christian. > > > > > > > > > > > > > > > > > > > > > > > > > > Replace the call to dma_fence_is_signaled() with > > > > > > > nouveau_fence_base_is_signaled(). > > > > > > > > > > > > > > Cc: <stable(a)vger.kernel.org> # 4.10+, precise commit not > > > > > > > to > > > > > > > be > > > > > > > determined > > > > > > > Signed-off-by: Philipp Stanner <phasta(a)kernel.org> > > > > > > > --- > > > > > > > drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- > > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > > > diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c > > > > > > > b/drivers/gpu/drm/nouveau/nouveau_fence.c > > > > > > > index 7cc84472cece..33535987d8ed 100644 > > > > > > > --- a/drivers/gpu/drm/nouveau/nouveau_fence.c > > > > > > > +++ b/drivers/gpu/drm/nouveau/nouveau_fence.c > > > > > > > @@ -274,7 +274,7 @@ nouveau_fence_done(struct > > > > > > > nouveau_fence > > > > > > > *fence) > > > > > > > nvif_event_block(&fctx->event); > > > > > > > spin_unlock_irqrestore(&fctx->lock, > > > > > > > flags); > > > > > > > } > > > > > > > - return dma_fence_is_signaled(&fence->base); > > > > > > > + return test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, > > > > > > > &fence- > > > > > > > > > > > > > > > > > > > > > > > base.flags); > > > > > > > > > > > > > > > > > > > > > > } > > > > > > > > > > > > > > static long > > > > > > > > > > > > > > > > > > > > > > > > > > > > >

6 months, 1 week

3
6
0 0

[PATCH v2] brcm80211: fmac: Add error handling forbrcmf_usb_dl_writeimage()

by Wentao Liang

The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized. Improve the error message to report more detailed error information. Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets") Cc: stable(a)vger.kernel.org # v3.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c index 2821c27f317e..d06c724f63d9 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c @@ -896,14 +896,16 @@ brcmf_usb_dl_writeimage(struct brcmf_usbdev_info *devinfo, u8 *fw, int fwlen) } /* 1) Prepare USB boot loader for runtime image */ - brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + err = brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + if (err) + goto fail; rdlstate = le32_to_cpu(state.state); rdlbytes = le32_to_cpu(state.bytes); /* 2) Check we are in the Waiting state */ if (rdlstate != DL_WAITING) { - brcmf_err("Failed to DL_START\n"); + brcmf_err("Invalid DL state: %u\n", rdlstate); err = -EINVAL; goto fail; } -- 2.42.0.windows.2

6 months, 1 week

3
2
0 0

[PATCH v3 7/7] arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in OV5640 overlay

by Yemike Abhilash Chandra

The OV5640 device tree overlay incorrectly defined an I2C switch instead of an I2C mux. According to the DT bindings, the correct terminology and node definition should use "i2c-mux" instead of "i2c-switch". Hence, update the same to avoid dtbs_check warnings. Fixes: 635ed9715194 ("arm64: dts: ti: k3-am62x: Add overlays for OV5640") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> Reviewed-by: Neha Malcom Francis <n-francis(a)ti.com> Reviewed-by: Jai Luthra <jai.luthra(a)linux.dev> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso | 2 +- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso index ccc7f5e43184..7fc7c95f5cd5 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso index 4eaf9d757dd0..b6bfdfbbdd98 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3 6/7] arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 device tree overlay incorrectly defined an I2C switch instead of an I2C mux. According to the DT bindings, the correct terminology and node definition should use "i2c-mux" instead of "i2c-switch". Hence, update the same to avoid dtbs_check warnings. Fixes: 4111db03dc05 ("arm64: dts: ti: k3-am62x: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> Reviewed-by: Neha Malcom Francis <n-francis(a)ti.com> Reviewed-by: Jai Luthra <jai.luthra(a)linux.dev> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso index 7a0d35eb04d3..dd090813a32d 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3 5/7] arm64: dts: ti: k3-am62x: Remove clock-names property from IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 sensor device tree bindings do not include a clock-names property. Remove the incorrectly added clock-names entry to avoid dtbs_check warnings. Fixes: 4111db03dc05 ("arm64: dts: ti: k3-am62x: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> Reviewed-by: Neha Malcom Francis <n-francis(a)ti.com> Reviewed-by: Jai Luthra <jai.luthra(a)linux.dev> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso index 76ca02127f95..7a0d35eb04d3 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso @@ -39,7 +39,6 @@ ov5640: camera@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; reset-gpios = <&exp1 13 GPIO_ACTIVE_HIGH>; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3 4/7] arm64: dts: ti: k3-j721e-sk: Add requiried voltage supplies for IMX219

by Yemike Abhilash Chandra

The device tree overlay for the IMX219 sensor requires three voltage supplies to be defined: VANA (analog), VDIG (digital core), and VDDL (digital I/O). Add the corresponding voltage supply definitions to avoid dtbs_check warnings. Fixes: f767eb918096 ("arm64: dts: ti: k3-j721e-sk: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- .../dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso index 4a395d1209c8..4eb3cffab032 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso @@ -19,6 +19,33 @@ clk_imx219_fixed: imx219-xclk { #clock-cells = <0>; clock-frequency = <24000000>; }; + + reg_2p8v: regulator-2p8v { + compatible = "regulator-fixed"; + regulator-name = "2P8V"; + regulator-min-microvolt = <2800000>; + regulator-max-microvolt = <2800000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; + + reg_1p8v: regulator-1p8v { + compatible = "regulator-fixed"; + regulator-name = "1P8V"; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; + + reg_1p2v: regulator-1p2v { + compatible = "regulator-fixed"; + regulator-name = "1P2V"; + regulator-min-microvolt = <1200000>; + regulator-max-microvolt = <1200000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; }; &csi_mux { @@ -34,6 +61,9 @@ imx219_0: imx219-0@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; + VANA-supply = <&reg_2p8v>; + VDIG-supply = <&reg_1p8v>; + VDDL-supply = <&reg_1p2v>; port { csi2_cam0: endpoint { @@ -55,6 +85,9 @@ imx219_1: imx219-1@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; + VANA-supply = <&reg_2p8v>; + VDIG-supply = <&reg_1p8v>; + VDDL-supply = <&reg_1p2v>; port { csi2_cam1: endpoint { -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3 3/7] arm64: dts: ti: k3-j721e-sk: Remove clock-names property from IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 sensor device tree bindings do not include a clock-names property. Remove the incorrectly added clock-names entry to avoid dtbs_check warnings. Fixes: f767eb918096 ("arm64: dts: ti: k3-j721e-sk: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> Reviewed-by: Neha Malcom Francis <n-francis(a)ti.com> Reviewed-by: Jai Luthra <jai.luthra(a)linux.dev> --- arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso index 47bb5480b5b0..4a395d1209c8 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso @@ -34,7 +34,6 @@ imx219_0: imx219-0@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; port { csi2_cam0: endpoint { @@ -56,7 +55,6 @@ imx219_1: imx219-1@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; port { csi2_cam1: endpoint { -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3 2/7] arm64: dts: ti: am68-sk: Fix regulator hierarchy

by Yemike Abhilash Chandra

Update the vin-supply of the TLV71033 regulator from LM5141 (vsys_3v3) to LM61460 (vsys_5v0) to match the schematics. Add a fixed regulator node for the LM61460 5V supply to support this change. AM68-SK schematics: https://www.ti.com/lit/zip/sprr463 Fixes: a266c180b398 ("arm64: dts: ti: k3-am68-sk: Add support for AM68 SK base board") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> Reviewed-by: Neha Malcom Francis <n-francis(a)ti.com> Reviewed-by: Udit Kumar <u-kumar1(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts index 11522b36e0ce..5fa70a874d7b 100644 --- a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts +++ b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts @@ -44,6 +44,17 @@ vusb_main: regulator-vusb-main5v0 { regulator-boot-on; }; + vsys_5v0: regulator-vsys5v0 { + /* Output of LM61460 */ + compatible = "regulator-fixed"; + regulator-name = "vsys_5v0"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; + vin-supply = <&vusb_main>; + regulator-always-on; + regulator-boot-on; + }; + vsys_3v3: regulator-vsys3v3 { /* Output of LM5141 */ compatible = "regulator-fixed"; @@ -76,7 +87,7 @@ vdd_sd_dv: regulator-tlv71033 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <3300000>; regulator-boot-on; - vin-supply = <&vsys_3v3>; + vin-supply = <&vsys_5v0>; gpios = <&main_gpio0 49 GPIO_ACTIVE_HIGH>; states = <1800000 0x0>, <3300000 0x1>; -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v3] serial: sifive: lock port in startup()/shutdown() callbacks

by Ryo Takakura

startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS. The register is also accessed from write() callback. If console were printing and startup()/shutdown() callback gets called, its access to the register could be overwritten. Add port->lock to startup()/shutdown() callbacks to make sure their access to SIFIVE_SERIAL_IE_OFFS is synchronized against write() callback. Fixes: 45c054d0815b ("tty: serial: add driver for the SiFive UART") Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com> Reviewed-by: Petr Mladek <pmladek(a)suse.com> Cc: stable(a)vger.kernel.org --- Changes since v1: https://lore.kernel.org/all/20250405043833.397020-1-ryotkkr98@gmail.com/ - It was sent as part of series but resent as a single patch. Changes since v2: https://lore.kernel.org/linux-serial/20250405145354.492947-1-ryotkkr98@gmai… - Add Reviewed-by by Petr. Thanks Petr for the review! --- drivers/tty/serial/sifive.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c index 5904a2d4c..054a8e630 100644 --- a/drivers/tty/serial/sifive.c +++ b/drivers/tty/serial/sifive.c @@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state) static int sifive_serial_startup(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_enable_rxwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); return 0; } @@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port) static void sifive_serial_shutdown(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_disable_rxwm(ssp); __ssp_disable_txwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); } /** -- 2.34.1

6 months, 1 week

2
2
0 0

[PATCH] irqchip/renesas-rzv2h: Fix TINT spurious IRQ

by Biju Das

A spurious TINT interrupt is seen during boot on RZ/G3E SMARC EVK. A glitch in the edge detection circuit can cause a spurious interrupt. Clear the status flag after setting the ICU_TSSRk registers based on the hardware manual as a countermeasure. Fixes: 0d7605e75ac2 ("irqchip: Add RZ/V2H(P) Interrupt Control Unit (ICU) driver") Cc: stable(a)vger.kernel.org Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> --- drivers/irqchip/irq-renesas-rzv2h.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/irqchip/irq-renesas-rzv2h.c b/drivers/irqchip/irq-renesas-rzv2h.c index 3d5b5fdf9bde..2d2cca3bce17 100644 --- a/drivers/irqchip/irq-renesas-rzv2h.c +++ b/drivers/irqchip/irq-renesas-rzv2h.c @@ -170,6 +170,13 @@ static void rzv2h_tint_irq_endisable(struct irq_data *d, bool enable) else tssr &= ~ICU_TSSR_TIEN(tssel_n, priv->info->field_width); writel_relaxed(tssr, priv->base + priv->info->t_offs + ICU_TSSR(k)); + + /* + * A glitch in the edge detection circuit can cause a spurious + * interrupt. Clear the status flag after setting the ICU_TSSRk + * registers based on the hardware manual as a countermeasure. + */ + writel_relaxed(BIT(tint_nr), priv->base + priv->info->t_offs + ICU_TSCLR); } static void rzv2h_icu_irq_disable(struct irq_data *d) -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH] mm: fix ratelimit_pages update error in dirty_ratio_handler()

by alexjlzheng＠gmail.com

From: Jinliang Zheng <alexjlzheng(a)tencent.com> In the dirty_ratio_handler() function, vm_dirty_bytes must be set to zero before calling writeback_set_ratelimit(), as global_dirty_limits() always prioritizes the value of vm_dirty_bytes. Fixes: 9d823e8f6b1b ("writeback: per task dirty rate limit") Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com> Cc: stable(a)vger.kernel.org --- mm/page-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/page-writeback.c b/mm/page-writeback.c index c81624bc3969..20e1d76f1eba 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -520,8 +520,8 @@ static int dirty_ratio_handler(const struct ctl_table *table, int write, void *b ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_ratio != old_ratio) { - writeback_set_ratelimit(); vm_dirty_bytes = 0; + writeback_set_ratelimit(); } return ret; } -- 2.49.0

6 months, 1 week

1
0
0 0

[PATCH] media: vivid: Change the siize of the composing

by Denis Arefev

syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline] vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629 vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The composition size cannot be larger than the size of fmt_cap_rect. So execute v4l2_rect_map_inside() even if has_compose_cap == 0. Fixes: 94a7ad928346 ("media: vivid: fix compose size exceed boundary") Cc: stable(a)vger.kernel.org Reported-by: syzbot+365005005522b70a36f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=8ed8e8cc30cbe0d86c9a25bd1d6a5775129b8e… Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index b166d90177c6..df5d1c2a42ef 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -946,8 +946,8 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection if (dev->has_compose_cap) { v4l2_rect_set_min_size(compose, &min_rect); v4l2_rect_set_max_size(compose, &max_rect); - v4l2_rect_map_inside(compose, &fmt); } + v4l2_rect_map_inside(compose, &fmt); dev->fmt_cap_rect = fmt; tpg_s_buf_height(&dev->tpg, fmt.height); } else if (dev->has_compose_cap) { -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH v2] pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines

by Christian Marangi

The current PHY2 LED define are wrong and actually set BITs outside the related mask. Fix it and set the correct value. While at it, also use FIELD_PREP_CONST macro to make it simple to understand what values are actually applied for the mask. Also fix wrong PHY LED mapping. The SoC Switch supports up to 4 port but the register define mapping for 5 PHY port, starting from 0. The mapping was wrongly defined starting from PHY1. Reorder the function group to start from PHY0. PHY4 is actually never supported as we don't have a GPIO pin to assign. Cc: stable(a)vger.kernel.org Fixes: 1c8ace2d0725 ("pinctrl: airoha: Add support for EN7581 SoC") Reviewed-by: Benjamin Larsson <benjamin.larsson(a)genexis.eu> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v2: - Add Reviewed-by tag - Use more symbolic macro drivers/pinctrl/mediatek/pinctrl-airoha.c | 159 ++++++++++------------ 1 file changed, 70 insertions(+), 89 deletions(-) diff --git a/drivers/pinctrl/mediatek/pinctrl-airoha.c b/drivers/pinctrl/mediatek/pinctrl-airoha.c index 547a798b71c8..5d84a778683d 100644 --- a/drivers/pinctrl/mediatek/pinctrl-airoha.c +++ b/drivers/pinctrl/mediatek/pinctrl-airoha.c @@ -6,6 +6,7 @@ */ #include <dt-bindings/pinctrl/mt65xx.h> +#include <linux/bitfield.h> #include <linux/bits.h> #include <linux/cleanup.h> #include <linux/gpio/driver.h> @@ -112,39 +113,19 @@ #define REG_LAN_LED1_MAPPING 0x0280 #define LAN4_LED_MAPPING_MASK GENMASK(18, 16) -#define LAN4_PHY4_LED_MAP BIT(18) -#define LAN4_PHY2_LED_MAP BIT(17) -#define LAN4_PHY1_LED_MAP BIT(16) -#define LAN4_PHY0_LED_MAP 0 -#define LAN4_PHY3_LED_MAP GENMASK(17, 16) +#define LAN4_PHY_LED_MAP(_n) FIELD_PREP_CONST(LAN4_LED_MAPPING_MASK, (_n)) #define LAN3_LED_MAPPING_MASK GENMASK(14, 12) -#define LAN3_PHY4_LED_MAP BIT(14) -#define LAN3_PHY2_LED_MAP BIT(13) -#define LAN3_PHY1_LED_MAP BIT(12) -#define LAN3_PHY0_LED_MAP 0 -#define LAN3_PHY3_LED_MAP GENMASK(13, 12) +#define LAN3_PHY_LED_MAP(_n) FIELD_PREP_CONST(LAN3_LED_MAPPING_MASK, (_n)) #define LAN2_LED_MAPPING_MASK GENMASK(10, 8) -#define LAN2_PHY4_LED_MAP BIT(12) -#define LAN2_PHY2_LED_MAP BIT(11) -#define LAN2_PHY1_LED_MAP BIT(10) -#define LAN2_PHY0_LED_MAP 0 -#define LAN2_PHY3_LED_MAP GENMASK(11, 10) +#define LAN2_PHY_LED_MAP(_n) FIELD_PREP_CONST(LAN2_LED_MAPPING_MASK, (_n)) #define LAN1_LED_MAPPING_MASK GENMASK(6, 4) -#define LAN1_PHY4_LED_MAP BIT(6) -#define LAN1_PHY2_LED_MAP BIT(5) -#define LAN1_PHY1_LED_MAP BIT(4) -#define LAN1_PHY0_LED_MAP 0 -#define LAN1_PHY3_LED_MAP GENMASK(5, 4) +#define LAN1_PHY_LED_MAP(_n) FIELD_PREP_CONST(LAN1_LED_MAPPING_MASK, (_n)) #define LAN0_LED_MAPPING_MASK GENMASK(2, 0) -#define LAN0_PHY4_LED_MAP BIT(3) -#define LAN0_PHY2_LED_MAP BIT(2) -#define LAN0_PHY1_LED_MAP BIT(1) -#define LAN0_PHY0_LED_MAP 0 -#define LAN0_PHY3_LED_MAP GENMASK(2, 1) +#define LAN0_PHY_LED_MAP(_n) FIELD_PREP_CONST(LAN0_LED_MAPPING_MASK, (_n)) /* CONF */ #define REG_I2C_SDA_E2 0x001c @@ -1476,8 +1457,8 @@ static const struct airoha_pinctrl_func_group phy1_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY1_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1491,8 +1472,8 @@ static const struct airoha_pinctrl_func_group phy1_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY1_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1506,8 +1487,8 @@ static const struct airoha_pinctrl_func_group phy1_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY1_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1521,8 +1502,8 @@ static const struct airoha_pinctrl_func_group phy1_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY1_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(0) }, .regmap_size = 2, }, @@ -1540,8 +1521,8 @@ static const struct airoha_pinctrl_func_group phy2_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY2_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1555,8 +1536,8 @@ static const struct airoha_pinctrl_func_group phy2_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY2_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1570,8 +1551,8 @@ static const struct airoha_pinctrl_func_group phy2_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY2_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1585,8 +1566,8 @@ static const struct airoha_pinctrl_func_group phy2_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY2_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(1) }, .regmap_size = 2, }, @@ -1604,8 +1585,8 @@ static const struct airoha_pinctrl_func_group phy3_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY3_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1619,8 +1600,8 @@ static const struct airoha_pinctrl_func_group phy3_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY3_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1634,8 +1615,8 @@ static const struct airoha_pinctrl_func_group phy3_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY3_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1649,8 +1630,8 @@ static const struct airoha_pinctrl_func_group phy3_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY3_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(2) }, .regmap_size = 2, }, @@ -1668,8 +1649,8 @@ static const struct airoha_pinctrl_func_group phy4_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY4_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1683,8 +1664,8 @@ static const struct airoha_pinctrl_func_group phy4_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY4_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1698,8 +1679,8 @@ static const struct airoha_pinctrl_func_group phy4_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY4_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1713,8 +1694,8 @@ static const struct airoha_pinctrl_func_group phy4_led0_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED0_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY4_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(3) }, .regmap_size = 2, }, @@ -1732,8 +1713,8 @@ static const struct airoha_pinctrl_func_group phy1_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY1_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1747,8 +1728,8 @@ static const struct airoha_pinctrl_func_group phy1_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY1_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1762,8 +1743,8 @@ static const struct airoha_pinctrl_func_group phy1_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY1_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(0) }, .regmap_size = 2, }, { @@ -1777,8 +1758,8 @@ static const struct airoha_pinctrl_func_group phy1_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY1_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(0) }, .regmap_size = 2, }, @@ -1796,8 +1777,8 @@ static const struct airoha_pinctrl_func_group phy2_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY2_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1811,8 +1792,8 @@ static const struct airoha_pinctrl_func_group phy2_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY2_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1826,8 +1807,8 @@ static const struct airoha_pinctrl_func_group phy2_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY2_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(1) }, .regmap_size = 2, }, { @@ -1841,8 +1822,8 @@ static const struct airoha_pinctrl_func_group phy2_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY2_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(1) }, .regmap_size = 2, }, @@ -1860,8 +1841,8 @@ static const struct airoha_pinctrl_func_group phy3_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY3_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1875,8 +1856,8 @@ static const struct airoha_pinctrl_func_group phy3_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY3_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1890,8 +1871,8 @@ static const struct airoha_pinctrl_func_group phy3_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY3_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(2) }, .regmap_size = 2, }, { @@ -1905,8 +1886,8 @@ static const struct airoha_pinctrl_func_group phy3_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY3_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(2) }, .regmap_size = 2, }, @@ -1924,8 +1905,8 @@ static const struct airoha_pinctrl_func_group phy4_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN1_LED_MAPPING_MASK, - LAN1_PHY4_LED_MAP + LAN0_LED_MAPPING_MASK, + LAN0_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1939,8 +1920,8 @@ static const struct airoha_pinctrl_func_group phy4_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN2_LED_MAPPING_MASK, - LAN2_PHY4_LED_MAP + LAN1_LED_MAPPING_MASK, + LAN1_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1954,8 +1935,8 @@ static const struct airoha_pinctrl_func_group phy4_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN3_LED_MAPPING_MASK, - LAN3_PHY4_LED_MAP + LAN2_LED_MAPPING_MASK, + LAN2_PHY_LED_MAP(3) }, .regmap_size = 2, }, { @@ -1969,8 +1950,8 @@ static const struct airoha_pinctrl_func_group phy4_led1_func_group[] = { .regmap[1] = { AIROHA_FUNC_MUX, REG_LAN_LED1_MAPPING, - LAN4_LED_MAPPING_MASK, - LAN4_PHY4_LED_MAP + LAN3_LED_MAPPING_MASK, + LAN3_PHY_LED_MAP(3) }, .regmap_size = 2, }, -- 2.48.1

6 months, 1 week

3
2
0 0

[PATCH 0/2] Macro for 3 DSC engines per pipe

by Ankit Nautiyal

3 DSC engines are supported only for BMG to be used in specific cases where 12 DSC slices might be required. Add macro for the same and use that while configuring DSC slices. Ankit Nautiyal (2): drm/i915/display: Add macro for checking 3 DSC engines drm/i915/dp: Check for HAS_DSC_3ENGINES while configuring DSC slices drivers/gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) -- 2.34.1

6 months, 1 week

5
11
0 0

[PATCH] bus: mhi: ep: Update read pointer only after buffer is written

by Sumit Kumar

Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rd_offset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption. Invoke the buffer write before updating rd_offset to ensure the element is fully written before signaling its availability. Fixes: bbdcba57a1a2 ("bus: mhi: ep: Add support for ring management") cc: stable(a)vger.kernel.org Co-developed-by: Youssef Samir <quic_yabdulra(a)quicinc.com> Signed-off-by: Youssef Samir <quic_yabdulra(a)quicinc.com> Signed-off-by: Sumit Kumar <quic_sumk(a)quicinc.com> --- --- drivers/bus/mhi/ep/ring.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/bus/mhi/ep/ring.c b/drivers/bus/mhi/ep/ring.c index aeb53b2c34a8cd859393529d0c8860462bc687ed..26357ee68dee984d70ae5bf39f8f09f2cbcafe30 100644 --- a/drivers/bus/mhi/ep/ring.c +++ b/drivers/bus/mhi/ep/ring.c @@ -131,19 +131,23 @@ int mhi_ep_ring_add_element(struct mhi_ep_ring *ring, struct mhi_ring_element *e } old_offset = ring->rd_offset; - mhi_ep_ring_inc_index(ring); dev_dbg(dev, "Adding an element to ring at offset (%zu)\n", ring->rd_offset); + buf_info.host_addr = ring->rbase + (old_offset * sizeof(*el)); + buf_info.dev_addr = el; + buf_info.size = sizeof(*el); + + ret = mhi_cntrl->write_sync(mhi_cntrl, &buf_info); + if (ret) + return ret; + + mhi_ep_ring_inc_index(ring); /* Update rp in ring context */ rp = cpu_to_le64(ring->rd_offset * sizeof(*el) + ring->rbase); memcpy_toio((void __iomem *) &ring->ring_ctx->generic.rp, &rp, sizeof(u64)); - buf_info.host_addr = ring->rbase + (old_offset * sizeof(*el)); - buf_info.dev_addr = el; - buf_info.size = sizeof(*el); - - return mhi_cntrl->write_sync(mhi_cntrl, &buf_info); + return ret; } void mhi_ep_ring_init(struct mhi_ep_ring *ring, enum mhi_ep_ring_type type, u32 id) --- base-commit: 1e26c5e28ca5821a824e90dd359556f5e9e7b89f change-id: 20250328-rp_fix-d7ebc18bc3be Best regards, -- Sumit Kumar <quic_sumk(a)quicinc.com>

6 months, 1 week

4
4
0 0

[PATCH 1/2] PCI/MSI: Add MSIX option to write to ENTRY_DATA before any reads

by dullfire＠yahoo.com

From: Jonathan Currier <dullfire(a)yahoo.com> Commit 7d5ec3d36123 ("PCI/MSI: Mask all unused MSI-X entries") introduces a readl() from ENTRY_VECTOR_CTRL before the writel() to ENTRY_DATA. This is correct, however some hardware, like the Sun Neptune chips, the niu module, will cause an error and/or fatal trap if any MSIX table entry is read before the corresponding ENTRY_DATA field is written to. This patch adds an optional early writel() in msix_prepare_msi_desc(). Cc: stable(a)vger.kernel.org Signed-off-by: Jonathan Currier <dullfire(a)yahoo.com> --- drivers/pci/msi/msi.c | 2 ++ include/linux/pci.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/drivers/pci/msi/msi.c b/drivers/pci/msi/msi.c index 3a45879d85db..50d87fb5e37f 100644 --- a/drivers/pci/msi/msi.c +++ b/drivers/pci/msi/msi.c @@ -611,6 +611,8 @@ void msix_prepare_msi_desc(struct pci_dev *dev, struct msi_desc *desc) if (desc->pci.msi_attrib.can_mask) { void __iomem *addr = pci_msix_desc_addr(desc); + if (dev->dev_flags & PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST) + writel(0, addr + PCI_MSIX_ENTRY_DATA); desc->pci.msix_ctrl = readl(addr + PCI_MSIX_ENTRY_VECTOR_CTRL); } } diff --git a/include/linux/pci.h b/include/linux/pci.h index 37d97bef060f..b8b95b58d522 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -245,6 +245,8 @@ enum pci_dev_flags { PCI_DEV_FLAGS_NO_RELAXED_ORDERING = (__force pci_dev_flags_t) (1 << 11), /* Device does honor MSI masking despite saying otherwise */ PCI_DEV_FLAGS_HAS_MSI_MASKING = (__force pci_dev_flags_t) (1 << 12), + /* Device requires write to PCI_MSIX_ENTRY_DATA before any MSIX reads */ + PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST = (__force pci_dev_flags_t) (1 << 13), }; enum pci_irq_reroute_variant { -- 2.45.2

6 months, 1 week

5
7
0 0

[PATCH 2/2] net/niu: niu requires MSIX ENTRY_DATA fields touch before entry reads

by dullfire＠yahoo.com

From: Jonathan Currier <dullfire(a)yahoo.com> Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writes to other registers are not sufficient to prevent the fatal trap, however the value does not appear to matter. This only needs to happen once after power up, so simply rebooting into a kernel lacking this fix will NOT cause the trap. NON-RESUMABLE ERROR: Reporting on cpu 64 NON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0> NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000] NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff] NON-RESUMABLE ERROR: type [precise nonresumable] NON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv > NON-RESUMABLE ERROR: raddr [0xffffffffffffffff] NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c] NON-RESUMABLE ERROR: size [0x8] NON-RESUMABLE ERROR: asi [0x00] CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63 Workqueue: events work_for_cpu_fn TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted TPC: <msix_prepare_msi_desc+0x90/0xa0> g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100 g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000 o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620 o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128 RPC: <__pci_enable_msix_range+0x3cc/0x460> l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020 l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734 i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0 I7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]> Call Trace: [<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu] [<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu] [<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu] [<00000000005ef3e4>] local_pci_probe+0x28/0x74 [<0000000000469240>] work_for_cpu_fn+0x8/0x1c [<000000000046b008>] process_scheduled_works+0x144/0x210 [<000000000046b518>] worker_thread+0x13c/0x1c0 [<00000000004710e0>] kthread+0xb8/0xc8 [<00000000004060c8>] ret_from_fork+0x1c/0x2c [<0000000000000000>] 0x0 Kernel panic - not syncing: Non-resumable error. Fixes: 7d5ec3d36123 ("PCI/MSI: Mask all unused MSI-X entries") Cc: stable(a)vger.kernel.org Signed-off-by: Jonathan Currier <dullfire(a)yahoo.com> --- drivers/net/ethernet/sun/niu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c index 41a27ae58ced..f5449b73b9a7 100644 --- a/drivers/net/ethernet/sun/niu.c +++ b/drivers/net/ethernet/sun/niu.c @@ -9058,6 +9058,8 @@ static void niu_try_msix(struct niu *np, u8 *ldg_num_map) msi_vec[i].entry = i; } + pdev->dev_flags |= PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST; + num_irqs = pci_enable_msix_range(pdev, msi_vec, 1, num_irqs); if (num_irqs < 0) { np->flags &= ~NIU_FLAGS_MSIX; -- 2.45.2

6 months, 1 week

2
1
0 0

[PATCH v2] sparc: fix error handling in scan_one_device()

by Ma Ke

Once of_device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). Calling path: of_device_register() -> of_device_add() -> device_add(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: cf44bbc26cf1 ("[SPARC]: Beginnings of generic of_device framework.") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - retained kfree() manually due to the lack of a release callback function. --- arch/sparc/kernel/of_device_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/sparc/kernel/of_device_64.c b/arch/sparc/kernel/of_device_64.c index f98c2901f335..f53092b07b9e 100644 --- a/arch/sparc/kernel/of_device_64.c +++ b/arch/sparc/kernel/of_device_64.c @@ -677,6 +677,7 @@ static struct platform_device * __init scan_one_device(struct device_node *dp, if (of_device_register(op)) { printk("%pOF: Could not register of device.\n", dp); + put_device(&op->dev); kfree(op); op = NULL; } -- 2.25.1

6 months, 1 week

1
0
0 0

[PATCH] ksmbd: Prevent integer overflow in calculation of deadtime

by Denis Arefev

The user can set any value for 'deadtime'. This affects the arithmetic expression 'req->deadtime * SMB_ECHO_INTERVAL', which is subject to overflow. The added check makes the server behavior more predictable. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- fs/smb/server/transport_ipc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/smb/server/transport_ipc.c b/fs/smb/server/transport_ipc.c index 3f185ae60dc5..2a3e2b0ce557 100644 --- a/fs/smb/server/transport_ipc.c +++ b/fs/smb/server/transport_ipc.c @@ -310,7 +310,11 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) server_conf.signing = req->signing; server_conf.tcp_port = req->tcp_port; server_conf.ipc_timeout = req->ipc_timeout * HZ; - server_conf.deadtime = req->deadtime * SMB_ECHO_INTERVAL; + if (check_mul_overflow(req->deadtime, SMB_ECHO_INTERVAL, + &server_conf.deadtime)) { + ret = -EINVAL; + goto out; + } server_conf.share_fake_fscaps = req->share_fake_fscaps; ksmbd_init_domain(req->sub_auth); @@ -337,6 +341,7 @@ static int ipc_server_config_on_startup(struct ksmbd_startup_request *req) server_conf.bind_interfaces_only = req->bind_interfaces_only; ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req), req->ifc_list_sz); +out: if (ret) { pr_err("Server configuration error: %s %s %s\n", req->netbios_name, req->server_string, -- 2.43.0

6 months, 1 week

2
1
0 0

+ v2-ocfs2-fix-panic-in-failed-foilio-allocation.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix panic in failed foilio allocation has been added to the -mm mm-nonmm-unstable branch. Its filename is v2-ocfs2-fix-panic-in-failed-foilio-allocation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mark Tinguely <mark.tinguely(a)oracle.com> Subject: ocfs2: fix panic in failed foilio allocation Date: Fri, 11 Apr 2025 11:31:24 -0500 In the page to order 0 folio conversion series, commits 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and 9a5e08652dc4 ("ocfs2: use an array of folios instead of an array of pages") save -ENOMEM in the folio array upon allocation failure and call the folio array free code. The folio array free code expects either valid folio pointers or NULL. Finding the -ENOMEM will result in a panic. Fix by NULLing the error folio entry. Link: https://lkml.kernel.org/r/c879a52b-835c-4fa0-902b-8b2e9196dcbd@oracle.com Fixes: 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") FIxes: 9a5e08652dc4 ("ocfs2: use an array of folios instead of an array of pages") Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/alloc.c | 1 + fs/ocfs2/aops.c | 1 + 2 files changed, 2 insertions(+) --- a/fs/ocfs2/alloc.c~v2-ocfs2-fix-panic-in-failed-foilio-allocation +++ a/fs/ocfs2/alloc.c @@ -6918,6 +6918,7 @@ static int ocfs2_grab_folios(struct inod if (IS_ERR(folios[numfolios])) { ret = PTR_ERR(folios[numfolios]); mlog_errno(ret); + folios[numfolios] = NULL; goto out; } --- a/fs/ocfs2/aops.c~v2-ocfs2-fix-panic-in-failed-foilio-allocation +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from mark.tinguely(a)oracle.com are v2-ocfs2-fix-panic-in-failed-foilio-allocation.patch

6 months, 1 week

1
0
0 0

[PATCH] f2fs: prevent kernel warning due to negative i_nlink from corrupted image

by Jaegeuk Kim

WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 70 07 00 00 e8 f9 67 e6 ff f0 48 ff 83 70 07 00 00 5b 5d e9 9a 12 82 ff e8 95 12 82 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 83 12 82 ff e8 fe 5f e6 ff RSP: 0018:ffffc900026b7c28 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8239710f RDX: ffff888041345a00 RSI: ffffffff8239717b RDI: 0000000000000005 RBP: ffff888054509ad0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff9ab36f08 R12: ffff88804bb40000 R13: ffff8880545091e0 R14: 0000000000008000 R15: ffff8880545091e0 FS: 000055555d0c5880(0000) GS:ffff8880eb3e3000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f915c55b178 CR3: 0000000050d20000 CR4: 0000000000352ef0 Call Trace: <task> f2fs_i_links_write home/cc/linux/fs/f2fs/f2fs.h:3194 [inline] f2fs_drop_nlink+0xd1/0x3c0 home/cc/linux/fs/f2fs/dir.c:845 f2fs_delete_entry+0x542/0x1450 home/cc/linux/fs/f2fs/dir.c:909 f2fs_unlink+0x45c/0x890 home/cc/linux/fs/f2fs/namei.c:581 vfs_unlink+0x2fb/0x9b0 home/cc/linux/fs/namei.c:4544 do_unlinkat+0x4c5/0x6a0 home/cc/linux/fs/namei.c:4608 __do_sys_unlink home/cc/linux/fs/namei.c:4654 [inline] __se_sys_unlink home/cc/linux/fs/namei.c:4652 [inline] __x64_sys_unlink+0xc5/0x110 home/cc/linux/fs/namei.c:4652 do_syscall_x64 home/cc/linux/arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc7/0x250 home/cc/linux/arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb3d092324b Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdc232d938 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3d092324b RDX: 00007ffdc232d960 RSI: 00007ffdc232d960 RDI: 00007ffdc232d9f0 RBP: 00007ffdc232d9f0 R08: 0000000000000001 R09: 00007ffdc232d7c0 R10: 00000000fffffffd R11: 0000000000000206 R12: 00007ffdc232eaf0 R13: 000055555d0cebb0 R14: 00007ffdc232d958 R15: 0000000000000001 </task> Cc: stable(a)vger.kernel.org Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/namei.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index 8f8b9b843bdf..f17cb2489a73 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -569,6 +569,15 @@ static int f2fs_unlink(struct inode *dir, struct dentry *dentry) goto fail; } + if (unlikely(inode->i_nlink == 0)) { + f2fs_warn(F2FS_I_SB(inode), "%s: inode (ino=%lx) has zero i_nlink", + __func__, inode->i_ino); + err = -EFSCORRUPTED; + set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK); + f2fs_put_page(page, 0); + goto fail; + } + f2fs_balance_fs(sbi, true); f2fs_lock_op(sbi); -- 2.49.0.604.gff1f9ca942-goog

6 months, 1 week

3
2
0 0

[PATCH RESEND] sparc: fix error handling in scan_one_device()

by Ma Ke

Once of_device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: cf44bbc26cf1 ("[SPARC]: Beginnings of generic of_device framework.") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- arch/sparc/kernel/of_device_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/sparc/kernel/of_device_64.c b/arch/sparc/kernel/of_device_64.c index f98c2901f335..4272746d7166 100644 --- a/arch/sparc/kernel/of_device_64.c +++ b/arch/sparc/kernel/of_device_64.c @@ -677,7 +677,7 @@ static struct platform_device * __init scan_one_device(struct device_node *dp, if (of_device_register(op)) { printk("%pOF: Could not register of device.\n", dp); - kfree(op); + put_device(&op->dev); op = NULL; } -- 2.25.1

6 months, 1 week

2
1
0 0

Re: Patch "x86/mm/ident_map: Fix theoretical virtual address overflow to zero" has been added to the 6.14-stable tree

by Kirill A. Shutemov

On Mon, Apr 14, 2025 at 06:37:27AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > x86/mm/ident_map: Fix theoretical virtual address overflow to zero > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-mm-ident_map-fix-theoretical-virtual-address-ove.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. It was explicitly called out that no backporting needed: > [ Backporter's note: there's no need to backport this patch. ] -- Kiryl Shutsemau / Kirill A. Shutemov

6 months, 1 week

2
3
0 0

[PATCH] EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs

by Avadhut Naik

Each Chip-Select (CS) of a Unified Memory Controller (UMC) on AMD EPYC SOCs has an Address Mask and a Secondary Address Mask register associated with it. The amd64_edac module logs DIMM sizes on a per-UMC per-CS granularity during init using these two registers. Currently, the module primarily considers only the Address Mask register for computing DIMM sizes. The Secondary Address Mask register is only considered for odd CS. Additionally, if it has been considered, the Address Mask register is ignored altogether for that CS. For power-of-two DIMMs, this is not an issue since only the Address Mask register is used. For non-power-of-two DIMMs, however, the Secondary Address Mask register is used in conjunction with the Address Mask register. However, since the module only considers either of the two registers for a CS, the size computed by the module is incorrect. The Secondary Address Mask register is not considered for even CS, and the Address Mask register is not considered for odd CS. Furthermore, also rename some variables for greater clarity. Fixes: 81f5090db843 ("EDAC/amd64: Support asymmetric dual-rank DIMMs") Signed-off-by: Avadhut Naik <avadhut.naik(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/edac/amd64_edac.c | 56 ++++++++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 90f0eb7cc5b9..16117fda727f 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -1209,7 +1209,9 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) if (csrow_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_PRIMARY; - /* Asymmetric dual-rank DIMM support. */ + if (csrow_sec_enabled(2 * dimm, ctrl, pvt)) + cs_mode |= CS_EVEN_SECONDARY; + if (csrow_sec_enabled(2 * dimm + 1, ctrl, pvt)) cs_mode |= CS_ODD_SECONDARY; @@ -1230,12 +1232,10 @@ static int umc_get_cs_mode(int dimm, u8 ctrl, struct amd64_pvt *pvt) return cs_mode; } -static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, - int csrow_nr, int dimm) +static int calculate_cs_size(u32 mask, unsigned int cs_mode) { - u32 msb, weight, num_zero_bits; - u32 addr_mask_deinterleaved; - int size = 0; + int msb, weight, num_zero_bits; + u32 deinterleaved_mask = 0; /* * The number of zero bits in the mask is equal to the number of bits @@ -1248,19 +1248,32 @@ static int __addr_mask_to_cs_size(u32 addr_mask_orig, unsigned int cs_mode, * without swapping with the most significant bit. This can be handled * by keeping the MSB where it is and ignoring the single zero bit. */ - msb = fls(addr_mask_orig) - 1; - weight = hweight_long(addr_mask_orig); + msb = fls(mask) - 1; + weight = hweight_long(mask); num_zero_bits = msb - weight - !!(cs_mode & CS_3R_INTERLEAVE); /* Take the number of zero bits off from the top of the mask. */ - addr_mask_deinterleaved = GENMASK_ULL(msb - num_zero_bits, 1); + deinterleaved_mask = GENMASK(msb - num_zero_bits, 1); + edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", deinterleaved_mask); + + return (deinterleaved_mask >> 2) + 1; +} + +static int __addr_mask_to_cs_size(u32 addr_mask, u32 addr_mask_sec, + unsigned int cs_mode, int csrow_nr, int dimm) +{ + int size = 0; edac_dbg(1, "CS%d DIMM%d AddrMasks:\n", csrow_nr, dimm); - edac_dbg(1, " Original AddrMask: 0x%x\n", addr_mask_orig); - edac_dbg(1, " Deinterleaved AddrMask: 0x%x\n", addr_mask_deinterleaved); + edac_dbg(1, " Primary AddrMask: 0x%x\n", addr_mask); /* Register [31:1] = Address [39:9]. Size is in kBs here. */ - size = (addr_mask_deinterleaved >> 2) + 1; + size = calculate_cs_size(addr_mask, cs_mode); + + if (addr_mask_sec) { + edac_dbg(1, " Secondary AddrMask: 0x%x\n", addr_mask); + size += calculate_cs_size(addr_mask_sec, cs_mode); + } /* Return size in MBs. */ return size >> 10; @@ -1270,7 +1283,7 @@ static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { int cs_mask_nr = csrow_nr; - u32 addr_mask_orig; + u32 addr_mask = 0, addr_mask_sec = 0; int dimm, size = 0; /* No Chip Selects are enabled. */ @@ -1308,13 +1321,13 @@ static int umc_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, if (!pvt->flags.zn_regs_v2) cs_mask_nr >>= 1; - /* Asymmetric dual-rank DIMM support. */ - if ((csrow_nr & 1) && (cs_mode & CS_ODD_SECONDARY)) - addr_mask_orig = pvt->csels[umc].csmasks_sec[cs_mask_nr]; - else - addr_mask_orig = pvt->csels[umc].csmasks[cs_mask_nr]; + if (cs_mode & CS_EVEN_PRIMARY || cs_mode & CS_ODD_PRIMARY) + addr_mask = pvt->csels[umc].csmasks[cs_mask_nr]; + + if (cs_mode & CS_EVEN_SECONDARY || cs_mode & CS_ODD_SECONDARY) + addr_mask_sec = pvt->csels[umc].csmasks_sec[cs_mask_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, dimm); + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, dimm); } static void umc_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl) @@ -3512,9 +3525,10 @@ static void gpu_get_err_info(struct mce *m, struct err_info *err) static int gpu_addr_mask_to_cs_size(struct amd64_pvt *pvt, u8 umc, unsigned int cs_mode, int csrow_nr) { - u32 addr_mask_orig = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask = pvt->csels[umc].csmasks[csrow_nr]; + u32 addr_mask_sec = pvt->csels[umc].csmasks_sec[csrow_nr]; - return __addr_mask_to_cs_size(addr_mask_orig, cs_mode, csrow_nr, csrow_nr >> 1); + return __addr_mask_to_cs_size(addr_mask, addr_mask_sec, cs_mode, csrow_nr, csrow_nr >> 1); } static void gpu_debug_display_dimm_sizes(struct amd64_pvt *pvt, u8 ctrl) base-commit: f1861fb575b028e35e6233295441d535f2e3f240 -- 2.43.0

6 months, 1 week

3
4
0 0

[PATCH v3] iio: adc: Correct conditional logic for store mode

by Gabriel Shahrouzi

The mode setting logic in ad7816_store_mode was reversed due to incorrect handling of the strcmp return value. strcmp returns 0 on match, so the `if (strcmp(buf, "full"))` block executed when the input was not "full". This resulted in "full" setting the mode to AD7816_PD (power-down) and other inputs setting it to AD7816_FULL. Fix this by checking it against 0 to correctly check for "full" and "power-down", mapping them to AD7816_FULL and AD7816_PD respectively. Fixes: 7924425db04a ("staging: iio: adc: new driver for AD7816 devices") Cc: stable(a)vger.kernel.org Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> --- Changes since v3: - Tag stable(a)vger.kernel.org instead of an email CC - Use the correct version for patch Changes since v2: - Add fixes tag that references commit that introduced the bug. - Replace sysfs_streq with strcmp. --- drivers/staging/iio/adc/ad7816.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/adc/ad7816.c b/drivers/staging/iio/adc/ad7816.c index 6c14d7bcdd675..081b17f498638 100644 --- a/drivers/staging/iio/adc/ad7816.c +++ b/drivers/staging/iio/adc/ad7816.c @@ -136,7 +136,7 @@ static ssize_t ad7816_store_mode(struct device *dev, struct iio_dev *indio_dev = dev_to_iio_dev(dev); struct ad7816_chip_info *chip = iio_priv(indio_dev); - if (strcmp(buf, "full")) { + if (strcmp(buf, "full") == 0) { gpiod_set_value(chip->rdwr_pin, 1); chip->mode = AD7816_FULL; } else { -- 2.43.0

6 months, 1 week

1
0
0 0

[PATCH] iio: adc: Correct conditional logic for store mode

by Gabriel Shahrouzi

The mode setting logic in ad7816_store_mode was reversed due to incorrect handling of the strcmp return value. strcmp returns 0 on match, so the `if (strcmp(buf, "full"))` block executed when the input was not "full". This resulted in "full" setting the mode to AD7816_PD (power-down) and other inputs setting it to AD7816_FULL. Fix this by checking it against 0 to correctly check for "full" and "power-down", mapping them to AD7816_FULL and AD7816_PD respectively. Fixes: 7924425db04a ("staging: iio: adc: new driver for AD7816 devices") Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> --- Changes since v2: - Add fixes tag that references commit that introduced the bug. - Replace sysfs_streq with strcmp. --- drivers/staging/iio/adc/ad7816.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/adc/ad7816.c b/drivers/staging/iio/adc/ad7816.c index 6c14d7bcdd675..081b17f498638 100644 --- a/drivers/staging/iio/adc/ad7816.c +++ b/drivers/staging/iio/adc/ad7816.c @@ -136,7 +136,7 @@ static ssize_t ad7816_store_mode(struct device *dev, struct iio_dev *indio_dev = dev_to_iio_dev(dev); struct ad7816_chip_info *chip = iio_priv(indio_dev); - if (strcmp(buf, "full")) { + if (strcmp(buf, "full") == 0) { gpiod_set_value(chip->rdwr_pin, 1); chip->mode = AD7816_FULL; } else { -- 2.43.0

6 months, 1 week

2
1
0 0

[PATCH] net: usb: lan78xx: Enforce a minimum interrupt polling period

by Fiona Klute

If a new reset event appears before the previous one has been processed, the device can get stuck into a reset loop. This happens rarely, but blocks the device when it does, and floods the log with messages like the following: lan78xx 2-3:1.0 enp1s0u3: kevent 4 may have been dropped The only bit that the driver pays attention to in the interrupt data is "link was reset". If there's a flapping status bit in that endpoint data (such as if PHY negotiation needs a few tries to get a stable link), polling at a slower rate allows the state to settle. This is a simplified version of a patch that's been in the Raspberry Pi downstream kernel since their 4.14 branch, see also: https://github.com/raspberrypi/linux/issues/2447 Signed-off-by: Fiona Klute <fiona.klute(a)gmx.de> Cc: kernel-list(a)raspberrypi.com Cc: stable(a)vger.kernel.org --- For the stable crew: I've *tested* the patch with 6.12.7 and 6.13.5 on a Revolution Pi Connect 4 (Raspberry Pi CM4 based device with built-in LAN7800 as second ethernet port), according to the linked issue for the RPi downstream kernel the problem should be present in all maintained longterm kernel versions, too (based on how long they've carried a patch). drivers/net/usb/lan78xx.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index a91bf9c7e31d..7bf01a31a932 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -173,6 +173,12 @@ #define INT_EP_GPIO_1 (1) #define INT_EP_GPIO_0 (0) +/* highspeed device, so polling interval is in microframes (eight per + * millisecond) + */ +#define INT_URB_MICROFRAMES_PER_MS 8 +#define MIN_INT_URB_INTERVAL_MS 8 + static const char lan78xx_gstrings[][ETH_GSTRING_LEN] = { "RX FCS Errors", "RX Alignment Errors", @@ -4527,7 +4533,11 @@ static int lan78xx_probe(struct usb_interface *intf, if (ret < 0) goto out4; - period = ep_intr->desc.bInterval; + period = max(ep_intr->desc.bInterval, + MIN_INT_URB_INTERVAL_MS * INT_URB_MICROFRAMES_PER_MS); + dev_info(&intf->dev, + "interrupt urb period set to %d, bInterval is %d\n", + period, ep_intr->desc.bInterval); maxp = usb_maxpacket(dev->udev, dev->pipe_intr); dev->urb_intr = usb_alloc_urb(0, GFP_KERNEL); base-commit: dd83757f6e686a2188997cb58b5975f744bb7786 -- 2.47.2

6 months, 1 week

3
9
0 0

[PATCH] objtool/rust: add one more `noreturn` Rust function

by Miguel Ojeda

Starting with Rust 1.86.0 (see upstream commit b151b513ba2b ("Insert null checks for pointer dereferences when debug assertions are enabled") [1]), under some kernel configurations with `CONFIG_RUST_DEBUG_ASSERTIONS=y`, one may trigger a new `objtool` warning: rust/kernel.o: warning: objtool: _R..._6kernel9workqueue6system() falls through to next function _R...9workqueue14system_highpri() due to a call to the `noreturn` symbol: core::panicking::panic_null_pointer_dereference Thus add it to the list so that `objtool` knows it is actually `noreturn`. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Fixes: 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") Link: https://github.com/rust-lang/rust/commit/b151b513ba2b65c7506ec1a80f2712bbd0… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- tools/objtool/check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 4a1f6c3169b3..67006eeb30c8 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -225,6 +225,7 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_4core9panicking14panic_nounwind") || str_ends_with(func->name, "_4core9panicking18panic_bounds_check") || str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || + str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || strstr(func->name, "_4core9panicking13assert_failed") || strstr(func->name, "_4core9panicking11panic_const24panic_const_") || base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 -- 2.49.0

6 months, 1 week

4
4
0 0

[PATCH] rust: fix building firmware abstraction on 32bit arm

by Christian Schrefl

When trying to build the rust firmware abstractions on 32 bit arm the following build error occures: ``` error[E0308]: mismatched types --> rust/kernel/firmware.rs:20:14 | 20 | Self(bindings::request_firmware) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {request_firmware}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:24:14 | 24 | Self(bindings::firmware_request_nowarn) | ---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expected fn pointer, found fn item | | | arguments to this function are incorrect | = note: expected fn pointer `unsafe extern "C" fn(_, *const i8, _) -> _` found fn item `unsafe extern "C" fn(_, *const u8, _) -> _ {firmware_request_nowarn}` note: tuple struct defined here --> rust/kernel/firmware.rs:14:8 | 14 | struct FwFunc( | ^^^^^^ error[E0308]: mismatched types --> rust/kernel/firmware.rs:64:45 | 64 | let ret = unsafe { func.0(pfw as _, name.as_char_ptr(), dev.as_raw()) }; | ------ ^^^^^^^^^^^^^^^^^^ expected `*const i8`, found `*const u8` | | | arguments to this function are incorrect | = note: expected raw pointer `*const i8` found raw pointer `*const u8` error: aborting due to 3 previous errors ``` To fix this error the char pointer type in `FwFunc` is converted to `ffi::c_char`. Fixes: de6582833db0 ("rust: add firmware abstractions") Cc: stable(a)vger.kernel.org # Backport only to 6.15 needed Signed-off-by: Christian Schrefl <chrisi.schrefl(a)gmail.com> --- rust/kernel/firmware.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rust/kernel/firmware.rs b/rust/kernel/firmware.rs index f04b058b09b2d2397e26344d0e055b3aa5061432..1d6284316f2a4652ef3f76272670e5e29b0ff924 100644 --- a/rust/kernel/firmware.rs +++ b/rust/kernel/firmware.rs @@ -5,14 +5,18 @@ //! C header: [`include/linux/firmware.h`](srctree/include/linux/firmware.h) use crate::{bindings, device::Device, error::Error, error::Result, str::CStr}; -use core::ptr::NonNull; +use core::{ffi, ptr::NonNull}; /// # Invariants /// /// One of the following: `bindings::request_firmware`, `bindings::firmware_request_nowarn`, /// `bindings::firmware_request_platform`, `bindings::request_firmware_direct`. struct FwFunc( - unsafe extern "C" fn(*mut *const bindings::firmware, *const u8, *mut bindings::device) -> i32, + unsafe extern "C" fn( + *mut *const bindings::firmware, + *const ffi::c_char, + *mut bindings::device, + ) -> i32, ); impl FwFunc { --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250408-rust_arm_fix_fw_abstaction-4c3a89d75e29 Best regards, -- Christian Schrefl <chrisi.schrefl(a)gmail.com>

6 months, 1 week

5
10
0 0

[PATCH AUTOSEL 5.4 1/5] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 6f0209d45164f..9c5f546a2e1a3 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

1
4
0 0

[PATCH AUTOSEL 6.14 01/34] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 9ac92dbf680db..9e28f165c114c 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

2
34
0 0

[PATCH AUTOSEL 5.10 01/11] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 6f0209d45164f..9c5f546a2e1a3 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

1
10
0 0

[PATCH AUTOSEL 5.15 01/15] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 6f0209d45164f..9c5f546a2e1a3 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

1
14
0 0

[PATCH AUTOSEL 6.12 01/30] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 9ac92dbf680db..9e28f165c114c 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

2
30
0 0

[PATCH AUTOSEL 6.1 01/17] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 6f0209d45164f..9c5f546a2e1a3 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

1
16
0 0

[PATCH AUTOSEL 6.6 01/24] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 6f0209d45164f..9c5f546a2e1a3 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 1 week

1
23
0 0

[PATCH net 2/2] amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload

by Vishal Badole

According to the XGMAC specification, enabling features such as Layer 3 and Layer 4 Packet Filtering, Split Header, Receive Side Scaling (RSS), and Virtualized Network support automatically selects the IPC Full Checksum Offload Engine on the receive side. When RX checksum offload is disabled, these dependent features must also be disabled to prevent abnormal behavior caused by mismatched feature dependencies. Ensure that toggling RX checksum offload (disabling or enabling) properly disables or enables all dependent features, maintaining consistent and expected behavior in the network device. Cc: stable(a)vger.kernel.org Fixes: c5aa9e3b8156 ("amd-xgbe: Initial AMD 10GbE platform driver") Signed-off-by: Vishal Badole <Vishal.Badole(a)amd.com> --- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 8 ++++++-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 19 +++++++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c index 429c5e1444d8..48a474337d96 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c @@ -3764,8 +3764,12 @@ static int xgbe_init(struct xgbe_prv_data *pdata) xgbe_config_tx_coalesce(pdata); xgbe_config_rx_buffer_size(pdata); xgbe_config_tso_mode(pdata); - xgbe_config_sph_mode(pdata); - xgbe_config_rss(pdata); + + if (pdata->netdev->features & NETIF_F_RXCSUM) { + xgbe_config_sph_mode(pdata); + xgbe_config_rss(pdata); + } + desc_if->wrapper_tx_desc_init(pdata); desc_if->wrapper_rx_desc_init(pdata); xgbe_enable_dma_interrupts(pdata); diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c index f249f89fec38..0146af7f93cd 100755 --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c @@ -2267,6 +2267,16 @@ static netdev_features_t xgbe_fix_features(struct net_device *netdev, } } + if (features & NETIF_F_RXCSUM) { + netdev_notice(netdev, + "forcing receive hashing on\n"); + features |= NETIF_F_RXHASH; + } else { + netdev_notice(netdev, + "forcing receive hashing off\n"); + features &= ~NETIF_F_RXHASH; + } + return features; } @@ -2290,10 +2300,15 @@ static int xgbe_set_features(struct net_device *netdev, if (ret) return ret; - if ((features & NETIF_F_RXCSUM) && !rxcsum) + if ((features & NETIF_F_RXCSUM) && !rxcsum) { + hw_if->enable_sph(pdata); + hw_if->enable_vxlan(pdata); hw_if->enable_rx_csum(pdata); - else if (!(features & NETIF_F_RXCSUM) && rxcsum) + } else if (!(features & NETIF_F_RXCSUM) && rxcsum) { + hw_if->disable_sph(pdata); + hw_if->disable_vxlan(pdata); hw_if->disable_rx_csum(pdata); + } if ((features & NETIF_F_HW_VLAN_CTAG_RX) && !rxvlan) hw_if->enable_rx_vlan_stripping(pdata); -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH v2 1/7] arm64: dts: ti: j721e-sk: Add DT nodes for power regulators

by Yemike Abhilash Chandra

Add device tree nodes for two power regulators on the J721E SK board. vsys_5v0: A fixed regulator representing the 5V supply output from the LM61460 and vdd_sd_dv: A GPIO-controlled TLV71033 regulator. J721E-SK schematics: https://www.ti.com/lit/zip/sprr438 Fixes: 1bfda92a3a36 ("arm64: dts: ti: Add support for J721E SK") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 31 ++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk.dts b/arch/arm64/boot/dts/ti/k3-j721e-sk.dts index 440ef57be294..4965957e6545 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk.dts @@ -184,6 +184,17 @@ vsys_3v3: fixedregulator-vsys3v3 { regulator-boot-on; }; + vsys_5v0: fixedregulator-vsys5v0 { + /* Output of LM61460 */ + compatible = "regulator-fixed"; + regulator-name = "vsys_5v0"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; + vin-supply = <&vusb_main>; + regulator-always-on; + regulator-boot-on; + }; + vdd_mmc1: fixedregulator-sd { compatible = "regulator-fixed"; pinctrl-names = "default"; @@ -211,6 +222,20 @@ vdd_sd_dv_alt: gpio-regulator-tps659411 { <3300000 0x1>; }; + vdd_sd_dv: gpio-regulator-TLV71033 { + compatible = "regulator-gpio"; + pinctrl-names = "default"; + pinctrl-0 = <&vdd_sd_dv_pins_default>; + regulator-name = "tlv71033"; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <3300000>; + regulator-boot-on; + vin-supply = <&vsys_5v0>; + gpios = <&main_gpio0 118 GPIO_ACTIVE_HIGH>; + states = <1800000 0x0>, + <3300000 0x1>; + }; + transceiver1: can-phy1 { compatible = "ti,tcan1042"; #phy-cells = <0>; @@ -613,6 +638,12 @@ J721E_WKUP_IOPAD(0xd4, PIN_OUTPUT, 7) /* (G26) WKUP_GPIO0_9 */ >; }; + vdd_sd_dv_pins_default: vdd-sd-dv-default-pins { + pinctrl-single,pins = < + J721E_IOPAD(0x1dc, PIN_INPUT, 7) /* (Y1) SPI1_CLK.GPIO0_118 */ + >; + }; + wkup_uart0_pins_default: wkup-uart0-default-pins { pinctrl-single,pins = < J721E_WKUP_IOPAD(0xa0, PIN_INPUT, 0) /* (J29) WKUP_UART0_RXD */ -- 2.34.1

6 months, 1 week

3
3
0 0

[PATCH v2 4/7] arm64: dts: ti: k3-j721e-sk: Add requiried voltage supplies for IMX219

by Yemike Abhilash Chandra

The device tree overlay for the IMX219 sensor requires three voltage supplies to be defined: VANA (analog), VDIG (digital core), and VDDL (digital I/O). Add the corresponding voltage supply definitions to avoid dtbs_check warnings. Fixes: f767eb918096 ("arm64: dts: ti: k3-j721e-sk: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- .../dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso index 4a395d1209c8..4eb3cffab032 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso @@ -19,6 +19,33 @@ clk_imx219_fixed: imx219-xclk { #clock-cells = <0>; clock-frequency = <24000000>; }; + + reg_2p8v: regulator-2p8v { + compatible = "regulator-fixed"; + regulator-name = "2P8V"; + regulator-min-microvolt = <2800000>; + regulator-max-microvolt = <2800000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; + + reg_1p8v: regulator-1p8v { + compatible = "regulator-fixed"; + regulator-name = "1P8V"; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; + + reg_1p2v: regulator-1p2v { + compatible = "regulator-fixed"; + regulator-name = "1P2V"; + regulator-min-microvolt = <1200000>; + regulator-max-microvolt = <1200000>; + vin-supply = <&vdd_sd_dv>; + regulator-always-on; + }; }; &csi_mux { @@ -34,6 +61,9 @@ imx219_0: imx219-0@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; + VANA-supply = <&reg_2p8v>; + VDIG-supply = <&reg_1p8v>; + VDDL-supply = <&reg_1p2v>; port { csi2_cam0: endpoint { @@ -55,6 +85,9 @@ imx219_1: imx219-1@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; + VANA-supply = <&reg_2p8v>; + VDIG-supply = <&reg_1p8v>; + VDDL-supply = <&reg_1p2v>; port { csi2_cam1: endpoint { -- 2.34.1

6 months, 1 week

2
2
0 0

[PATCH v1 1/2] platform/x86: int3472: add hpd pin support

by Dongcheng Yan

Typically HDMI to MIPI CSI-2 bridges have a pin to signal image data is being received. On the host side this is wired to a GPIO for polling or interrupts. This includes the Lontium HDMI to MIPI CSI-2 bridges lt6911uxe and lt6911uxc. The GPIO "hpd" is used already by other HDMI to CSI-2 bridges, use it here as well. Signed-off-by: Dongcheng Yan <dongcheng.yan(a)intel.com> --- drivers/platform/x86/intel/int3472/common.h | 1 + drivers/platform/x86/intel/int3472/discrete.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/drivers/platform/x86/intel/int3472/common.h b/drivers/platform/x86/intel/int3472/common.h index 145dec66df64..db4cd3720e24 100644 --- a/drivers/platform/x86/intel/int3472/common.h +++ b/drivers/platform/x86/intel/int3472/common.h @@ -22,6 +22,7 @@ #define INT3472_GPIO_TYPE_POWER_ENABLE 0x0b #define INT3472_GPIO_TYPE_CLK_ENABLE 0x0c #define INT3472_GPIO_TYPE_PRIVACY_LED 0x0d +#define INT3472_GPIO_TYPE_HOTPLUG_DETECT 0x13 #define INT3472_PDEV_MAX_NAME_LEN 23 #define INT3472_MAX_SENSOR_GPIOS 3 diff --git a/drivers/platform/x86/intel/int3472/discrete.c b/drivers/platform/x86/intel/int3472/discrete.c index 30ff8f3ea1f5..28d41b1b3809 100644 --- a/drivers/platform/x86/intel/int3472/discrete.c +++ b/drivers/platform/x86/intel/int3472/discrete.c @@ -186,6 +186,10 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type, *con_id = "privacy-led"; *gpio_flags = GPIO_ACTIVE_HIGH; break; + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: + *con_id = "hpd"; + *gpio_flags = GPIO_LOOKUP_FLAGS_DEFAULT; + break; case INT3472_GPIO_TYPE_POWER_ENABLE: *con_id = "power-enable"; *gpio_flags = GPIO_ACTIVE_HIGH; @@ -212,6 +216,7 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type, * 0x0b Power enable * 0x0c Clock enable * 0x0d Privacy LED + * 0x13 Hotplug detect * * There are some known platform specific quirks where that does not quite * hold up; for example where a pin with type 0x01 (Power down) is mapped to @@ -281,6 +286,7 @@ static int skl_int3472_handle_gpio_resources(struct acpi_resource *ares, switch (type) { case INT3472_GPIO_TYPE_RESET: case INT3472_GPIO_TYPE_POWERDOWN: + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: ret = skl_int3472_map_gpio_to_sensor(int3472, agpio, con_id, gpio_flags); if (ret) err_msg = "Failed to map GPIO pin to sensor\n"; base-commit: 01c6df60d5d4ae00cd5c1648818744838bba7763 -- 2.34.1

6 months, 1 week

6
12
0 0

[PATCH V2 6.14.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9 registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already being used in the kernel. This is required to prevent their EL1 access trap into EL2. The following commits that enabled access into FEAT_PMUv3p9 registers have already been merged upstream from 6.12 onwards. d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") The sysreg patches in this series are required for the final patch which fixes the actual problem. Changes in V2: - Replaced [] with () for upstream commit reference across patches in response to the following warning from Sasha https://lore.kernel.org/stable/f1153021-846b-4fb1-8c4d-9fa813f982d3@arm.com/ Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Documentation/arch/arm64/booting.rst | 22 ++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++ arch/arm64/tools/sysreg | 103 +++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) -- 2.30.2

6 months, 1 week

2
14
0 0

[PATCH 5.10.y] vfio/pci: fix memory leak during D3hot to D0 transition

by Feng Liu

From: Abhishek Sahu <abhsahu(a)nvidia.com> [ Upstream commit eadf88ecf6ac7d6a9f47a76c6055d9a1987a8991 ] If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not have No_Soft_Reset bit set in its PMCSR config register), then the current PCI state will be saved locally in 'vfio_pci_core_device::pm_save' during D0->D3hot transition and same will be restored back during D3hot->D0 transition. For saving the PCI state locally, pci_store_saved_state() is being used and the pci_load_and_free_saved_state() will free the allocated memory. But for reset related IOCTLs, vfio driver calls PCI reset-related API's which will internally change the PCI power state back to D0. So, when the guest resumes, then it will get the current state as D0 and it will skip the call to vfio_pci_set_power_state() for changing the power state to D0 explicitly. In this case, the memory pointed by 'pm_save' will never be freed. In a malicious sequence, the state changing to D3hot followed by VFIO_DEVICE_RESET/VFIO_DEVICE_PCI_HOT_RESET can be run in a loop and it can cause an OOM situation. This patch frees the earlier allocated memory first before overwriting 'pm_save' to prevent the mentioned memory leak. Fixes: 51ef3a004b1e ("vfio/pci: Restore device state on PM transition") Signed-off-by: Abhishek Sahu <abhsahu(a)nvidia.com> Link: https://lore.kernel.org/r/20220217122107.22434-2-abhsahu@nvidia.com Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> [Minor context change fixed] Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- drivers/vfio/pci/vfio_pci.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 57ae8b46b836..7835712f730d 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -299,6 +299,19 @@ int vfio_pci_set_power_state(struct vfio_pci_device *vdev, pci_power_t state) if (!ret) { /* D3 might be unsupported via quirk, skip unless in D3 */ if (needs_save && pdev->current_state >= PCI_D3hot) { + /* + * The current PCI state will be saved locally in + * 'pm_save' during the D3hot transition. When the + * device state is changed to D0 again with the current + * function, then pci_store_saved_state() will restore + * the state and will free the memory pointed by + * 'pm_save'. There are few cases where the PCI power + * state can be changed to D0 without the involvement + * of the driver. For these cases, free the earlier + * allocated memory first before overwriting 'pm_save' + * to prevent the memory leak. + */ + kfree(vdev->pm_save); vdev->pm_save = pci_store_saved_state(pdev); } else if (needs_restore) { pci_load_and_free_saved_state(pdev, &vdev->pm_save); -- 2.34.1

6 months, 1 week

2
1
0 0

[PATCH 1/1] slab: ensure slab->obj_exts is clear in a newly allocated slab page

by Suren Baghdasaryan

ktest recently reported crashes while running several buffered io tests with __alloc_tagging_slab_alloc_hook() at the top of the crash call stack. The signature indicates an invalid address dereference with low bits of slab->obj_exts being set. The bits were outside of the range used by page_memcg_data_flags and objext_flags and hence were not masked out by slab_obj_exts() when obtaining the pointer stored in slab->obj_exts. The typical crash log looks like this: 00510 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 00510 Mem abort info: 00510 ESR = 0x0000000096000045 00510 EC = 0x25: DABT (current EL), IL = 32 bits 00510 SET = 0, FnV = 0 00510 EA = 0, S1PTW = 0 00510 FSC = 0x05: level 1 translation fault 00510 Data abort info: 00510 ISV = 0, ISS = 0x00000045, ISS2 = 0x00000000 00510 CM = 0, WnR = 1, TnD = 0, TagAccess = 0 00510 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 00510 user pgtable: 4k pages, 39-bit VAs, pgdp=0000000104175000 00510 [0000000000000010] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 00510 Internal error: Oops: 0000000096000045 [#1] SMP 00510 Modules linked in: 00510 CPU: 10 UID: 0 PID: 7692 Comm: cat Not tainted 6.15.0-rc1-ktest-g189e17946605 #19327 NONE 00510 Hardware name: linux,dummy-virt (DT) 00510 pstate: 20001005 (nzCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--) 00510 pc : __alloc_tagging_slab_alloc_hook+0xe0/0x190 00510 lr : __kmalloc_noprof+0x150/0x310 00510 sp : ffffff80c87df6c0 00510 x29: ffffff80c87df6c0 x28: 000000000013d1ff x27: 000000000013d200 00510 x26: ffffff80c87df9e0 x25: 0000000000000000 x24: 0000000000000001 00510 x23: ffffffc08041953c x22: 000000000000004c x21: ffffff80c0002180 00510 x20: fffffffec3120840 x19: ffffff80c4821000 x18: 0000000000000000 00510 x17: fffffffec3d02f00 x16: fffffffec3d02e00 x15: fffffffec3d00700 00510 x14: fffffffec3d00600 x13: 0000000000000200 x12: 0000000000000006 00510 x11: ffffffc080bb86c0 x10: 0000000000000000 x9 : ffffffc080201e58 00510 x8 : ffffff80c4821060 x7 : 0000000000000000 x6 : 0000000055555556 00510 x5 : 0000000000000001 x4 : 0000000000000010 x3 : 0000000000000060 00510 x2 : 0000000000000000 x1 : ffffffc080f50cf8 x0 : ffffff80d801d000 00510 Call trace: 00510 __alloc_tagging_slab_alloc_hook+0xe0/0x190 (P) 00510 __kmalloc_noprof+0x150/0x310 00510 __bch2_folio_create+0x5c/0xf8 00510 bch2_folio_create+0x2c/0x40 00510 bch2_readahead+0xc0/0x460 00510 read_pages+0x7c/0x230 00510 page_cache_ra_order+0x244/0x3a8 00510 page_cache_async_ra+0x124/0x170 00510 filemap_readahead.isra.0+0x58/0xa0 00510 filemap_get_pages+0x454/0x7b0 00510 filemap_read+0xdc/0x418 00510 bch2_read_iter+0x100/0x1b0 00510 vfs_read+0x214/0x300 00510 ksys_read+0x6c/0x108 00510 __arm64_sys_read+0x20/0x30 00510 invoke_syscall.constprop.0+0x54/0xe8 00510 do_el0_svc+0x44/0xc8 00510 el0_svc+0x18/0x58 00510 el0t_64_sync_handler+0x104/0x130 00510 el0t_64_sync+0x154/0x158 00510 Code: d5384100 f9401c01 b9401aa3 b40002e1 (f8227881) 00510 ---[ end trace 0000000000000000 ]--- 00510 Kernel panic - not syncing: Oops: Fatal exception 00510 SMP: stopping secondary CPUs 00510 Kernel Offset: disabled 00510 CPU features: 0x0000,000000e0,00000410,8240500b 00510 Memory Limit: none Investigation indicates that these bits are already set when we allocate slab page and are not zeroed out after allocation. We are not yet sure why these crashes start happening only recently but regardless of the reason, not initializing a field that gets used later is wrong. Fix it by initializing slab->obj_exts during slab page allocation. Fixes: 21c690a349ba ("mm: introduce slabobj_ext to support slab object extensions") Reported-by: Kent Overstreet <kent.overstreet(a)linux.dev> Tested-by: Kent Overstreet <kent.overstreet(a)linux.dev> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Acked-by: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> --- mm/slub.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mm/slub.c b/mm/slub.c index b46f87662e71..dc9e729e1d26 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1973,6 +1973,11 @@ static inline void handle_failed_objexts_alloc(unsigned long obj_exts, #define OBJCGS_CLEAR_MASK (__GFP_DMA | __GFP_RECLAIMABLE | \ __GFP_ACCOUNT | __GFP_NOFAIL) +static inline void init_slab_obj_exts(struct slab *slab) +{ + slab->obj_exts = 0; +} + int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, gfp_t gfp, bool new_slab) { @@ -2058,6 +2063,10 @@ static inline bool need_slab_obj_ext(void) #else /* CONFIG_SLAB_OBJ_EXT */ +static inline void init_slab_obj_exts(struct slab *slab) +{ +} + static int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, gfp_t gfp, bool new_slab) { @@ -2637,6 +2646,7 @@ static struct slab *allocate_slab(struct kmem_cache *s, gfp_t flags, int node) slab->objects = oo_objects(oo); slab->inuse = 0; slab->frozen = 0; + init_slab_obj_exts(slab); account_slab(slab, oo_order(oo), s, flags); base-commit: c496b37f9061db039b413c03ccd33506175fe6ec -- 2.49.0.604.gff1f9ca942-goog

6 months, 1 week

2
4
0 0

[PATCH RESEND] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

by Wentao Liang

The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized. Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets") Cc: stable(a)vger.kernel.org # v3.4+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c index 50dddac8a2ab..1c97cd777225 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c @@ -901,7 +901,9 @@ brcmf_usb_dl_writeimage(struct brcmf_usbdev_info *devinfo, u8 *fw, int fwlen) } /* 1) Prepare USB boot loader for runtime image */ - brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + err = brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state)); + if (err) + goto fail; rdlstate = le32_to_cpu(state.state); rdlbytes = le32_to_cpu(state.bytes); -- 2.42.0.windows.2

6 months, 1 week

2
1
0 0

[PATCH] drm/amdgpu: check a user-provided number of BOs in list

by Denis Arefev

The user can set any value to the variable ‘bo_number’, via the ioctl command DRM_IOCTL_AMDGPU_BO_LIST. This will affect the arithmetic expression ‘in->bo_number * in->bo_info_size’, which is prone to overflow. Add a valid value check. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 964d0fbf6301 ("drm/amdgpu: Allow to create BO lists in CS ioctl v3") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c index 702f6610d024..dd30d2426ff7 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c @@ -189,6 +189,9 @@ int amdgpu_bo_create_list_entry_array(struct drm_amdgpu_bo_list_in *in, struct drm_amdgpu_bo_list_entry *info; int r; + if (!in->bo_number || in->bo_number > UINT_MAX / info_size) + return -EINVAL; + info = kvmalloc_array(in->bo_number, info_size, GFP_KERNEL); if (!info) return -ENOMEM; -- 2.43.0

6 months, 1 week

3
5
0 0

[PATCH RESEND] fsi/core: fix error handling in fsi_slave_init()

by Ma Ke

Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index 50e8736039fe..c494fc0bd747 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.25.1

6 months, 1 week

1
0
0 0

Regression: mt7921e unable to change power state from d3cold to d0 - 6.12.x broken, past LTS 6.6.x works

by Sergio Callegari

There is a nasty regression wrt mt7921e in the last LTS series (6.12). If your computer crashes or fails to get out of hibernation, then at the next boot the mt7921e wifi does not work, with dmesg reporting that it is unable to change power state from d3cold to d0. The issue is nasty, because rebooting won't help. The only solution that I have found to the issue is booting a 6.6 kernel. With that the wife gets alive again. If, at this point, you boot into 6.12, everything seems to be fine again, until a boot fails and from that moment on you are without wifi. Working around the issue is not very discoverable. On my machine not even a hardware reset (40s of power off button pressed) helped alone, without going through the 6.6 kernel boot. I think the regression was introduced with 6.12 and I remember having no issues with previous kernels, but cannot be 100% sure. Similarly, I do not know if the bug is with the wifi card driver itself or with something related to PM or PCIe. The machine on which I am experiencing the issue is an Asus ROG 14 laptop (2022 edition), with AMD CPU and GPU. Thanks for the attention, Sergio

6 months, 1 week

3
6
0 0

[PATCH 5.15.y 2/2] smb: client: fix NULL ptr deref in crypto_aead_setkey()

by jianqi.ren.cn＠windriver.com

From: Paulo Alcantara <pc(a)manguebit.com> commit 4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2 upstream. Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would always be false as @server->cipher_type is unset for SMB3.02. Fix the following KASAN splat by setting @server->cipher_type for SMB3.02 as well. mount.cifs //srv/share /mnt -o vers=3.02,seal,... BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130 Read of size 8 at addr 0000000000000020 by task mount.cifs/1095 CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? crypto_aead_setkey+0x2c/0x130 kasan_report+0xda/0x110 ? crypto_aead_setkey+0x2c/0x130 crypto_aead_setkey+0x2c/0x130 crypt_message+0x258/0xec0 [cifs] ? __asan_memset+0x23/0x50 ? __pfx_crypt_message+0x10/0x10 [cifs] ? mark_lock+0xb0/0x6a0 ? hlock_class+0x32/0xb0 ? mark_lock+0xb0/0x6a0 smb3_init_transform_rq+0x352/0x3f0 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 smb_send_rqst+0x144/0x230 [cifs] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] ? hlock_class+0x32/0xb0 ? smb2_setup_request+0x225/0x3a0 [cifs] ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs] compound_send_recv+0x59b/0x1140 [cifs] ? __pfx_compound_send_recv+0x10/0x10 [cifs] ? __create_object+0x5e/0x90 ? hlock_class+0x32/0xb0 ? do_raw_spin_unlock+0x9a/0xf0 cifs_send_recv+0x23/0x30 [cifs] SMB2_tcon+0x3ec/0xb30 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? __pfx_lock_release+0x10/0x10 ? do_raw_spin_trylock+0xc6/0x120 ? lock_acquire+0x3f/0x90 ? _get_xid+0x16/0xd0 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs] cifs_get_smb_ses+0xcdd/0x10a0 [cifs] ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs] ? cifs_get_tcp_session+0xaa0/0xca0 [cifs] cifs_mount_get_session+0x8a/0x210 [cifs] dfs_mount_share+0x1b0/0x11d0 [cifs] ? __pfx___lock_acquire+0x10/0x10 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? find_held_lock+0x8a/0xa0 ? hlock_class+0x32/0xb0 ? lock_release+0x203/0x5d0 cifs_mount+0xb3/0x3d0 [cifs] ? do_raw_spin_trylock+0xc6/0x120 ? __pfx_cifs_mount+0x10/0x10 [cifs] ? lock_acquire+0x3f/0x90 ? find_nls+0x16/0xa0 ? smb3_update_mnt_flags+0x372/0x3b0 [cifs] cifs_smb3_do_mount+0x1e2/0xc80 [cifs] ? __pfx_vfs_parse_fs_string+0x10/0x10 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs] smb3_get_tree+0x1bf/0x330 [cifs] vfs_get_tree+0x4a/0x160 path_mount+0x3c1/0xfb0 ? kasan_quarantine_put+0xc7/0x1d0 ? __pfx_path_mount+0x10/0x10 ? kmem_cache_free+0x118/0x3e0 ? user_path_at+0x74/0xa0 __x64_sys_mount+0x1a6/0x1e0 ? __pfx___x64_sys_mount+0x10/0x10 ? mark_held_locks+0x1a/0x90 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Cc: Tom Talpey <tom(a)talpey.com> Reported-by: Jianhong Yin <jiyin(a)redhat.com> Cc: stable(a)vger.kernel.org # v6.12 Fixes: b0abcd65ec54 ("smb: client: fix UAF in async decryption") Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") fixes CVE-2024-50047 but brings NULL-pointer dereferebce. So commit 4bdec0d1f658 ("smb: client: fix NULL ptr deref in crypto_aead_setkey()") should be backported too.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/cifs/smb2pdu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 2b2c3330ba96..302c08dfb686 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1028,7 +1028,9 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context * Set the cipher type manually. */ - if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) + if ((server->dialect == SMB30_PROT_ID || + server->dialect == SMB302_PROT_ID) && + (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, -- 2.34.1

6 months, 1 week

1
0
0 0

[PATCH 5.15.y 1/2] smb: client: fix UAF in async decryption

by jianqi.ren.cn＠windriver.com

From: Enzo Matsumiya <ematsumiya(a)suse.de> commit b0abcd65ec545701b8793e12bc27dc98042b151a upstream. Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899 [ 194.197707] [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43 [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs] [ 194.200032] Call Trace: [ 194.200191] <TASK> [ 194.200327] dump_stack_lvl+0x4e/0x70 [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110 [ 194.200809] print_report+0x174/0x505 [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 194.201352] ? srso_return_thunk+0x5/0x5f [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0 [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202128] kasan_report+0xc8/0x150 [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110 [ 194.202616] gf128mul_4k_lle+0xc1/0x110 [ 194.202863] ghash_update+0x184/0x210 [ 194.203103] shash_ahash_update+0x184/0x2a0 [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10 [ 194.203651] ? srso_return_thunk+0x5/0x5f [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340 [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140 [ 194.204434] crypt_message+0xec1/0x10a0 [cifs] [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs] [ 194.208507] ? srso_return_thunk+0x5/0x5f [ 194.209205] ? srso_return_thunk+0x5/0x5f [ 194.209925] ? srso_return_thunk+0x5/0x5f [ 194.210443] ? srso_return_thunk+0x5/0x5f [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs] [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] [ 194.214670] ? srso_return_thunk+0x5/0x5f [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs] This is because TFM is being used in parallel. Fix this by allocating a new AEAD TFM for async decryption, but keep the existing one for synchronous READ cases (similar to what is done in smb3_calc_signature()). Also remove the calls to aead_request_set_callback() and crypto_wait_req() since it's always going to be a synchronous operation. Signed-off-by: Enzo Matsumiya <ematsumiya(a)suse.de> Signed-off-by: Steve French <stfrench(a)microsoft.com> [In linux-5.15, dec and enc fields are named ccmaesdecrypt and ccmaesencrypt.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- fs/cifs/smb2ops.c | 48 +++++++++++++++++++++++++++-------------------- fs/cifs/smb2pdu.c | 6 ++++++ 2 files changed, 34 insertions(+), 20 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 7bce1ab86c4d..da9305f0b6f5 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -4541,7 +4541,7 @@ smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 *key) */ static int crypt_message(struct TCP_Server_Info *server, int num_rqst, - struct smb_rqst *rqst, int enc) + struct smb_rqst *rqst, int enc, struct crypto_aead *tfm) { struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base; @@ -4552,8 +4552,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, u8 key[SMB3_ENC_DEC_KEY_SIZE]; struct aead_request *req; u8 *iv; - DECLARE_CRYPTO_WAIT(wait); - struct crypto_aead *tfm; unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize); void *creq; @@ -4564,15 +4562,6 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, return rc; } - rc = smb3_crypto_aead_allocate(server); - if (rc) { - cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__); - return rc; - } - - tfm = enc ? server->secmech.ccmaesencrypt : - server->secmech.ccmaesdecrypt; - if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) || (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE); @@ -4611,11 +4600,7 @@ crypt_message(struct TCP_Server_Info *server, int num_rqst, aead_request_set_crypt(req, sg, sg, crypt_len, iv); aead_request_set_ad(req, assoc_data_len); - aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - - rc = crypto_wait_req(enc ? crypto_aead_encrypt(req) - : crypto_aead_decrypt(req), &wait); + rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); if (!rc && enc) memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE); @@ -4704,7 +4689,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst, /* fill the 1st iov with a transform header */ fill_transform_hdr(tr_hdr, orig_len, old_rq, server->cipher_type); - rc = crypt_message(server, num_rqst, new_rq, 1); + rc = crypt_message(server, num_rqst, new_rq, 1, server->secmech.ccmaesencrypt); cifs_dbg(FYI, "Encrypt message returned %d\n", rc); if (rc) goto err_free; @@ -4730,8 +4715,9 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, unsigned int npages, unsigned int page_data_size, bool is_offloaded) { - struct kvec iov[2]; + struct crypto_aead *tfm; struct smb_rqst rqst = {NULL}; + struct kvec iov[2]; int rc; iov[0].iov_base = buf; @@ -4746,9 +4732,31 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, rqst.rq_pagesz = PAGE_SIZE; rqst.rq_tailsz = (page_data_size % PAGE_SIZE) ? : PAGE_SIZE; - rc = crypt_message(server, 1, &rqst, 0); + if (is_offloaded) { + if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) || + (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM)) + tfm = crypto_alloc_aead("gcm(aes)", 0, 0); + else + tfm = crypto_alloc_aead("ccm(aes)", 0, 0); + if (IS_ERR(tfm)) { + rc = PTR_ERR(tfm); + cifs_server_dbg(VFS, "%s: Failed alloc decrypt TFM, rc=%d\n", __func__, rc); + + return rc; + } + } else { + if (unlikely(!server->secmech.ccmaesdecrypt)) + return -EIO; + + tfm = server->secmech.ccmaesdecrypt; + } + + rc = crypt_message(server, 1, &rqst, 0, tfm); cifs_dbg(FYI, "Decrypt message returned %d\n", rc); + if (is_offloaded) + crypto_free_aead(tfm); + if (rc) return rc; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index bd7aeb4dcacf..2b2c3330ba96 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1063,6 +1063,12 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) else cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); } + + if (server->cipher_type && !rc) { + rc = smb3_crypto_aead_allocate(server); + if (rc) + cifs_server_dbg(VFS, "%s: crypto alloc failed, rc=%d\n", __func__, rc); + } neg_exit: free_rsp_buf(resp_buftype, rsp); return rc; -- 2.34.1

6 months, 1 week

1
0
0 0

ATTENTION

by SGG ENERGY

Dear stable To whom it may Concern. We PRIVATE COMPANY SGG ENERGY TECHNOLOGY LTD, With BIN Code: 211140900115 and Office address located at Astana, Esil District, Syganak Street, Building 54a, N.P. 142A. With authorized legalized mandate certificate from trusted and reliable supplier refinery of petroleum commodities. Attached kindly find our official offer for your review and if any of our give procedure is acceptable to any ready buyer’s management, do kindly proceed to issue an official ICPO to commence transaction. And further your management is in need of assistance and further clarification do not hesitate to contact our management. Thank You. --- PRIVATE COMPANY SGG ENERGY TECHNOLOGY LTD. Address: Astana, Esil District, Syganak Street, Building 54a, N.P. 142A BIN: 211140900115 Email:kazpetro@sggenergytech.com Tel/WhatsApp: +7 775 540 3537 Director: Dou Shengjun

6 months, 1 week

1
0
0 0

[PATCH RESEND] usb: renesas_usbhs: Add error handling for usbhsf_fifo_select()

by Wentao Liang

In usbhsf_dcp_data_stage_prepare_pop(), the return value of usbhsf_fifo_select() needs to be checked. A proper implementation can be found in usbhsf_dma_try_pop_with_rx_irq(). Add an error check and jump to PIO pop when FIFO selection fails. Fixes: 9e74d601de8a ("usb: gadget: renesas_usbhs: add data/status stage handler") Cc: stable(a)vger.kernel.org # v3.2+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/renesas_usbhs/fifo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index 10607e273879..6cc07ab4782d 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -466,6 +466,7 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, struct usbhs_pipe *pipe = pkt->pipe; struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe); struct usbhs_fifo *fifo = usbhsf_get_cfifo(priv); + int ret; if (usbhs_pipe_is_busy(pipe)) return 0; @@ -480,10 +481,14 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, usbhs_pipe_sequence_data1(pipe); /* DATA1 */ - usbhsf_fifo_select(pipe, fifo, 0); + ret = usbhsf_fifo_select(pipe, fifo, 0); + if (ret < 0) + goto usbhsf_pio_prepare_pop; + usbhsf_fifo_clear(pipe, fifo); usbhsf_fifo_unselect(pipe, fifo); +usbhsf_pio_prepare_pop: /* * change handler to PIO pop */ -- 2.42.0.windows.2

6 months, 2 weeks

2
1
0 0

[PATCH RESEND] media: gspca: Add error handling for stv06xx_read_sensor()

by Wentao Liang

In hdcs_init(), the return value of stv06xx_read_sensor() needs to be checked. A proper implementation can be found in vv6410_dump(). Add a check in loop condition and propergate error code to fix this issue. Fixes: 4c98834addfe ("V4L/DVB (10048): gspca - stv06xx: New subdriver.") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c b/drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c index 5a47dcbf1c8e..303b055fefea 100644 --- a/drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c +++ b/drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c @@ -520,12 +520,13 @@ static int hdcs_init(struct sd *sd) static int hdcs_dump(struct sd *sd) { u16 reg, val; + int err = 0; pr_info("Dumping sensor registers:\n"); - for (reg = HDCS_IDENT; reg <= HDCS_ROWEXPH; reg++) { - stv06xx_read_sensor(sd, reg, &val); + for (reg = HDCS_IDENT; reg <= HDCS_ROWEXPH && !err; reg++) { + err = stv06xx_read_sensor(sd, reg, &val); pr_info("reg 0x%02x = 0x%02x\n", reg, val); } - return 0; + return (err < 0) ? err : 0; } -- 2.42.0.windows.2

6 months, 2 weeks

1
0
0 0

[PATCH RESEND] habanalabs: Add error handling for hl_mmu_get_hop_pte_phys_addr()

by Wentao Liang

In _hl_mmu_v2_hr_map(), If hl_mmu_get_hop_pte_phys_addr() fail to get physical address, the return address will be set as U64_MAX. Hence, the return value of hl_mmu_get_hop_pte_phys_addr() must be checked to prevent invalid address access. Add error handling and propagate return code to caller function to fix this issue. Fixes: 8aa1e1e60553 ("habanalabs: add gaudi2 MMU support") Cc: stable(a)vger.kernel.org # v6.0+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/accel/habanalabs/common/mmu/mmu_v2_hr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/accel/habanalabs/common/mmu/mmu_v2_hr.c b/drivers/accel/habanalabs/common/mmu/mmu_v2_hr.c index 31507b2a431b..cdade07e22c5 100644 --- a/drivers/accel/habanalabs/common/mmu/mmu_v2_hr.c +++ b/drivers/accel/habanalabs/common/mmu/mmu_v2_hr.c @@ -253,6 +253,11 @@ static int _hl_mmu_v2_hr_map(struct hl_ctx *ctx, hop_pte_phys_addr[i] = hl_mmu_get_hop_pte_phys_addr(ctx, mmu_prop, i, hops_pgt_info[i]->phys_addr, scrambled_virt_addr); + if (hop_pte_phys_addr[i] == U64_MAX) { + rc = -EINVAL; + goto err; + } + curr_pte = *(u64 *) (uintptr_t) hl_mmu_hr_pte_phys_to_virt(ctx, hops_pgt_info[i], hop_pte_phys_addr[i], ctx->hdev->asic_prop.pmmu.hop_table_size); -- 2.42.0.windows.2

6 months, 2 weeks

1
0
0 0

[PATCH v2 7/7] arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in OV5640 overlay

by Yemike Abhilash Chandra

The OV5640 device tree overlay incorrectly defined an I2C switch instead of an I2C mux. According to the DT bindings, the correct terminology and node definition should use "i2c-mux" instead of "i2c-switch". Hence, update the same to avoid dtbs_check warnings. Fixes: 635ed9715194 ("arm64: dts: ti: k3-am62x: Add overlays for OV5640") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso | 2 +- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso index ccc7f5e43184..7fc7c95f5cd5 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso index 4eaf9d757dd0..b6bfdfbbdd98 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH v2 6/7] arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 device tree overlay incorrectly defined an I2C switch instead of an I2C mux. According to the DT bindings, the correct terminology and node definition should use "i2c-mux" instead of "i2c-switch". Hence, update the same to avoid dtbs_check warnings. Fixes: 4111db03dc05 ("arm64: dts: ti: k3-am62x: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso index 7a0d35eb04d3..dd090813a32d 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso @@ -22,7 +22,7 @@ &main_i2c2 { #size-cells = <0>; status = "okay"; - i2c-switch@71 { + i2c-mux@71 { compatible = "nxp,pca9543"; #address-cells = <1>; #size-cells = <0>; -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH v2 5/7] arm64: dts: ti: k3-am62x: Remove clock-names property from IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 sensor device tree bindings do not include a clock-names property. Remove the incorrectly added clock-names entry to avoid dtbs_check warnings. Fixes: 4111db03dc05 ("arm64: dts: ti: k3-am62x: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso index 76ca02127f95..7a0d35eb04d3 100644 --- a/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso @@ -39,7 +39,6 @@ ov5640: camera@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; reset-gpios = <&exp1 13 GPIO_ACTIVE_HIGH>; -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH v2 3/7] arm64: dts: ti: k3-j721e-sk: Remove clock-names property from IMX219 overlay

by Yemike Abhilash Chandra

The IMX219 sensor device tree bindings do not include a clock-names property. Remove the incorrectly added clock-names entry to avoid dtbs_check warnings. Fixes: f767eb918096 ("arm64: dts: ti: k3-j721e-sk: Add overlay for IMX219") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso index 47bb5480b5b0..4a395d1209c8 100644 --- a/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso +++ b/arch/arm64/boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso @@ -34,7 +34,6 @@ imx219_0: imx219-0@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; port { csi2_cam0: endpoint { @@ -56,7 +55,6 @@ imx219_1: imx219-1@10 { reg = <0x10>; clocks = <&clk_imx219_fixed>; - clock-names = "xclk"; port { csi2_cam1: endpoint { -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH RESEND] media: dst_ca: Add error handling for dst_comm_init()

by Wentao Liang

The function dst_ci_command() calls the function dst_comm_init() but does not handle the error if the init fails. A proper implementation can be found in dst_command() in /source/drivers/media/pci/bt8xx/dst.c. Add error handling to the dst_comm_init(). Print an error message via dprintk(), and jump to the 'error' label if the function fails. Fixes: 50b215a05878 ("[PATCH] dvb: DST: reorganize Twinhan DST driver to support CI") Cc: stable(a)vger.kernel.org # v2.6+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/media/pci/bt8xx/dst_ca.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/media/pci/bt8xx/dst_ca.c b/drivers/media/pci/bt8xx/dst_ca.c index a9cc6e7a57f9..a743f7653fdd 100644 --- a/drivers/media/pci/bt8xx/dst_ca.c +++ b/drivers/media/pci/bt8xx/dst_ca.c @@ -66,7 +66,10 @@ static int dst_ci_command(struct dst_state* state, u8 * data, u8 *ca_string, u8 u8 reply; mutex_lock(&state->dst_mutex); - dst_comm_init(state); + if (dst_comm_init(state) < 0) { + dprintk(verbose, DST_CA_ERROR, 1, "DST initialization failed."); + goto error; + } msleep(65); if (write_dst(state, data, len)) { -- 2.42.0.windows.2

6 months, 2 weeks

1
0
0 0

[PATCH 6.12.y 0/8] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9 registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already being used in the kernel. This is required to prevent their EL1 access trap into EL2. The following commits that enabled access into FEAT_PMUv3p9 registers have already been merged upstream from 6.12 onwards. d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") The sysreg patches in this series are required for the final patch which fixes the actual problem. Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Rob Herring (Arm) (1): perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control Documentation/arch/arm64/booting.rst | 22 ++++++ arch/arm/include/asm/arm_pmuv3.h | 6 ++ arch/arm64/include/asm/arm_pmuv3.h | 10 +++ arch/arm64/include/asm/el2_setup.h | 25 ++++++ arch/arm64/tools/sysreg | 111 +++++++++++++++++++++++++++ drivers/perf/arm_pmuv3.c | 29 ++++--- include/linux/perf/arm_pmuv3.h | 1 + 7 files changed, 194 insertions(+), 10 deletions(-) -- 2.30.2

6 months, 2 weeks

3
14
0 0

[PATCH v2] gpiolib: Allow to use setters with return value for output-only gpios

by Mathieu Dubois-Briand

The gpiod_direction_output_raw_commit() function checks if any setter callback is present before doing anything. As the new GPIO setters with return values were introduced, make this check also succeed if one is present. Fixes: 98ce1eb1fd87 ("gpiolib: introduce gpio_chip setters that return values") Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com> --- Changes in v2: - Add Fixes: tag and Cc: to stable - Link to v1: https://lore.kernel.org/r/20250411-mdb-gpiolib-setters-fix-v1-1-dea302ab744… --- drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index b8197502a5ac..cd4fecbb41f2 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -2879,7 +2879,7 @@ static int gpiod_direction_output_raw_commit(struct gpio_desc *desc, int value) * output-only, but if there is then not even a .set() operation it * is pretty tricky to drive the output line. */ - if (!guard.gc->set && !guard.gc->direction_output) { + if (!guard.gc->set && !guard.gc->set_rv && !guard.gc->direction_output) { gpiod_warn(desc, "%s: missing set() and direction_output() operations\n", __func__); --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250411-mdb-gpiolib-setters-fix-b87976992070 Best regards, -- Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com>

6 months, 2 weeks

3
2
0 0

[PATCH AUTOSEL 6.14 01/54] wifi: ath9k: use unsigned long for activity check timestamp

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit 8fe64b0fedcb7348080529c46c71ae23f60c9d3e ] Since 'rx_active_check_time' of 'struct ath_softc' is in jiffies, prefer 'unsigned long' over 'u32' to avoid possible truncation in 'ath_hw_rx_inactive_check()'. Found with clang's -Wshorten-64-to-32, compile tested only. Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Link: https://patch.msgid.link/20250115171750.259917-2-dmantipov@yandex.ru Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/ath/ath9k/ath9k.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h index a728cc0387df8..cbcf37008556f 100644 --- a/drivers/net/wireless/ath/ath9k/ath9k.h +++ b/drivers/net/wireless/ath/ath9k/ath9k.h @@ -1018,7 +1018,7 @@ struct ath_softc { u8 gtt_cnt; u32 intrstatus; - u32 rx_active_check_time; + unsigned long rx_active_check_time; u32 rx_active_count; u16 ps_flags; /* PS_* */ bool ps_enabled; -- 2.39.5

6 months, 2 weeks

4
59
0 0

[PATCH AUTOSEL 5.4 1/9] drm: allow encoder mode_set even when connectors change for crtc

by Sasha Levin

From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> [ Upstream commit 7e182cb4f5567f53417b762ec0d679f0b6f0039d ] In certain use-cases, a CRTC could switch between two encoders and because the mode being programmed on the CRTC remains the same during this switch, the CRTC's mode_changed remains false. In such cases, the encoder's mode_set also gets skipped. Skipping mode_set on the encoder for such cases could cause an issue because even though the same CRTC mode was being used, the encoder type could have changed like the CRTC could have switched from a real time encoder to a writeback encoder OR vice-versa. Allow encoder's mode_set to happen even when connectors changed on a CRTC and not just when the mode changed. Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> Signed-off-by: Jessica Zhang <quic_jesszhan(a)quicinc.com> Reviewed-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20241211-abhinavk-modeset-fix… Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/drm_atomic_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index d91d6c063a1d2..70d97a7fc6864 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -1225,7 +1225,7 @@ crtc_set_mode(struct drm_device *dev, struct drm_atomic_state *old_state) mode = &new_crtc_state->mode; adjusted_mode = &new_crtc_state->adjusted_mode; - if (!new_crtc_state->mode_changed) + if (!new_crtc_state->mode_changed && !new_crtc_state->connectors_changed) continue; DRM_DEBUG_ATOMIC("modeset on [ENCODER:%d:%s]\n", -- 2.39.5

6 months, 2 weeks

2
10
0 0

[PATCH v2] KVM: SVM: forcibly leave SMM mode on vCPU reset

by Mikhail Lobanov

Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when a vCPU reset occurs while still in SMM mode, due to the check in kvm_vcpu_reset(). This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, hardware CPUs exit SMM upon receiving a triple fault as part of a hardware reset. To reflect this behavior and avoid triggering the WARN, this patch explicitly calls kvm_smm_changed(vcpu, false) in the SVM-specific shutdown_interception() handler prior to resetting the vCPU. The initial version of this patch attempted to address the issue by calling kvm_smm_changed() inside kvm_vcpu_reset(). However, this approach was not architecturally accurate, as INIT is blocked during SMM and SMM should not be exited implicitly during a generic vCPU reset. This version moves the fix into shutdown_interception() for SVM, where the triple fault is actually handled, and where exiting SMM explicitly is appropriate. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> --- v2: Move SMM exit from kvm_vcpu_reset() to SVM's shutdown_interception(), per suggestion from Sean Christopherson <seanjc(a)google.com>. arch/x86/kvm/svm/svm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d0c5c3300b..34a002a87c28 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2231,6 +2231,8 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) */ if (!sev_es_guest(vcpu->kvm)) { clear_page(svm->vmcb); + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); kvm_vcpu_reset(vcpu, true); } -- 2.47.2

6 months, 2 weeks

2
1
0 0

[PATCH 6.6.y] nvme-rdma: unquiesce admin_q before destroy it

by Feng Liu

From: "Chunguang.xu" <chunguang.xu(a)shopee.com> [ Upstream commit 5858b687559809f05393af745cbadf06dee61295 ] Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code. Fixes: 958dc1d32c80 ("nvme-rdma: add clean action for failed reconnection") Reported-by: Yingfu.zhou <yingfu.zhou(a)shopee.com> Signed-off-by: Chunguang.xu <chunguang.xu(a)shopee.com> Signed-off-by: Yue.zhao <yue.zhao(a)shopee.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [Minor context change fixed] Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- drivers/nvme/host/rdma.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c index c04317a966b3..055b95d2ce93 100644 --- a/drivers/nvme/host/rdma.c +++ b/drivers/nvme/host/rdma.c @@ -1083,13 +1083,7 @@ static int nvme_rdma_setup_ctrl(struct nvme_rdma_ctrl *ctrl, bool new) nvme_rdma_free_io_queues(ctrl); } destroy_admin: - nvme_quiesce_admin_queue(&ctrl->ctrl); - blk_sync_queue(ctrl->ctrl.admin_q); - nvme_rdma_stop_queue(&ctrl->queues[0]); - nvme_cancel_admin_tagset(&ctrl->ctrl); - if (new) - nvme_remove_admin_tag_set(&ctrl->ctrl); - nvme_rdma_destroy_admin_queue(ctrl); + nvme_rdma_teardown_admin_queue(ctrl, new); return ret; } -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH v6.12] nfsd: don't ignore the return code of svc_proc_register()

by cel＠kernel.org

From: Jeff Layton <jlayton(a)kernel.org> [ Upstream commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b ] Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM. Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.… Cc: stable(a)vger.kernel.org # v6.9 Signed-off-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfsd/nfsctl.c | 9 ++++++++- fs/nfsd/stats.c | 4 ++-- fs/nfsd/stats.h | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) I did not have any problem cherry-picking 930b64 onto v6.12.23. This built and ran some simple NFSD tests in my lab. diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index e83629f39604..2e835e7c107e 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -2244,8 +2244,14 @@ static __net_init int nfsd_net_init(struct net *net) NFSD_STATS_COUNTERS_NUM); if (retval) goto out_repcache_error; + memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats)); nn->nfsd_svcstats.program = &nfsd_programs[0]; + if (!nfsd_proc_stat_init(net)) { + retval = -ENOMEM; + goto out_proc_error; + } + for (i = 0; i < sizeof(nn->nfsd_versions); i++) nn->nfsd_versions[i] = nfsd_support_version(i); for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++) @@ -2255,12 +2261,13 @@ static __net_init int nfsd_net_init(struct net *net) nfsd4_init_leases_net(nn); get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key)); seqlock_init(&nn->writeverf_lock); - nfsd_proc_stat_init(net); #if IS_ENABLED(CONFIG_NFS_LOCALIO) INIT_LIST_HEAD(&nn->local_clients); #endif return 0; +out_proc_error: + percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM); out_repcache_error: nfsd_idmap_shutdown(net); out_idmap_error: diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c index bb22893f1157..f7eaf95e20fc 100644 --- a/fs/nfsd/stats.c +++ b/fs/nfsd/stats.c @@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v) DEFINE_PROC_SHOW_ATTRIBUTE(nfsd); -void nfsd_proc_stat_init(struct net *net) +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net) { struct nfsd_net *nn = net_generic(net, nfsd_net_id); - svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); + return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); } void nfsd_proc_stat_shutdown(struct net *net) diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h index 04aacb6c36e2..e4efb0e4e56d 100644 --- a/fs/nfsd/stats.h +++ b/fs/nfsd/stats.h @@ -10,7 +10,7 @@ #include <uapi/linux/nfsd/stats.h> #include <linux/percpu_counter.h> -void nfsd_proc_stat_init(struct net *net); +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net); void nfsd_proc_stat_shutdown(struct net *net); static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn) -- 2.47.0

6 months, 2 weeks

2
1
0 0

[PATCH 6.12.y] libbpf: Prevent compiler warnings/errors

by He Zhe

From: Eder Zulian <ezulian(a)redhat.com> commit 7f4ec77f3fee41dd6a41f03a40703889e6e8f7b2 upstream. Initialize 'new_off' and 'pad_bits' to 0 and 'pad_type' to NULL in btf_dump_emit_bit_padding to prevent compiler warnings/errors which are observed when compiling with 'EXTRA_CFLAGS=-g -Og' options, but do not happen when compiling with current default options. For example, when compiling libbpf with $ make "EXTRA_CFLAGS=-g -Og" -C tools/lib/bpf/ clean all Clang version 17.0.6 and GCC 13.3.1 fail to compile btf_dump.c due to following errors: btf_dump.c: In function ‘btf_dump_emit_bit_padding’: btf_dump.c:903:42: error: ‘new_off’ may be used uninitialized [-Werror=maybe-uninitialized] 903 | if (new_off > cur_off && new_off <= next_off) { | ~~~~~~~~^~~~~~~~~~~ btf_dump.c:870:13: note: ‘new_off’ was declared here 870 | int new_off, pad_bits, bits, i; | ^~~~~~~ btf_dump.c:917:25: error: ‘pad_type’ may be used uninitialized [-Werror=maybe-uninitialized] 917 | btf_dump_printf(d, "\n%s%s: %d;", pfx(lvl), pad_type, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 918 | in_bitfield ? new_off - cur_off : 0); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ btf_dump.c:871:21: note: ‘pad_type’ was declared here 871 | const char *pad_type; | ^~~~~~~~ btf_dump.c:930:20: error: ‘pad_bits’ may be used uninitialized [-Werror=maybe-uninitialized] 930 | if (bits == pad_bits) { | ^ btf_dump.c:870:22: note: ‘pad_bits’ was declared here 870 | int new_off, pad_bits, bits, i; | ^~~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Eder Zulian <ezulian(a)redhat.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/bpf/20241022172329.3871958-3-ezulian@redhat.com Signed-off-by: He Zhe <zhe.he(a)windriver.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- Build test passed. --- tools/lib/bpf/btf_dump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c index 0a7327541c17..46cce18c8308 100644 --- a/tools/lib/bpf/btf_dump.c +++ b/tools/lib/bpf/btf_dump.c @@ -867,8 +867,8 @@ static void btf_dump_emit_bit_padding(const struct btf_dump *d, } pads[] = { {"long", d->ptr_sz * 8}, {"int", 32}, {"short", 16}, {"char", 8} }; - int new_off, pad_bits, bits, i; - const char *pad_type; + int new_off = 0, pad_bits = 0, bits, i; + const char *pad_type = NULL; if (cur_off >= next_off) return; /* no gap */ -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.15] ext4: fix timer use-after-free on failed mount

by Xiangyu Chen

From: Xiaxi Shen <shenxiaxi26(a)gmail.com> commit 0ce160c5bdb67081a62293028dc85758a8efb22a upstream. Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd. Signed-off-by: Xiaxi Shen <shenxiaxi26(a)gmail.com> Reported-and-tested-by: syzbot+59e0101c430934bc9a36(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=59e0101c430934bc9a36 Link: https://patch.msgid.link/20240715043336.98097-1-shenxiaxi26@gmail.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org [Minor context change fixed] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- fs/ext4/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 126b582d85fc..8f33b6db8aae 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -5085,8 +5085,8 @@ failed_mount9: __maybe_unused failed_mount3: /* flush s_error_work before sbi destroy */ flush_work(&sbi->s_error_work); - del_timer_sync(&sbi->s_err_report); ext4_stop_mmpd(sbi); + del_timer_sync(&sbi->s_err_report); failed_mount2: rcu_read_lock(); group_desc = rcu_dereference(sbi->s_group_desc); -- 2.34.1

6 months, 2 weeks

2
3
0 0

[PATCH 5.15.y] bpf: avoid holding freeze_mutex during mmap operation

by David Sauerwein

From: Andrii Nakryiko <andrii(a)kernel.org> [ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ] We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during writeability checks, bump (proactively) "write active" count for the map, unlock the mutex and proceed with mmap logic. And only if something went wrong during mmap logic, then undo that "write active" counter increment. [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/ Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- kernel/bpf/syscall.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 7fce461eae10..6f309248f13f 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -654,7 +654,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = { static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) { struct bpf_map *map = filp->private_data; - int err; + int err = 0; if (!map->ops->map_mmap || map_value_has_spin_lock(map) || map_value_has_timer(map)) @@ -679,7 +679,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) err = -EACCES; goto out; } + bpf_map_write_active_inc(map); } +out: + mutex_unlock(&map->freeze_mutex); + if (err) + return err; /* set default open/close callbacks */ vma->vm_ops = &bpf_map_default_vmops; @@ -690,13 +695,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) vma->vm_flags &= ~VM_MAYWRITE; err = map->ops->map_mmap(map, vma); - if (err) - goto out; + if (err) { + if (vma->vm_flags & VM_WRITE) + bpf_map_write_active_dec(map); + } - if (vma->vm_flags & VM_MAYWRITE) - bpf_map_write_active_inc(map); -out: - mutex_unlock(&map->freeze_mutex); return err; } -- 2.47.1

6 months, 2 weeks

2
1
0 0

[PATCH 0/2] Stable-6.6 backport x86/xen: fix memblock_reserve() usage on PVH

by Jason Andryuk

For stable-6.6. ("x86/xen: fix memblock_reserve() usage on PVH") is the fix, but it depends on ("x86/xen: move xen_reserve_extra_memory()") as a prerequisite. Both need fixups as they predate the removal of the Xen hypercall_page. Roger Pau Monne (2): x86/xen: move xen_reserve_extra_memory() x86/xen: fix memblock_reserve() usage on PVH arch/x86/include/asm/xen/hypervisor.h | 5 -- arch/x86/platform/pvh/enlighten.c | 3 - arch/x86/xen/enlighten_pvh.c | 93 +++++++++++++++------------ 3 files changed, 51 insertions(+), 50 deletions(-) -- 2.49.0

6 months, 2 weeks

2
4
0 0

[PATCH 6.1.y] bpf: Prevent tail call between progs attached to different hooks

by jianqi.ren.cn＠windriver.com

From: Xu Kuohai <xukuohai(a)huawei.com> [ Upstream commit 28ead3eaabc16ecc907cfb71876da028080f6356 ] bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is attached to func2 which takes two parameters. Since verifier assumes the bpf ctx passed to prog2 is constructed based on func2's prototype, verifier allows prog2 to access the second parameter from the bpf ctx passed to it. The problem is that verifier does not prevent prog1 from passing its bpf ctx to prog2 via tail call. In this case, the bpf ctx passed to prog2 is constructed from func1 instead of func2, that is, the assumption for ctx access verification is bypassed. Another example, if BPF LSM prog1 is attached to hook file_alloc_security, and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier knows the return value rules for these two hooks, e.g. it is legal for bpf_lsm_audit_rule_known to return positive number 1, and it is illegal for file_alloc_security to return positive number. So verifier allows prog2 to return positive number 1, but does not allow prog1 to return positive number. The problem is that verifier does not prevent prog1 from calling prog2 via tail call. In this case, prog2's return value 1 will be used as the return value for prog1's hook file_alloc_security. That is, the return value rule is bypassed. This patch adds restriction for tail call to prevent such bypasses. Signed-off-by: Xu Kuohai <xukuohai(a)huawei.com> Link: https://lore.kernel.org/r/20240719110059.797546-4-xukuohai@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- include/linux/bpf.h | 1 + kernel/bpf/core.c | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 2189c0d18fa7..e9c1338851e3 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -250,6 +250,7 @@ struct bpf_map { * same prog type, JITed flag and xdp_has_frags flag. */ struct { + const struct btf_type *attach_func_proto; spinlock_t lock; enum bpf_prog_type type; bool jited; diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 83b416af4da1..c281f5b8705e 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -2121,6 +2121,7 @@ bool bpf_prog_map_compatible(struct bpf_map *map, { enum bpf_prog_type prog_type = resolve_prog_type(fp); bool ret; + struct bpf_prog_aux *aux = fp->aux; if (fp->kprobe_override) return false; @@ -2132,12 +2133,26 @@ bool bpf_prog_map_compatible(struct bpf_map *map, */ map->owner.type = prog_type; map->owner.jited = fp->jited; - map->owner.xdp_has_frags = fp->aux->xdp_has_frags; + map->owner.xdp_has_frags = aux->xdp_has_frags; + map->owner.attach_func_proto = aux->attach_func_proto; ret = true; } else { ret = map->owner.type == prog_type && map->owner.jited == fp->jited && - map->owner.xdp_has_frags == fp->aux->xdp_has_frags; + map->owner.xdp_has_frags == aux->xdp_has_frags; + if (ret && + map->owner.attach_func_proto != aux->attach_func_proto) { + switch (prog_type) { + case BPF_PROG_TYPE_TRACING: + case BPF_PROG_TYPE_LSM: + case BPF_PROG_TYPE_EXT: + case BPF_PROG_TYPE_STRUCT_OPS: + ret = false; + break; + default: + break; + } + } } spin_unlock(&map->owner.lock); -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.1.y] bpf: avoid holding freeze_mutex during mmap operation

by David Sauerwein

From: Andrii Nakryiko <andrii(a)kernel.org> [ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ] We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during writeability checks, bump (proactively) "write active" count for the map, unlock the mutex and proceed with mmap logic. And only if something went wrong during mmap logic, then undo that "write active" counter increment. [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/ Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- kernel/bpf/syscall.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 7a4004f09bae..27fdf1b2fc46 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -813,7 +813,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = { static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) { struct bpf_map *map = filp->private_data; - int err; + int err = 0; if (!map->ops->map_mmap || map_value_has_spin_lock(map) || map_value_has_timer(map) || map_value_has_kptrs(map)) @@ -838,7 +838,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) err = -EACCES; goto out; } + bpf_map_write_active_inc(map); } +out: + mutex_unlock(&map->freeze_mutex); + if (err) + return err; /* set default open/close callbacks */ vma->vm_ops = &bpf_map_default_vmops; @@ -849,13 +854,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) vma->vm_flags &= ~VM_MAYWRITE; err = map->ops->map_mmap(map, vma); - if (err) - goto out; + if (err) { + if (vma->vm_flags & VM_WRITE) + bpf_map_write_active_dec(map); + } - if (vma->vm_flags & VM_MAYWRITE) - bpf_map_write_active_inc(map); -out: - mutex_unlock(&map->freeze_mutex); return err; } -- 2.47.1

6 months, 2 weeks

2
1
0 0

[PATCH v6.13] nfsd: don't ignore the return code of svc_proc_register()

by cel＠kernel.org

From: Jeff Layton <jlayton(a)kernel.org> [ Upstream commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b ] Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM. Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.… Cc: stable(a)vger.kernel.org # v6.9 Signed-off-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfsd/nfsctl.c | 9 ++++++++- fs/nfsd/stats.c | 4 ++-- fs/nfsd/stats.h | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) I did not have any problem cherry-picking 930b64 onto v6.13.11. This built and ran some simple NFSD tests in my lab. diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index e83629f39604..2e835e7c107e 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -2244,8 +2244,14 @@ static __net_init int nfsd_net_init(struct net *net) NFSD_STATS_COUNTERS_NUM); if (retval) goto out_repcache_error; + memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats)); nn->nfsd_svcstats.program = &nfsd_programs[0]; + if (!nfsd_proc_stat_init(net)) { + retval = -ENOMEM; + goto out_proc_error; + } + for (i = 0; i < sizeof(nn->nfsd_versions); i++) nn->nfsd_versions[i] = nfsd_support_version(i); for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++) @@ -2255,12 +2261,13 @@ static __net_init int nfsd_net_init(struct net *net) nfsd4_init_leases_net(nn); get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key)); seqlock_init(&nn->writeverf_lock); - nfsd_proc_stat_init(net); #if IS_ENABLED(CONFIG_NFS_LOCALIO) INIT_LIST_HEAD(&nn->local_clients); #endif return 0; +out_proc_error: + percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM); out_repcache_error: nfsd_idmap_shutdown(net); out_idmap_error: diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c index bb22893f1157..f7eaf95e20fc 100644 --- a/fs/nfsd/stats.c +++ b/fs/nfsd/stats.c @@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v) DEFINE_PROC_SHOW_ATTRIBUTE(nfsd); -void nfsd_proc_stat_init(struct net *net) +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net) { struct nfsd_net *nn = net_generic(net, nfsd_net_id); - svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); + return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops); } void nfsd_proc_stat_shutdown(struct net *net) diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h index 04aacb6c36e2..e4efb0e4e56d 100644 --- a/fs/nfsd/stats.h +++ b/fs/nfsd/stats.h @@ -10,7 +10,7 @@ #include <uapi/linux/nfsd/stats.h> #include <linux/percpu_counter.h> -void nfsd_proc_stat_init(struct net *net); +struct proc_dir_entry *nfsd_proc_stat_init(struct net *net); void nfsd_proc_stat_shutdown(struct net *net); static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn) -- 2.47.0

6 months, 2 weeks

2
1
0 0

[PATCH 5.10.y] bpf: avoid holding freeze_mutex during mmap operation

by David Sauerwein

From: Andrii Nakryiko <andrii(a)kernel.org> [ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ] We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during writeability checks, bump (proactively) "write active" count for the map, unlock the mutex and proceed with mmap logic. And only if something went wrong during mmap logic, then undo that "write active" counter increment. [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/ Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- kernel/bpf/syscall.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 008bb4e5c4dd..dc3d9a111cf1 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -647,7 +647,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = { static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) { struct bpf_map *map = filp->private_data; - int err; + int err = 0; if (!map->ops->map_mmap || map_value_has_spin_lock(map)) return -ENOTSUPP; @@ -671,7 +671,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) err = -EACCES; goto out; } + bpf_map_write_active_inc(map); } +out: + mutex_unlock(&map->freeze_mutex); + if (err) + return err; /* set default open/close callbacks */ vma->vm_ops = &bpf_map_default_vmops; @@ -682,13 +687,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) vma->vm_flags &= ~VM_MAYWRITE; err = map->ops->map_mmap(map, vma); - if (err) - goto out; + if (err) { + if (vma->vm_flags & VM_WRITE) + bpf_map_write_active_dec(map); + } - if (vma->vm_flags & VM_MAYWRITE) - bpf_map_write_active_inc(map); -out: - mutex_unlock(&map->freeze_mutex); return err; } -- 2.47.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.1.y] block: make bio_check_eod work for zero sized devices

by Miguel García

From: Christoph Hellwig <hch(a)lst.de> commit 3eb96946f0be6bf447cbdf219aba22bc42672f92 upstream. This patch is a backport. Since the dawn of time bio_check_eod has a check for a non-zero size of the device. This doesn't really make any sense as we never want to send I/O to a device that's been set to zero size, or never moved out of that. I am a bit surprised we haven't caught this for a long time, but the removal of the extra validation inside of zram caused syzbot to trip over this issue recently. I've added a Fixes tag for that commit, but the issue really goes back way before git history. Fixes: 9fe95babc742 ("zram: remove valid_io_request") Reported-by: syzbot+2aca91e1d3ae43aef10c(a)syzkaller.appspotmail.com Bug: https://syzkaller.appspot.com/bug?extid=2aca91e1d3ae43aef10c Signed-off-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20230524060538.1593686-1-hch@lst.de Signed-off-by: Jens Axboe <axboe(a)kernel.dk> (cherry picked from commit 3eb96946f0be6bf447cbdf219aba22bc42672f92) Signed-off-by: Miguel García <miguelgarciaroman8(a)gmail.com> --- block/blk-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index 94941e3ce219..6a66f4f6912f 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -515,7 +515,7 @@ static inline int bio_check_eod(struct bio *bio) sector_t maxsector = bdev_nr_sectors(bio->bi_bdev); unsigned int nr_sectors = bio_sectors(bio); - if (nr_sectors && maxsector && + if (nr_sectors && (nr_sectors > maxsector || bio->bi_iter.bi_sector > maxsector - nr_sectors)) { pr_info_ratelimited("%s: attempt to access beyond end of device\n" -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH 5.15.y] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

by David Sauerwein

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7601df8031fd67310af891897ef6cc0df4209305 ] lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless. Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- fs/proc/array.c | 53 +++++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index c925287a4dc4..2cb01aaa6718 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -462,12 +462,12 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, int permitted; struct mm_struct *mm; unsigned long long start_time; - unsigned long cmin_flt = 0, cmaj_flt = 0; - unsigned long min_flt = 0, maj_flt = 0; - u64 cutime, cstime, utime, stime; - u64 cgtime, gtime; + unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt; + u64 cutime, cstime, cgtime, utime, stime, gtime; unsigned long rsslim = 0; unsigned long flags; + struct signal_struct *sig = task->signal; + unsigned int seq = 1; state = *get_task_state(task); vsize = eip = esp = 0; @@ -495,12 +495,8 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = 0; - cgtime = gtime = 0; if (lock_task_sighand(task, &flags)) { - struct signal_struct *sig = task->signal; - if (sig->tty) { struct pid *pgrp = tty_get_pgrp(sig->tty); tty_pgrp = pid_nr_ns(pgrp, ns); @@ -511,36 +507,45 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, num_threads = get_nr_threads(task); collect_sigign_sigcatch(task, &sigign, &sigcatch); + rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); + + sid = task_session_nr_ns(task, ns); + ppid = task_tgid_nr_ns(task->real_parent, ns); + pgid = task_pgrp_nr_ns(task, ns); + + unlock_task_sighand(task, &flags); + } + + if (permitted && (!whole || num_threads < 2)) + wchan = !task_is_running(task); + + do { + seq++; /* 2 on the 1st/lockless path, otherwise odd */ + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); + cmin_flt = sig->cmin_flt; cmaj_flt = sig->cmaj_flt; cutime = sig->cutime; cstime = sig->cstime; cgtime = sig->cgtime; - rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); - /* add up live thread stats at the group level */ if (whole) { struct task_struct *t = task; + + min_flt = sig->min_flt; + maj_flt = sig->maj_flt; + gtime = sig->gtime; + + rcu_read_lock(); do { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); } while_each_thread(task, t); - - min_flt += sig->min_flt; - maj_flt += sig->maj_flt; - gtime += sig->gtime; + rcu_read_unlock(); } - - sid = task_session_nr_ns(task, ns); - ppid = task_tgid_nr_ns(task->real_parent, ns); - pgid = task_pgrp_nr_ns(task, ns); - - unlock_task_sighand(task, &flags); - } - - if (permitted && (!whole || num_threads < 2)) - wchan = !task_is_running(task); + } while (need_seqretry(&sig->stats_lock, seq)); + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (whole) { thread_group_cputime_adjusted(task, &utime, &stime); -- 2.47.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.10.y] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

by David Sauerwein

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7601df8031fd67310af891897ef6cc0df4209305 ] lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless. Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: David Sauerwein <dssauerw(a)amazon.de> --- fs/proc/array.c | 52 ++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 18a4588c35be..8fba6d39e776 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -443,12 +443,12 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, int permitted; struct mm_struct *mm; unsigned long long start_time; - unsigned long cmin_flt = 0, cmaj_flt = 0; - unsigned long min_flt = 0, maj_flt = 0; - u64 cutime, cstime, utime, stime; - u64 cgtime, gtime; + unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt; + u64 cutime, cstime, cgtime, utime, stime, gtime; unsigned long rsslim = 0; unsigned long flags; + struct signal_struct *sig = task->signal; + unsigned int seq = 1; state = *get_task_state(task); vsize = eip = esp = 0; @@ -476,12 +476,9 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = utime = stime = 0; - cgtime = gtime = 0; + utime = stime = 0; if (lock_task_sighand(task, &flags)) { - struct signal_struct *sig = task->signal; - if (sig->tty) { struct pid *pgrp = tty_get_pgrp(sig->tty); tty_pgrp = pid_nr_ns(pgrp, ns); @@ -492,37 +489,48 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, num_threads = get_nr_threads(task); collect_sigign_sigcatch(task, &sigign, &sigcatch); + rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); + + sid = task_session_nr_ns(task, ns); + ppid = task_tgid_nr_ns(task->real_parent, ns); + pgid = task_pgrp_nr_ns(task, ns); + + unlock_task_sighand(task, &flags); + } + + if (permitted && (!whole || num_threads < 2)) + wchan = get_wchan(task); + + do { + seq++; /* 2 on the 1st/lockless path, otherwise odd */ + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); + cmin_flt = sig->cmin_flt; cmaj_flt = sig->cmaj_flt; cutime = sig->cutime; cstime = sig->cstime; cgtime = sig->cgtime; - rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); - /* add up live thread stats at the group level */ if (whole) { struct task_struct *t = task; + + min_flt = sig->min_flt; + maj_flt = sig->maj_flt; + gtime = sig->gtime; + + rcu_read_lock(); do { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); } while_each_thread(task, t); + rcu_read_unlock(); - min_flt += sig->min_flt; - maj_flt += sig->maj_flt; thread_group_cputime_adjusted(task, &utime, &stime); - gtime += sig->gtime; } + } while (need_seqretry(&sig->stats_lock, seq)); + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); - sid = task_session_nr_ns(task, ns); - ppid = task_tgid_nr_ns(task->real_parent, ns); - pgid = task_pgrp_nr_ns(task, ns); - - unlock_task_sighand(task, &flags); - } - - if (permitted && (!whole || num_threads < 2)) - wchan = get_wchan(task); if (!whole) { min_flt = task->min_flt; maj_flt = task->maj_flt; -- 2.47.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.10.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

by Cliff Liu

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ] Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Reported-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Breno Leitao <leitao(a)debian.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm… Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the powerpc build test. --- arch/powerpc/kernel/rtas.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index 5976a25c6264..a8299981798a 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -16,6 +16,7 @@ #include <linux/capability.h> #include <linux/delay.h> #include <linux/cpu.h> +#include <linux/nospec.h> #include <linux/sched.h> #include <linux/smp.h> #include <linux/completion.h> @@ -1173,6 +1174,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) || nargs + nret > ARRAY_SIZE(args.args)) return -EINVAL; + nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args)); + nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs); + /* Copy in args. */ if (copy_from_user(args.args, uargs->args, nargs * sizeof(rtas_arg_t)) != 0) -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.6.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

by Cliff Liu

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ] Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Reported-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Breno Leitao <leitao(a)debian.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm… [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the powerpc build test. --- arch/powerpc/kernel/rtas.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index 46b9476d7582..dc294c95da21 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -18,6 +18,7 @@ #include <linux/kernel.h> #include <linux/lockdep.h> #include <linux/memblock.h> +#include <linux/nospec.h> #include <linux/of.h> #include <linux/of_fdt.h> #include <linux/reboot.h> @@ -1839,6 +1840,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) || nargs + nret > ARRAY_SIZE(args.args)) return -EINVAL; + nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args)); + nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs); + /* Copy in args. */ if (copy_from_user(args.args, uargs->args, nargs * sizeof(rtas_arg_t)) != 0) -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.15.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

by Cliff Liu

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ] Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Reported-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Breno Leitao <leitao(a)debian.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm… [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the powerpc build test. --- arch/powerpc/kernel/rtas.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index d01a0ad57e38..f2378f51cbed 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -16,6 +16,7 @@ #include <linux/capability.h> #include <linux/delay.h> #include <linux/cpu.h> +#include <linux/nospec.h> #include <linux/sched.h> #include <linux/smp.h> #include <linux/completion.h> @@ -1076,6 +1077,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) || nargs + nret > ARRAY_SIZE(args.args)) return -EINVAL; + nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args)); + nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs); + /* Copy in args. */ if (copy_from_user(args.args, uargs->args, nargs * sizeof(rtas_arg_t)) != 0) -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.1.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

by Cliff Liu

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ] Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Reported-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Breno Leitao <leitao(a)debian.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm… [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the powerpc build test. --- arch/powerpc/kernel/rtas.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index f8d3caad4cf3..3c06c8389e05 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -25,6 +25,7 @@ #include <linux/reboot.h> #include <linux/security.h> #include <linux/syscalls.h> +#include <linux/nospec.h> #include <linux/of.h> #include <linux/of_fdt.h> @@ -1178,6 +1179,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) || nargs + nret > ARRAY_SIZE(args.args)) return -EINVAL; + nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args)); + nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs); + /* Copy in args. */ if (copy_from_user(args.args, uargs->args, nargs * sizeof(rtas_arg_t)) != 0) -- 2.34.1

6 months, 2 weeks

2
1
0 0

INHERITANCE FUNDS

by Hendrick John Neverett

We are writing to inform you that you have been identified as the sole beneficiary of a substantial inheritance left by a deceased relative, who was a client of our firm. The estate is valued at USD$6,500,000.00, and we are handling the legal proceedings to transfer the funds to you. Please reply for more details.

6 months, 2 weeks

1
0
0 0

[PATCH v1] gpio: pca953x: fix IRQ storm on system wake up

by Francesco Dolcini

From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> If an input changes state during wake-up and is used as an interrupt source, the IRQ handler reads the volatile input register to clear the interrupt mask and deassert the IRQ line. However, the IRQ handler is triggered before access to the register is granted, causing the read operation to fail. As a result, the IRQ handler enters a loop, repeatedly printing the "failed reading register" message, until `pca953x_resume` is eventually called, which restores the driver context and enables access to registers. Fix by using DEFINE_NOIRQ_DEV_PM_OPS which ensures that `pca953x_resume` is called before the IRQ handler is called. Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- drivers/gpio/gpio-pca953x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index d63c1030e6ac..d39bdc125cfc 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -1252,7 +1252,7 @@ static int pca953x_resume(struct device *dev) return ret; } -static DEFINE_SIMPLE_DEV_PM_OPS(pca953x_pm_ops, pca953x_suspend, pca953x_resume); +static DEFINE_NOIRQ_DEV_PM_OPS(pca953x_pm_ops, pca953x_suspend, pca953x_resume); /* convenience to stop overlong match-table lines */ #define OF_653X(__nrgpio, __int) ((void *)(__nrgpio | PCAL653X_TYPE | __int)) -- 2.39.5

6 months, 2 weeks

4
6
0 0

[for-linus][PATCH 7/7] rv: Fix out-of-bound memory access in rv_is_container_monitor()

by Steven Rostedt

From: Nam Cao <namcao(a)linutronix.de> When rv_is_container_monitor() is called on the last monitor in rv_monitors_list, KASAN yells: BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110 Read of size 8 at addr ffffffff97c7c798 by task setup/221 The buggy address belongs to the variable: rv_monitors_list+0x18/0x40 This is due to list_next_entry() is called on the last entry in the list. It wraps around to the first list_head, and the first list_head is not embedded in struct rv_monitor_def. Fix it by checking if the monitor is last in the list. Cc: stable(a)vger.kernel.org Cc: Gabriele Monaco <gmonaco(a)redhat.com> Fixes: cb85c660fcd4 ("rv: Add option for nested monitors and include sched") Link: https://lore.kernel.org/e85b5eeb7228bfc23b8d7d4ab5411472c54ae91b.1744355018… Signed-off-by: Nam Cao <namcao(a)linutronix.de> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/rv/rv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/rv/rv.c b/kernel/trace/rv/rv.c index 968c5c3b0246..e4077500a91d 100644 --- a/kernel/trace/rv/rv.c +++ b/kernel/trace/rv/rv.c @@ -225,7 +225,12 @@ bool rv_is_nested_monitor(struct rv_monitor_def *mdef) */ bool rv_is_container_monitor(struct rv_monitor_def *mdef) { - struct rv_monitor_def *next = list_next_entry(mdef, list); + struct rv_monitor_def *next; + + if (list_is_last(&mdef->list, &rv_monitors_list)) + return false; + + next = list_next_entry(mdef, list); return next->parent == mdef->monitor || !mdef->monitor->enable; } -- 2.47.2

6 months, 2 weeks

1
0
0 0

[for-linus][PATCH 3/7] ftrace: Properly merge notrace hashes

by Steven Rostedt

From: Andy Chiu <andybnac(a)gmail.com> The global notrace hash should be jointly decided by the intersection of each subops's notrace hash, but not the filter hash. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250408160258.48563-1-andybnac@gmail.com Fixes: 5fccc7552ccb ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Andy Chiu <andybnac(a)gmail.com> [ fixed removing of freeing of filter_hash ] Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 1a48aedb5255..8939eeebb02e 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -3526,16 +3526,16 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int ftrace_hash_empty(subops->func_hash->notrace_hash)) { notrace_hash = EMPTY_HASH; } else { - size_bits = max(ops->func_hash->filter_hash->size_bits, - subops->func_hash->filter_hash->size_bits); + size_bits = max(ops->func_hash->notrace_hash->size_bits, + subops->func_hash->notrace_hash->size_bits); notrace_hash = alloc_ftrace_hash(size_bits); if (!notrace_hash) { free_ftrace_hash(filter_hash); return -ENOMEM; } - ret = intersect_hash(&notrace_hash, ops->func_hash->filter_hash, - subops->func_hash->filter_hash); + ret = intersect_hash(&notrace_hash, ops->func_hash->notrace_hash, + subops->func_hash->notrace_hash); if (ret < 0) { free_ftrace_hash(filter_hash); free_ftrace_hash(notrace_hash); -- 2.47.2

6 months, 2 weeks

1
0
0 0

[for-linus][PATCH 2/7] tracing: Do not add length to print format in synthetic events

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The following causes a vsnprintf fault: # echo 's:wake_lat char[] wakee; u64 delta;' >> /sys/kernel/tracing/dynamic_events # echo 'hist:keys=pid:ts=common_timestamp.usecs if !(common_flags & 0x18)' > /sys/kernel/tracing/events/sched/sched_waking/trigger # echo 'hist:keys=next_pid:delta=common_timestamp.usecs-$ts:onmatch(sched.sched_waking).trace(wake_lat,next_comm,$delta)' > /sys/kernel/tracing/events/sched/sched_switch/trigger Because the synthetic event's "wakee" field is created as a dynamic string (even though the string copied is not). The print format to print the dynamic string changed from "%*s" to "%s" because another location (__set_synth_event_print_fmt()) exported this to user space, and user space did not need that. But it is still used in print_synth_event(), and the output looks like: <idle>-0 [001] d..5. 193.428167: wake_lat: wakee=(efault)sshd-sessiondelta=155 sshd-session-879 [001] d..5. 193.811080: wake_lat: wakee=(efault)kworker/u34:5delta=58 <idle>-0 [002] d..5. 193.811198: wake_lat: wakee=(efault)bashdelta=91 bash-880 [002] d..5. 193.811371: wake_lat: wakee=(efault)kworker/u35:2delta=21 <idle>-0 [001] d..5. 193.811516: wake_lat: wakee=(efault)sshd-sessiondelta=129 sshd-session-879 [001] d..5. 193.967576: wake_lat: wakee=(efault)kworker/u34:5delta=50 The length isn't needed as the string is always nul terminated. Just print the string and not add the length (which was hard coded to the max string length anyway). Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Tom Zanussi <zanussi(a)kernel.org> Cc: Douglas Raillard <douglas.raillard(a)arm.com> Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Link: https://lore.kernel.org/20250407154139.69955768@gandalf.local.home Fixes: 4d38328eb442d ("tracing: Fix synth event printk format for str fields"); Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_synth.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c index 969f48742d72..33cfbd4ed76d 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -370,7 +370,6 @@ static enum print_line_t print_synth_event(struct trace_iterator *iter, union trace_synth_field *data = &entry->fields[n_u64]; trace_seq_printf(s, print_fmt, se->fields[i]->name, - STR_VAR_LEN_MAX, (char *)entry + data->as_dynamic.offset, i == se->n_fields - 1 ? "" : " "); n_u64++; -- 2.47.2

6 months, 2 weeks

1
0
0 0

[PATCH 1/1] usb: ueagle-atm: wait for a firmware upload to complete

by Andrey Tsygunka

Syzkaller reported: sysfs group 'power' not found for kobject 'ueagle-atm!adi930.fw' WARNING: CPU: 1 PID: 6804 at fs/sysfs/group.c:278 sysfs_remove_group+0x120/0x170 fs/sysfs/group.c:278 Modules linked in: CPU: 1 PID: 6804 Comm: kworker/1:5 Not tainted 6.1.128 #1 Hardware name: linux,dummy-virt (DT) Workqueue: events request_firmware_work_func Call trace: sysfs_remove_group+0x120/0x170 fs/sysfs/group.c:278 dpm_sysfs_remove+0x9c/0xc0 drivers/base/power/sysfs.c:837 device_del+0x1e0/0xb30 drivers/base/core.c:3861 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:120 [inline] fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:158 [inline] firmware_fallback_sysfs+0x880/0xa30 drivers/base/firmware_loader/fallback.c:234 _request_firmware+0xcc0/0x1030 drivers/base/firmware_loader/main.c:884 request_firmware_work_func+0xf0/0x240 drivers/base/firmware_loader/main.c:1135 process_one_work+0x878/0x1770 kernel/workqueue.c:2292 worker_thread+0x48c/0xe40 kernel/workqueue.c:2439 kthread+0x274/0x2e0 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 When calling the usb-device probe() method, request_firmware_nowait() is called, an async task is created that creates a child device to load the firmware and waits (fw_sysfs_wait_timeout()) for the firmware to be ready. If an async disconnect event occurs for usb-device while waiting, we may get a WARN() when calling firmware_fallback_sysfs() about "no sysfs group 'power' found for kobject" because it was removed by usb_disconnect(). To avoid this, add a routine to wait for the firmware loading process to complete to prevent premature device disconnection. Fixes: b72458a80c75 ("[PATCH] USB: Eagle and ADI 930 usb adsl modem driver") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Tsygunka <aitsygunka(a)yandex.ru> --- drivers/usb/atm/ueagle-atm.c | 40 +++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/drivers/usb/atm/ueagle-atm.c b/drivers/usb/atm/ueagle-atm.c index cd0f7b4bd82a..eaa5ad316d89 100644 --- a/drivers/usb/atm/ueagle-atm.c +++ b/drivers/usb/atm/ueagle-atm.c @@ -570,6 +570,12 @@ MODULE_PARM_DESC(annex, #define LOAD_INTERNAL 0xA0 #define F8051_USBCS 0x7f92 +struct uea_interface_data { + struct completion fw_upload_complete; + struct usb_device *usb; + struct usb_interface *intf; +}; + /* * uea_send_modem_cmd - Send a command for pre-firmware devices. */ @@ -599,7 +605,8 @@ static int uea_send_modem_cmd(struct usb_device *usb, static void uea_upload_pre_firmware(const struct firmware *fw_entry, void *context) { - struct usb_device *usb = context; + struct uea_interface_data *uea_intf_data = context; + struct usb_device *usb = uea_intf_data->usb; const u8 *pfw; u8 value; u32 crc = 0; @@ -669,15 +676,17 @@ static void uea_upload_pre_firmware(const struct firmware *fw_entry, uea_err(usb, "firmware is corrupted\n"); err: release_firmware(fw_entry); + complete(&uea_intf_data->fw_upload_complete); uea_leaves(usb); } /* * uea_load_firmware - Load usb firmware for pre-firmware devices. */ -static int uea_load_firmware(struct usb_device *usb, unsigned int ver) +static int uea_load_firmware(struct uea_interface_data *uea_intf_data, unsigned int ver) { int ret; + struct usb_device *usb = uea_intf_data->usb; char *fw_name = EAGLE_FIRMWARE; uea_enters(usb); @@ -702,7 +711,7 @@ static int uea_load_firmware(struct usb_device *usb, unsigned int ver) } ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev, - GFP_KERNEL, usb, + GFP_KERNEL, uea_intf_data, uea_upload_pre_firmware); if (ret) uea_err(usb, "firmware %s is not available\n", fw_name); @@ -2586,6 +2595,7 @@ static struct usbatm_driver uea_usbatm_driver = { static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id) { struct usb_device *usb = interface_to_usbdev(intf); + struct uea_interface_data *uea_intf_data; int ret; uea_enters(usb); @@ -2597,8 +2607,23 @@ static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id) usb_reset_device(usb); - if (UEA_IS_PREFIRM(id)) - return uea_load_firmware(usb, UEA_CHIP_VERSION(id)); + if (UEA_IS_PREFIRM(id)) { + uea_intf_data = devm_kzalloc(&usb->dev, sizeof(*uea_intf_data), GFP_KERNEL); + if (!uea_intf_data) + return -ENOMEM; + + init_completion(&uea_intf_data->fw_upload_complete); + uea_intf_data->usb = usb; + uea_intf_data->intf = intf; + + usb_set_intfdata(intf, uea_intf_data); + + ret = uea_load_firmware(uea_intf_data, UEA_CHIP_VERSION(id)); + if (ret) + complete(&uea_intf_data->fw_upload_complete); + + return ret; + } ret = usbatm_usb_probe(intf, id, &uea_usbatm_driver); if (ret == 0) { @@ -2618,6 +2643,7 @@ static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id) static void uea_disconnect(struct usb_interface *intf) { struct usb_device *usb = interface_to_usbdev(intf); + struct uea_interface_data *uea_intf_data; int ifnum = intf->altsetting->desc.bInterfaceNumber; uea_enters(usb); @@ -2629,6 +2655,10 @@ static void uea_disconnect(struct usb_interface *intf) usbatm_usb_disconnect(intf); mutex_unlock(&uea_mutex); uea_info(usb, "ADSL device removed\n"); + } else { + uea_intf_data = usb_get_intfdata(intf); + uea_info(usb, "wait for completion uploading firmware\n"); + wait_for_completion(&uea_intf_data->fw_upload_complete); } uea_leaves(usb); -- 2.25.1

6 months, 2 weeks

2
1
0 0

[PATCH v8] KEYS: Add a list for unreferenced keys

by Jarkko Sakkinen

From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> Add an isolated list of unreferenced keys to be queued for deletion, and try to pin the keys in the garbage collector before processing anything. Skip unpinnable keys. Use this list for blocking the reaping process during the teardown: 1. First off, the keys added to `keys_graveyard` are snapshotted, and the list is flushed. This the very last step in `key_put()`. 2. `key_put()` reaches zero. This will mark key as busy for the garbage collector. 3. `key_garbage_collector()` will try to increase refcount, which won't go above zero. Whenever this happens, the key will be skipped. Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> --- v8: - One more rebasing error (2x list_splice_init, reported by Marek Szyprowski) v7: - Fixed multiple definitions (from rebasing). v6: - Rebase went wrong in v5. v5: - Rebased on top of v6.15-rc - Updated commit message to explain how spin lock and refcount isolate the time window in key_put(). v4: - Pin the key while processing key type teardown. Skip dead keys. - Revert key_gc_graveyard back key_gc_unused_keys. - Rewrote the commit message. - "unsigned long flags" declaration somehow did make to the previous patch (sorry). v3: - Using spin_lock() fails since key_put() is executed inside IRQs. Using spin_lock_irqsave() would neither work given the lock is acquired for /proc/keys. Therefore, separate the lock for graveyard and key_graveyard before reaping key_serial_tree. v2: - Rename key_gc_unused_keys as key_gc_graveyard, and re-document the function. --- include/linux/key.h | 7 ++----- security/keys/gc.c | 36 ++++++++++++++++++++---------------- security/keys/internal.h | 5 +++++ security/keys/key.c | 7 +++++-- 4 files changed, 32 insertions(+), 23 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index ba05de8579ec..c50659184bdf 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -195,10 +195,8 @@ enum key_state { struct key { refcount_t usage; /* number of references */ key_serial_t serial; /* key serial number */ - union { - struct list_head graveyard_link; - struct rb_node serial_node; - }; + struct list_head graveyard_link; /* key->usage == 0 */ + struct rb_node serial_node; #ifdef CONFIG_KEY_NOTIFICATIONS struct watch_list *watchers; /* Entities watching this key for changes */ #endif @@ -236,7 +234,6 @@ struct key { #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ -#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */ /* the key type and key description string * - the desc is used to match a key against search criteria diff --git a/security/keys/gc.c b/security/keys/gc.c index f27223ea4578..9ccd8ee6fcdb 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -189,6 +189,7 @@ static void key_garbage_collector(struct work_struct *work) struct rb_node *cursor; struct key *key; time64_t new_timer, limit, expiry; + unsigned long flags; kenter("[%lx,%x]", key_gc_flags, gc_state); @@ -206,21 +207,35 @@ static void key_garbage_collector(struct work_struct *work) new_timer = TIME64_MAX; + spin_lock_irqsave(&key_graveyard_lock, flags); + list_splice_init(&key_graveyard, &graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); + + list_for_each_entry(key, &graveyard, graveyard_link) { + spin_lock(&key_serial_lock); + kdebug("unrefd key %d", key->serial); + rb_erase(&key->serial_node, &key_serial_tree); + spin_unlock(&key_serial_lock); + } + /* As only this function is permitted to remove things from the key * serial tree, if cursor is non-NULL then it will always point to a * valid node in the tree - even if lock got dropped. */ spin_lock(&key_serial_lock); + key = NULL; cursor = rb_first(&key_serial_tree); continue_scanning: + key_put(key); while (cursor) { key = rb_entry(cursor, struct key, serial_node); cursor = rb_next(cursor); - - if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) { - smp_mb(); /* Clobber key->user after FINAL_PUT seen. */ - goto found_unreferenced_key; + /* key_get(), unless zero: */ + if (!refcount_inc_not_zero(&key->usage)) { + key = NULL; + gc_state |= KEY_GC_REAP_AGAIN; + goto skip_dead_key; } if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { @@ -274,6 +289,7 @@ static void key_garbage_collector(struct work_struct *work) spin_lock(&key_serial_lock); goto continue_scanning; } + key_put(key); /* We've completed the pass. Set the timer if we need to and queue a * new cycle if necessary. We keep executing cycles until we find one @@ -328,18 +344,6 @@ static void key_garbage_collector(struct work_struct *work) kleave(" [end %x]", gc_state); return; - /* We found an unreferenced key - once we've removed it from the tree, - * we can safely drop the lock. - */ -found_unreferenced_key: - kdebug("unrefd key %d", key->serial); - rb_erase(&key->serial_node, &key_serial_tree); - spin_unlock(&key_serial_lock); - - list_add_tail(&key->graveyard_link, &graveyard); - gc_state |= KEY_GC_REAP_AGAIN; - goto maybe_resched; - /* We found a restricted keyring and need to update the restriction if * it is associated with the dead key type. */ diff --git a/security/keys/internal.h b/security/keys/internal.h index 2cffa6dc8255..4e3d9b322390 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -63,9 +63,14 @@ struct key_user { int qnbytes; /* number of bytes allocated to this user */ }; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; + extern struct rb_root key_user_tree; extern spinlock_t key_user_lock; extern struct key_user root_key_user; +extern struct list_head key_graveyard; +extern spinlock_t key_graveyard_lock; extern struct key_user *key_user_lookup(kuid_t uid); extern void key_user_put(struct key_user *user); diff --git a/security/keys/key.c b/security/keys/key.c index 7198cd2ac3a3..7511f2017b6b 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -22,6 +22,8 @@ DEFINE_SPINLOCK(key_serial_lock); struct rb_root key_user_tree; /* tree of quota records indexed by UID */ DEFINE_SPINLOCK(key_user_lock); +LIST_HEAD(key_graveyard); +DEFINE_SPINLOCK(key_graveyard_lock); unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */ unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */ @@ -658,8 +660,9 @@ void key_put(struct key *key) key->user->qnbytes -= key->quotalen; spin_unlock_irqrestore(&key->user->lock, flags); } - smp_mb(); /* key->user before FINAL_PUT set. */ - set_bit(KEY_FLAG_FINAL_PUT, &key->flags); + spin_lock_irqsave(&key_graveyard_lock, flags); + list_add_tail(&key->graveyard_link, &key_graveyard); + spin_unlock_irqrestore(&key_graveyard_lock, flags); schedule_work(&key_gc_work); } } -- 2.39.5

6 months, 2 weeks

2
7
0 0

Missing paravirt backport in 6.12.23

by Ike Devolder

Hi, Can I report an issue with 6.12 LTS? This backport in 6.12.23 [805e3ce5e0e32b31dcecc0774c57c17a1f13cef6][1] also needs this upstream commit as well [22cc5ca5de52bbfc36a7d4a55323f91fb4492264][2] If it is missing and you don't have XEN enabled the build fails: ``` arch/x86/coco/tdx/tdx.c:1080:13: error: no member named 'safe_halt' in 'struct pv_irq_ops' 1080 | pv_ops.irq.safe_halt = tdx_safe_halt; | ~~~~~~~~~~ ^ arch/x86/coco/tdx/tdx.c:1081:13: error: no member named 'halt' in 'struct pv_irq_ops' 1081 | pv_ops.irq.halt = tdx_halt; | ~~~~~~~~~~ ^ 2 errors generated. make[5]: *** [scripts/Makefile.build:229: arch/x86/coco/tdx/tdx.o] Error 1 make[4]: *** [scripts/Makefile.build:478: arch/x86/coco/tdx] Error 2 make[3]: *** [scripts/Makefile.build:478: arch/x86/coco] Error 2 make[2]: *** [scripts/Makefile.build:478: arch/x86] Error 2 ``` To make it work I have added the backport of [805e3ce5e0e32b31dcecc0774c57c17a1f13cef6][1] as patch in my local build[3]. Best regards, Ike [1]: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit… [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [3]: https://gitlab.com/herecura/packages/linux-bede-lts/-/blob/0d7e313f13fdae9b…

6 months, 2 weeks

2
1
0 0

[PATCH v2 0/2] J722S: Disable WIZ0 and WIZ1 in SoC file

by Siddharth Vadapalli

Hello, This series disables the "serdes_wiz0" and "serdes_wiz1" device-tree nodes in the J722S SoC file and enables them in the board files where they are required along with "serdes0" and "serdes1". There are two reasons behind this change: 1. To follow the existing convention of disabling nodes in the SoC file and enabling them in the board file as required. 2. To address situations where a board file hasn't explicitly disabled "serdes_wiz0" and "serdes_wiz1" (example: am67a-beagley-ai.dts) as a result of which booting the board displays the following errors: wiz bus@f0000:phy@f000000: probe with driver wiz failed with error -12 ... wiz bus@f0000:phy@f010000: probe with driver wiz failed with error -12 Series is based on linux-next tagged next-20250408. v1 of this series is at: https://lore.kernel.org/r/20250408060636.3413856-1-s-vadapalli@ti.com/ Changes since v1: - Added "Fixes" tag and updated commit message accordingly. Regards, Siddharth. Siddharth Vadapalli (2): arm64: dts: ti: k3-j722s-evm: Enable "serdes_wiz0" and "serdes_wiz1" arm64: dts: ti: k3-j722s-main: Disable "serdes_wiz0" and "serdes_wiz1" arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 8 ++++++++ arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 4 ++++ 2 files changed, 12 insertions(+) -- 2.34.1

6 months, 2 weeks

2
7
0 0

[merged mm-hotfixes-stable] mm-fix-apply_to_existing_page_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix apply_to_existing_page_range() has been removed from the -mm tree. Its filename was mm-fix-apply_to_existing_page_range.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm: fix apply_to_existing_page_range() Date: Wed, 9 Apr 2025 12:40:43 +0300 In the case of apply_to_existing_page_range(), apply_to_pte_range() is reached with 'create' set to false. When !create, the loop over the PTE page table is broken. apply_to_pte_range() will only move to the next PTE entry if 'create' is true or if the current entry is not pte_none(). This means that the user of apply_to_existing_page_range() will not have 'fn' called for any entries after the first pte_none() in the PTE page table. Fix the loop logic in apply_to_pte_range(). There are no known runtime issues from this, but the fix is trivial enough for stable@ even without a known buggy user. Link: https://lkml.kernel.org/r/20250409094043.1629234-1-kirill.shutemov@linux.in… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: be1db4753ee6 ("mm/memory.c: add apply_to_existing_page_range() helper") Cc: Daniel Axtens <dja(a)axtens.net> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/memory.c~mm-fix-apply_to_existing_page_range +++ a/mm/memory.c @@ -2938,11 +2938,11 @@ static int apply_to_pte_range(struct mm_ if (fn) { do { if (create || !pte_none(ptep_get(pte))) { - err = fn(pte++, addr, data); + err = fn(pte, addr, data); if (err) break; } - } while (addr += PAGE_SIZE, addr != end); + } while (pte++, addr += PAGE_SIZE, addr != end); } *mask |= PGTBL_PTE_MODIFIED; _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-page_alloc-fix-deadlock-on-cpu_hotplug_lock-in-__accept_page.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate has been removed from the -mm tree. Its filename was alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "T.J. Mercier" <tjmercier(a)google.com> Subject: alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate Date: Wed, 9 Apr 2025 22:51:11 +0000 alloc_pages_bulk_node() may partially succeed and allocate fewer than the requested nr_pages. There are several conditions under which this can occur, but we have encountered the case where CONFIG_PAGE_OWNER is enabled causing all bulk allocations to always fallback to single page allocations due to commit 187ad460b841 ("mm/page_alloc: avoid page allocator recursion with pagesets.lock held"). Currently vm_module_tags_populate() immediately fails when alloc_pages_bulk_node() returns fewer than the requested number of pages. When this happens memory allocation profiling gets disabled, for example [ 14.297583] [9: modprobe: 465] Failed to allocate memory for allocation tags in the module scsc_wlan. Memory allocation profiling is disabled! [ 14.299339] [9: modprobe: 465] modprobe: Failed to insmod '/vendor/lib/modules/scsc_wlan.ko' with args '': Out of memory This patch causes vm_module_tags_populate() to retry bulk allocations for the remaining memory instead of failing immediately which will avoid the disablement of memory allocation profiling. Link: https://lkml.kernel.org/r/20250409225111.3770347-1-tjmercier@google.com Fixes: 0f9b685626da ("alloc_tag: populate memory for module tags as needed") Signed-off-by: T.J. Mercier <tjmercier(a)google.com> Reported-by: Janghyuck Kim <janghyuck.kim(a)samsung.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) --- a/lib/alloc_tag.c~alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate +++ a/lib/alloc_tag.c @@ -422,11 +422,20 @@ static int vm_module_tags_populate(void) unsigned long old_shadow_end = ALIGN(phys_end, MODULE_ALIGN); unsigned long new_shadow_end = ALIGN(new_end, MODULE_ALIGN); unsigned long more_pages; - unsigned long nr; + unsigned long nr = 0; more_pages = ALIGN(new_end - phys_end, PAGE_SIZE) >> PAGE_SHIFT; - nr = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN, - NUMA_NO_NODE, more_pages, next_page); + while (nr < more_pages) { + unsigned long allocated; + + allocated = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN, + NUMA_NO_NODE, more_pages - nr, next_page + nr); + + if (!allocated) + break; + nr += allocated; + } + if (nr < more_pages || vmap_pages_range(phys_end, phys_end + (nr << PAGE_SHIFT), PAGE_KERNEL, next_page, PAGE_SHIFT) < 0) { _ Patches currently in -mm which might be from tjmercier(a)google.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix filemap_get_folios_contig returning batches of identical folios has been removed from the -mm tree. Its filename was mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm: fix filemap_get_folios_contig returning batches of identical folios Date: Thu, 3 Apr 2025 16:54:17 -0700 filemap_get_folios_contig() is supposed to return distinct folios found within [start, end]. Large folios in the Xarray become multi-index entries. xas_next() can iterate through the sub-indexes before finding a sibling entry and breaking out of the loop. This can result in a returned folio_batch containing an indeterminate number of duplicate folios, which forces the callers to skeptically handle the returned batch. This is inefficient and incurs a large maintenance overhead. We can fix this by calling xas_advance() after we have successfully adding a folio to the batch to ensure our Xarray is positioned such that it will correctly find the next folio - similar to filemap_get_read_batch(). Link: https://lkml.kernel.org/r/Z-8s1-kiIDkzgRbc@fedora Fixes: 35b471467f88 ("filemap: add filemap_get_folios_contig()") Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Reported-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com> Closes: https://lkml.kernel.org/r/b714e4de-2583-4035-b829-72cfb5eb6fc6@gmx.com Tested-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/filemap.c~mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios +++ a/mm/filemap.c @@ -2244,6 +2244,7 @@ unsigned filemap_get_folios_contig(struc *start = folio->index + nr; goto out; } + xas_advance(&xas, folio_next_index(folio) - 1); continue; put_folio: folio_put(folio); _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are mm-compaction-use-folio-in-hugetlb-pathway.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk() has been removed from the -mm tree. Its filename was mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk() Date: Mon, 7 Apr 2025 14:01:53 -0400 The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") as the root cause of a 56.4% regression in vm-scalability::lru-file-mmap-read. Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion"), as the root cause for a regression in worst-case zone->lock+irqoff hold times. Both of these patches modify the page allocator's fallback path to be less greedy in an effort to stave off fragmentation. The flip side of this is that fallbacks are also less productive each time around, which means the fallback search can run much more frequently. Carlos' traces point to rmqueue_bulk() specifically, which tries to refill the percpu cache by allocating a large batch of pages in a loop. It highlights how once the native freelists are exhausted, the fallback code first scans orders top-down for whole blocks to claim, then falls back to a bottom-up search for the smallest buddy to steal. For the next batch page, it goes through the same thing again. This can be made more efficient. Since rmqueue_bulk() holds the zone->lock over the entire batch, the freelists are not subject to outside changes; when the search for a block to claim has already failed, there is no point in trying again for the next page. Modify __rmqueue() to remember the last successful fallback mode, and restart directly from there on the next rmqueue_bulk() iteration. Oliver confirms that this improves beyond the regression that the test robot reported against c2f6ea38fc1b: commit: f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap") c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy") acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") 2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5 ---------------- --------------------------- --------------------------- --------------------------- %stddev %change %stddev %change %stddev %change %stddev \ | \ | \ | \ 25525364 �� 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput Carlos confirms that worst-case times are almost fully recovered compared to before the earlier culprit patch: 2dd482ba627d (before freelist hygiene): 1ms c0cd6f557b90 (after freelist hygiene): 90ms next-20250319 (steal smallest buddy): 280ms this patch : 8ms [jackmanb(a)google.com: comment updates] Link: https://lkml.kernel.org/r/D92AC0P9594X.3BML64MUKTF8Z@google.com [hannes(a)cmpxchg.org: reset rmqueue_mode in rmqueue_buddy() error loop, per Yunsheng Lin] Link: https://lkml.kernel.org/r/20250409140023.GA2313@cmpxchg.org Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion") Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Brendan Jackman <jackmanb(a)google.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Reported-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: Carlos Song <carlos.song(a)nxp.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com Reviewed-by: Brendan Jackman <jackmanb(a)google.com> Tested-by: Shivank Garg <shivankg(a)amd.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 113 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 79 insertions(+), 34 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk +++ a/mm/page_alloc.c @@ -2183,23 +2183,15 @@ try_to_claim_block(struct zone *zone, st } /* - * Try finding a free buddy page on the fallback list. - * - * This will attempt to claim a whole pageblock for the requested type - * to ensure grouping of such requests in the future. - * - * If a whole block cannot be claimed, steal an individual page, regressing to - * __rmqueue_smallest() logic to at least break up as little contiguity as - * possible. + * Try to allocate from some fallback migratetype by claiming the entire block, + * i.e. converting it to the allocation's start migratetype. * * The use of signed ints for order and current_order is a deliberate * deviation from the rest of this file, to make the for loop * condition simpler. - * - * Return the stolen page, or NULL if none can be found. */ static __always_inline struct page * -__rmqueue_fallback(struct zone *zone, int order, int start_migratetype, +__rmqueue_claim(struct zone *zone, int order, int start_migratetype, unsigned int alloc_flags) { struct free_area *area; @@ -2237,14 +2229,29 @@ __rmqueue_fallback(struct zone *zone, in page = try_to_claim_block(zone, page, current_order, order, start_migratetype, fallback_mt, alloc_flags); - if (page) - goto got_one; + if (page) { + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; + } } - if (alloc_flags & ALLOC_NOFRAGMENT) - return NULL; + return NULL; +} + +/* + * Try to steal a single page from some fallback migratetype. Leave the rest of + * the block as its current migratetype, potentially causing fragmentation. + */ +static __always_inline struct page * +__rmqueue_steal(struct zone *zone, int order, int start_migratetype) +{ + struct free_area *area; + int current_order; + struct page *page; + int fallback_mt; + bool claim_block; - /* No luck claiming pageblock. Find the smallest fallback page */ for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) { area = &(zone->free_area[current_order]); fallback_mt = find_suitable_fallback(area, current_order, @@ -2254,25 +2261,28 @@ __rmqueue_fallback(struct zone *zone, in page = get_page_from_free_area(area, fallback_mt); page_del_and_expand(zone, page, order, current_order, fallback_mt); - goto got_one; + trace_mm_page_alloc_extfrag(page, order, current_order, + start_migratetype, fallback_mt); + return page; } return NULL; - -got_one: - trace_mm_page_alloc_extfrag(page, order, current_order, - start_migratetype, fallback_mt); - - return page; } +enum rmqueue_mode { + RMQUEUE_NORMAL, + RMQUEUE_CMA, + RMQUEUE_CLAIM, + RMQUEUE_STEAL, +}; + /* * Do the hard work of removing an element from the buddy allocator. * Call me with the zone->lock already held. */ static __always_inline struct page * __rmqueue(struct zone *zone, unsigned int order, int migratetype, - unsigned int alloc_flags) + unsigned int alloc_flags, enum rmqueue_mode *mode) { struct page *page; @@ -2291,16 +2301,48 @@ __rmqueue(struct zone *zone, unsigned in } } - page = __rmqueue_smallest(zone, order, migratetype); - if (unlikely(!page)) { - if (alloc_flags & ALLOC_CMA) + /* + * First try the freelists of the requested migratetype, then try + * fallbacks modes with increasing levels of fragmentation risk. + * + * The fallback logic is expensive and rmqueue_bulk() calls in + * a loop with the zone->lock held, meaning the freelists are + * not subject to any outside changes. Remember in *mode where + * we found pay dirt, to save us the search on the next call. + */ + switch (*mode) { + case RMQUEUE_NORMAL: + page = __rmqueue_smallest(zone, order, migratetype); + if (page) + return page; + fallthrough; + case RMQUEUE_CMA: + if (alloc_flags & ALLOC_CMA) { page = __rmqueue_cma_fallback(zone, order); - - if (!page) - page = __rmqueue_fallback(zone, order, migratetype, - alloc_flags); + if (page) { + *mode = RMQUEUE_CMA; + return page; + } + } + fallthrough; + case RMQUEUE_CLAIM: + page = __rmqueue_claim(zone, order, migratetype, alloc_flags); + if (page) { + /* Replenished preferred freelist, back to normal mode. */ + *mode = RMQUEUE_NORMAL; + return page; + } + fallthrough; + case RMQUEUE_STEAL: + if (!(alloc_flags & ALLOC_NOFRAGMENT)) { + page = __rmqueue_steal(zone, order, migratetype); + if (page) { + *mode = RMQUEUE_STEAL; + return page; + } + } } - return page; + return NULL; } /* @@ -2312,6 +2354,7 @@ static int rmqueue_bulk(struct zone *zon unsigned long count, struct list_head *list, int migratetype, unsigned int alloc_flags) { + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; unsigned long flags; int i; @@ -2323,7 +2366,7 @@ static int rmqueue_bulk(struct zone *zon } for (i = 0; i < count; ++i) { struct page *page = __rmqueue(zone, order, migratetype, - alloc_flags); + alloc_flags, &rmqm); if (unlikely(page == NULL)) break; @@ -2948,7 +2991,9 @@ struct page *rmqueue_buddy(struct zone * if (alloc_flags & ALLOC_HIGHATOMIC) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { - page = __rmqueue(zone, order, migratetype, alloc_flags); + enum rmqueue_mode rmqm = RMQUEUE_NORMAL; + + page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm); /* * If the allocation fails, allow OOM handling and _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-page_alloc-tighten-up-find_suitable_fallback.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release has been removed from the -mm tree. Its filename was mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Date: Fri, 21 Mar 2025 10:09:37 +0000 Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anon_vma's, we report this so the caller can handle it. However there are cases where the caller is only ostensibly trying a merge, and doesn't mind if it fails due to this condition. Since we do not want to introduce an implicit assumption that we only actually modify VMAs after OOM conditions might arise, add a 'give up on oom' option and make an explicit contract that, should this flag be set, we absolutely will not modify any VMAs should OOM arise and just bail out. Since it'd be very unusual for a user to try to vma_modify() with this flag set but be specifying a range within a VMA which ends up being split (which can fail due to rlimit issues, not only OOM), we add a debug warning for this condition. The motivating reason for this is uffd release - syzkaller (and Pedro Falcato's VERY astute analysis) found a way in which an injected fault on allocation, triggering an OOM condition on commit merge, would result in uffd code becoming confused and treating an error value as if it were a VMA pointer. To avoid this, we make use of this new VMG flag to ensure that this never occurs, utilising the fact that, should we be clearing entire VMAs, we do not wish an OOM event to be reported to us. Many thanks to Pedro Falcato for his excellent analysis and Jann Horn for his insightful and intelligent analysis of the situation, both of whom were instrumental in this fix. Link: https://lkml.kernel.org/r/20250321100937.46634-1-lorenzo.stoakes@oracle.com Reported-by: syzbot+20ed41006cf9d842c2b5(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67dc67f0.050a0220.25ae54.001e.GAE@google.com/ Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Suggested-by: Pedro Falcato <pfalcato(a)suse.de> Suggested-by: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 13 +++++++++-- mm/vma.c | 51 +++++++++++++++++++++++++++++++++++++++++---- mm/vma.h | 9 +++++++ 3 files changed, 66 insertions(+), 7 deletions(-) --- a/mm/userfaultfd.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/userfaultfd.c @@ -1902,6 +1902,14 @@ struct vm_area_struct *userfaultfd_clear unsigned long end) { struct vm_area_struct *ret; + bool give_up_on_oom = false; + + /* + * If we are modifying only and not splitting, just give up on the merge + * if OOM prevents us from merging successfully. + */ + if (start == vma->vm_start && end == vma->vm_end) + give_up_on_oom = true; /* Reset ptes for the whole vma range if wr-protected */ if (userfaultfd_wp(vma)) @@ -1909,7 +1917,7 @@ struct vm_area_struct *userfaultfd_clear ret = vma_modify_flags_uffd(vmi, prev, vma, start, end, vma->vm_flags & ~__VM_UFFD_FLAGS, - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, give_up_on_oom); /* * In the vma_merge() successful mprotect-like case 8: @@ -1960,7 +1968,8 @@ int userfaultfd_register_range(struct us new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags; vma = vma_modify_flags_uffd(&vmi, prev, vma, start, vma_end, new_flags, - (struct vm_userfaultfd_ctx){ctx}); + (struct vm_userfaultfd_ctx){ctx}, + /* give_up_on_oom = */false); if (IS_ERR(vma)) return PTR_ERR(vma); --- a/mm/vma.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/vma.c @@ -666,6 +666,9 @@ static void vmg_adjust_set_range(struct /* * Actually perform the VMA merge operation. * + * IMPORTANT: We guarantee that, should vmg->give_up_on_oom is set, to not + * modify any VMAs or cause inconsistent state should an OOM condition arise. + * * Returns 0 on success, or an error value on failure. */ static int commit_merge(struct vma_merge_struct *vmg) @@ -685,6 +688,12 @@ static int commit_merge(struct vma_merge init_multi_vma_prep(&vp, vma, vmg); + /* + * If vmg->give_up_on_oom is set, we're safe, because we don't actually + * manipulate any VMAs until we succeed at preallocation. + * + * Past this point, we will not return an error. + */ if (vma_iter_prealloc(vmg->vmi, vma)) return -ENOMEM; @@ -915,7 +924,13 @@ static __must_check struct vm_area_struc if (anon_dup) unlink_anon_vmas(anon_dup); - vmg->state = VMA_MERGE_ERROR_NOMEM; + /* + * We've cleaned up any cloned anon_vma's, no VMAs have been + * modified, no harm no foul if the user requests that we not + * report this and just give up, leaving the VMAs unmerged. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return NULL; } @@ -926,7 +941,15 @@ static __must_check struct vm_area_struc abort: vma_iter_set(vmg->vmi, start); vma_iter_load(vmg->vmi); - vmg->state = VMA_MERGE_ERROR_NOMEM; + + /* + * This means we have failed to clone anon_vma's correctly, but no + * actual changes to VMAs have occurred, so no harm no foul - if the + * user doesn't want this reported and instead just wants to give up on + * the merge, allow it. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return NULL; } @@ -1068,6 +1091,10 @@ int vma_expand(struct vma_merge_struct * /* This should already have been checked by this point. */ VM_WARN_ON_VMG(!can_merge_remove_vma(next), vmg); vma_start_write(next); + /* + * In this case we don't report OOM, so vmg->give_up_on_mm is + * safe. + */ ret = dup_anon_vma(middle, next, &anon_dup); if (ret) return ret; @@ -1090,9 +1117,15 @@ int vma_expand(struct vma_merge_struct * return 0; nomem: - vmg->state = VMA_MERGE_ERROR_NOMEM; if (anon_dup) unlink_anon_vmas(anon_dup); + /* + * If the user requests that we just give upon OOM, we are safe to do so + * here, as commit merge provides this contract to us. Nothing has been + * changed - no harm no foul, just don't report it. + */ + if (!vmg->give_up_on_oom) + vmg->state = VMA_MERGE_ERROR_NOMEM; return -ENOMEM; } @@ -1534,6 +1567,13 @@ static struct vm_area_struct *vma_modify if (vmg_nomem(vmg)) return ERR_PTR(-ENOMEM); + /* + * Split can fail for reasons other than OOM, so if the user requests + * this it's probably a mistake. + */ + VM_WARN_ON(vmg->give_up_on_oom && + (vma->vm_start != start || vma->vm_end != end)); + /* Split any preceding portion of the VMA. */ if (vma->vm_start < start) { int err = split_vma(vmg->vmi, vma, start, 1); @@ -1602,12 +1642,15 @@ struct vm_area_struct struct vm_area_struct *vma, unsigned long start, unsigned long end, unsigned long new_flags, - struct vm_userfaultfd_ctx new_ctx) + struct vm_userfaultfd_ctx new_ctx, + bool give_up_on_oom) { VMG_VMA_STATE(vmg, vmi, prev, vma, start, end); vmg.flags = new_flags; vmg.uffd_ctx = new_ctx; + if (give_up_on_oom) + vmg.give_up_on_oom = true; return vma_modify(&vmg); } --- a/mm/vma.h~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release +++ a/mm/vma.h @@ -114,6 +114,12 @@ struct vma_merge_struct { */ bool just_expand :1; + /* + * If a merge is possible, but an OOM error occurs, give up and don't + * execute the merge, returning NULL. + */ + bool give_up_on_oom :1; + /* Internal flags set during merge process: */ /* @@ -255,7 +261,8 @@ __must_check struct vm_area_struct struct vm_area_struct *vma, unsigned long start, unsigned long end, unsigned long new_flags, - struct vm_userfaultfd_ctx new_ctx); + struct vm_userfaultfd_ctx new_ctx, + bool give_up_on_oom); __must_check struct vm_area_struct *vma_merge_new_range(struct vma_merge_struct *vmg); _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are maintainers-add-memory-advice-section.patch mm-vma-fix-incorrectly-disallowed-anonymous-vma-merges.patch tools-testing-add-procmap_query-helper-functions-in-mm-self-tests.patch tools-testing-selftests-assert-that-anon-merge-cases-behave-as-expected.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: generate a temporary mountpoint for cgroup filesystem has been removed from the -mm tree. Its filename was selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mark Brown <broonie(a)kernel.org> Subject: selftests/mm: generate a temporary mountpoint for cgroup filesystem Date: Fri, 04 Apr 2025 17:42:32 +0100 Currently if the filesystem for the cgroups version it wants to use is not mounted charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh tests will attempt to mount it on the hard coded path /dev/cgroup/memory, deleting that directory when the test finishes. This will fail if there is not a preexisting directory at that path, and since the directory is deleted subsequent runs of the test will fail. Instead of relying on this hard coded directory name use mktemp to generate a temporary directory to use as a mountpoint, fixing both the assumption and the disruption caused by deleting a preexisting directory. This means that if the relevant cgroup filesystem is not already mounted then we rely on having coreutils (which provides mktemp) installed. I suspect that many current users are relying on having things automounted by default, and given that the script relies on bash it's probably not an unreasonable requirement. Link: https://lkml.kernel.org/r/20250404-kselftest-mm-cgroup2-detection-v1-1-3dba… Fixes: 209376ed2a84 ("selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Aishwarya TCV <aishwarya.tcv(a)arm.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Mina Almasry <almasrymina(a)google.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 ++-- tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh~selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem +++ a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh @@ -29,7 +29,7 @@ fi if [[ $cgroup2 ]]; then cgroup_path=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then - cgroup_path=/dev/cgroup/memory + cgroup_path=$(mktemp -d) mount -t cgroup2 none $cgroup_path do_umount=1 fi @@ -37,7 +37,7 @@ if [[ $cgroup2 ]]; then else cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}') if [[ -z "$cgroup_path" ]]; then - cgroup_path=/dev/cgroup/memory + cgroup_path=$(mktemp -d) mount -t cgroup memory,hugetlb $cgroup_path do_umount=1 fi --- a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh~selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem +++ a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh @@ -23,7 +23,7 @@ fi if [[ $cgroup2 ]]; then CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk '{print $3}') if [[ -z "$CGROUP_ROOT" ]]; then - CGROUP_ROOT=/dev/cgroup/memory + CGROUP_ROOT=$(mktemp -d) mount -t cgroup2 none $CGROUP_ROOT do_umount=1 fi _ Patches currently in -mm which might be from broonie(a)kernel.org are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-compaction-fix-bug-in-hugetlb-handling-pathway.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/compaction: fix bug in hugetlb handling pathway has been removed from the -mm tree. Its filename was mm-compaction-fix-bug-in-hugetlb-handling-pathway.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm/compaction: fix bug in hugetlb handling pathway Date: Mon, 31 Mar 2025 19:10:24 -0700 The compaction code doesn't take references on pages until we're certain we should attempt to handle it. In the hugetlb case, isolate_or_dissolve_huge_page() may return -EBUSY without taking a reference to the folio associated with our pfn. If our folio's refcount drops to 0, compound_nr() becomes unpredictable, making low_pfn and nr_scanned unreliable. The user-visible effect is minimal - this should rarely happen (if ever). Fix this by storing the folio statistics earlier on the stack (just like the THP and Buddy cases). Also revert commit 66fe1cf7f581 ("mm: compaction: use helper compound_nr in isolate_migratepages_block") to make backporting easier. Link: https://lkml.kernel.org/r/20250401021025.637333-1-vishal.moola@gmail.com Fixes: 369fa227c219 ("mm: make alloc_contig_range handle free hugetlb pages") Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/compaction.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/compaction.c~mm-compaction-fix-bug-in-hugetlb-handling-pathway +++ a/mm/compaction.c @@ -981,13 +981,13 @@ isolate_migratepages_block(struct compac } if (PageHuge(page)) { + const unsigned int order = compound_order(page); /* * skip hugetlbfs if we are not compacting for pages * bigger than its order. THPs and other compound pages * are handled below. */ if (!cc->alloc_contig) { - const unsigned int order = compound_order(page); if (order <= MAX_PAGE_ORDER) { low_pfn += (1UL << order) - 1; @@ -1011,8 +1011,8 @@ isolate_migratepages_block(struct compac /* Do not report -EBUSY down the chain */ if (ret == -EBUSY) ret = 0; - low_pfn += compound_nr(page) - 1; - nr_scanned += compound_nr(page) - 1; + low_pfn += (1UL << order) - 1; + nr_scanned += (1UL << order) - 1; goto isolate_fail; } _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are mm-compaction-use-folio-in-hugetlb-pathway.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] lib-iov_iter-fix-to-increase-non-slab-folio-refcount.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/iov_iter: fix to increase non slab folio refcount has been removed from the -mm tree. Its filename was lib-iov_iter-fix-to-increase-non-slab-folio-refcount.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sheng Yong <shengyong1(a)xiaomi.com> Subject: lib/iov_iter: fix to increase non slab folio refcount Date: Tue, 1 Apr 2025 22:47:12 +0800 When testing EROFS file-backed mount over v9fs on qemu, I encountered a folio UAF issue. The page sanity check reports the following call trace. The root cause is that pages in bvec are coalesced across a folio bounary. The refcount of all non-slab folios should be increased to ensure p9_releas_pages can put them correctly. BUG: Bad page state in process md5sum pfn:18300 page: refcount:0 mapcount:0 mapping:00000000d5ad8e4e index:0x60 pfn:0x18300 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 aops:z_erofs_aops ino:30b0f dentry name(?):"GoogleExtServicesCn.apk" flags: 0x100000000000041(locked|head|node=0|zone=1) raw: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0 raw: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000 head: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0 head: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000 head: 0100000000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000010 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Call Trace: dump_stack_lvl+0x53/0x70 bad_page+0xd4/0x220 __free_pages_ok+0x76d/0xf30 __folio_put+0x230/0x320 p9_release_pages+0x179/0x1f0 p9_virtio_zc_request+0xa2a/0x1230 p9_client_zc_rpc.constprop.0+0x247/0x700 p9_client_read_once+0x34d/0x810 p9_client_read+0xf3/0x150 v9fs_issue_read+0x111/0x360 netfs_unbuffered_read_iter_locked+0x927/0x1390 netfs_unbuffered_read_iter+0xa2/0xe0 vfs_iocb_iter_read+0x2c7/0x460 erofs_fileio_rq_submit+0x46b/0x5b0 z_erofs_runqueue+0x1203/0x21e0 z_erofs_readahead+0x579/0x8b0 read_pages+0x19f/0xa70 page_cache_ra_order+0x4ad/0xb80 filemap_readahead.isra.0+0xe7/0x150 filemap_get_pages+0x7aa/0x1890 filemap_read+0x320/0xc80 vfs_read+0x6c6/0xa30 ksys_read+0xf9/0x1c0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x71/0x79 Link: https://lkml.kernel.org/r/20250401144712.1377719-1-shengyong1@xiaomi.com Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page") Signed-off-by: Sheng Yong <shengyong1(a)xiaomi.com> Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/iov_iter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/lib/iov_iter.c~lib-iov_iter-fix-to-increase-non-slab-folio-refcount +++ a/lib/iov_iter.c @@ -1191,7 +1191,7 @@ static ssize_t __iov_iter_get_pages_allo return -ENOMEM; p = *pages; for (int k = 0; k < n; k++) { - struct folio *folio = page_folio(page); + struct folio *folio = page_folio(page + k); p[k] = page + k; if (!folio_test_slab(folio)) folio_get(folio); _ Patches currently in -mm which might be from shengyong1(a)xiaomi.com are

6 months, 2 weeks

1
0
0 0

+ mm-hugetlb-fix-incorrect-fallback-for-subpool.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: hugetlb: fix incorrect fallback for subpool has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-incorrect-fallback-for-subpool.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Wupeng Ma <mawupeng1(a)huawei.com> Subject: mm: hugetlb: fix incorrect fallback for subpool Date: Thu, 10 Apr 2025 14:26:33 +0800 During our testing with hugetlb subpool enabled, we observe that hstate->resv_huge_pages may underflow into negative values. Root cause analysis reveals a race condition in subpool reservation fallback handling as follow: hugetlb_reserve_pages() /* Attempt subpool reservation */ gbl_reserve = hugepage_subpool_get_pages(spool, chg); /* Global reservation may fail after subpool allocation */ if (hugetlb_acct_memory(h, gbl_reserve) < 0) goto out_put_pages; out_put_pages: /* This incorrectly restores reservation to subpool */ hugepage_subpool_put_pages(spool, chg); When hugetlb_acct_memory() fails after subpool allocation, the current implementation over-commits subpool reservations by returning the full 'chg' value instead of the actual allocated 'gbl_reserve' amount. This discrepancy propagates to global reservations during subsequent releases, eventually causing resv_huge_pages underflow. This problem can be trigger easily with the following steps: 1. reverse hugepage for hugeltb allocation 2. mount hugetlbfs with min_size to enable hugetlb subpool 3. alloc hugepages with two task(make sure the second will fail due to insufficient amount of hugepages) 4. with for a few seconds and repeat step 3 which will make hstate->resv_huge_pages to go below zero. To fix this problem, return corrent amount of pages to subpool during the fallback after hugepage_subpool_get_pages is called. Link: https://lkml.kernel.org/r/20250410062633.3102457-1-mawupeng1@huawei.com Fixes: 1c5ecae3a93f ("hugetlbfs: add minimum size accounting to subpools") Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Tested-by: Joshua Hahn <joshua.hahnjy(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-incorrect-fallback-for-subpool +++ a/mm/hugetlb.c @@ -3010,7 +3010,7 @@ struct folio *alloc_hugetlb_folio(struct struct hugepage_subpool *spool = subpool_vma(vma); struct hstate *h = hstate_vma(vma); struct folio *folio; - long retval, gbl_chg; + long retval, gbl_chg, gbl_reserve; map_chg_state map_chg; int ret, idx; struct hugetlb_cgroup *h_cg = NULL; @@ -3163,8 +3163,16 @@ out_uncharge_cgroup_reservation: hugetlb_cgroup_uncharge_cgroup_rsvd(idx, pages_per_huge_page(h), h_cg); out_subpool_put: - if (map_chg) - hugepage_subpool_put_pages(spool, 1); + /* + * put page to subpool iff the quota of subpool's rsv_hpages is used + * during hugepage_subpool_get_pages. + */ + if (map_chg && !gbl_chg) { + gbl_reserve = hugepage_subpool_put_pages(spool, 1); + hugetlb_acct_memory(h, -gbl_reserve); + } + + out_end_reservation: if (map_chg != MAP_CHG_ENFORCED) vma_end_reservation(h, vma, addr); @@ -7233,7 +7241,7 @@ bool hugetlb_reserve_pages(struct inode struct vm_area_struct *vma, vm_flags_t vm_flags) { - long chg = -1, add = -1; + long chg = -1, add = -1, spool_resv, gbl_resv; struct hstate *h = hstate_inode(inode); struct hugepage_subpool *spool = subpool_inode(inode); struct resv_map *resv_map; @@ -7368,8 +7376,16 @@ bool hugetlb_reserve_pages(struct inode return true; out_put_pages: - /* put back original number of pages, chg */ - (void)hugepage_subpool_put_pages(spool, chg); + spool_resv = chg - gbl_reserve; + if (spool_resv) { + /* put sub pool's reservation back, chg - gbl_reserve */ + gbl_resv = hugepage_subpool_put_pages(spool, spool_resv); + /* + * subpool's reserved pages can not be put back due to race, + * return to hstate. + */ + hugetlb_acct_memory(h, -gbl_resv); + } out_uncharge_cgroup: hugetlb_cgroup_uncharge_cgroup_rsvd(hstate_index(h), chg * pages_per_huge_page(h), h_cg); _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are mm-hugetlb-fix-incorrect-fallback-for-subpool.patch

6 months, 2 weeks

1
0
0 0

[PATCH v2 2/7] arm64: dts: ti: am68-sk: Fix regulator hierarchy

by Yemike Abhilash Chandra

Update the vin-supply of the TLV71033 regulator from LM5141 (vsys_3v3) to LM61460 (vsys_5v0) to match the schematics. Add a fixed regulator node for the LM61460 5V supply to support this change. AM68-SK schematics: https://www.ti.com/lit/zip/sprr463 Fixes: a266c180b398 ("arm64: dts: ti: k3-am68-sk: Add support for AM68 SK base board") Cc: stable(a)vger.kernel.org Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts index 11522b36e0ce..5fa70a874d7b 100644 --- a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts +++ b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts @@ -44,6 +44,17 @@ vusb_main: regulator-vusb-main5v0 { regulator-boot-on; }; + vsys_5v0: regulator-vsys5v0 { + /* Output of LM61460 */ + compatible = "regulator-fixed"; + regulator-name = "vsys_5v0"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; + vin-supply = <&vusb_main>; + regulator-always-on; + regulator-boot-on; + }; + vsys_3v3: regulator-vsys3v3 { /* Output of LM5141 */ compatible = "regulator-fixed"; @@ -76,7 +87,7 @@ vdd_sd_dv: regulator-tlv71033 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <3300000>; regulator-boot-on; - vin-supply = <&vsys_3v3>; + vin-supply = <&vsys_5v0>; gpios = <&main_gpio0 49 GPIO_ACTIVE_HIGH>; states = <1800000 0x0>, <3300000 0x1>; -- 2.34.1

6 months, 2 weeks

3
3
0 0

[BACKPORT PATCH 6.6.y] Fix mmu notifiers for range-based invalidates

by Will Deacon

From: Piotr Jaroszynski <pjaroszynski(a)nvidia.com> [ Upstream commit f7edb07ad7c66eab3dce57384f33b9799d579133 ] Update the __flush_tlb_range_op macro not to modify its parameters as these are unexepcted semantics. In practice, this fixes the call to mmu_notifier_arch_invalidate_secondary_tlbs() in __flush_tlb_range_nosync() to use the correct range instead of an empty range with start=end. The empty range was (un)lucky as it results in taking the invalidate-all path that doesn't cause correctness issues, but can certainly result in suboptimal perf. This has been broken since commit 6bbd42e2df8f ("mmu_notifiers: call invalidate_range() when invalidating TLBs") when the call to the notifiers was added to __flush_tlb_range(). It predates the addition of the __flush_tlb_range_op() macro from commit 360839027a6e ("arm64: tlb: Refactor the core flush algorithm of __flush_tlb_range") that made the bug hard to spot. Fixes: 6bbd42e2df8f ("mmu_notifiers: call invalidate_range() when invalidating TLBs") Signed-off-by: Piotr Jaroszynski <pjaroszynski(a)nvidia.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Raghavendra Rao Ananta <rananta(a)google.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Nicolin Chen <nicolinc(a)nvidia.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: iommu(a)lists.linux.dev Cc: linux-mm(a)kvack.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org # Backport for 6.6.y only Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Link: https://lore.kernel.org/r/20250304085127.2238030-1-pjaroszynski@nvidia.com [will: Resolve conflicts due to lack of LPA2 support] Signed-off-by: Will Deacon <will(a)kernel.org> --- arch/arm64/include/asm/tlbflush.h | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h index b73baaf8ae47..d37db2f7a54c 100644 --- a/arch/arm64/include/asm/tlbflush.h +++ b/arch/arm64/include/asm/tlbflush.h @@ -369,31 +369,33 @@ static inline void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch) #define __flush_tlb_range_op(op, start, pages, stride, \ asid, tlb_level, tlbi_user) \ do { \ + typeof(start) __flush_start = start; \ + typeof(pages) __flush_pages = pages; \ int num = 0; \ int scale = 3; \ unsigned long addr; \ \ - while (pages > 0) { \ + while (__flush_pages > 0) { \ if (!system_supports_tlb_range() || \ - pages == 1) { \ - addr = __TLBI_VADDR(start, asid); \ + __flush_pages == 1) { \ + addr = __TLBI_VADDR(__flush_start, asid); \ __tlbi_level(op, addr, tlb_level); \ if (tlbi_user) \ __tlbi_user_level(op, addr, tlb_level); \ - start += stride; \ - pages -= stride >> PAGE_SHIFT; \ + __flush_start += stride; \ + __flush_pages -= stride >> PAGE_SHIFT; \ continue; \ } \ \ - num = __TLBI_RANGE_NUM(pages, scale); \ + num = __TLBI_RANGE_NUM(__flush_pages, scale); \ if (num >= 0) { \ - addr = __TLBI_VADDR_RANGE(start, asid, scale, \ - num, tlb_level); \ + addr = __TLBI_VADDR_RANGE(__flush_start, asid, \ + scale, num, tlb_level); \ __tlbi(r##op, addr); \ if (tlbi_user) \ __tlbi_user(r##op, addr); \ - start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \ - pages -= __TLBI_RANGE_PAGES(num, scale); \ + __flush_start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \ + __flush_pages -= __TLBI_RANGE_PAGES(num, scale);\ } \ scale--; \ } \ -- 2.49.0.604.gff1f9ca942-goog

6 months, 2 weeks

1
0
0 0

[PATCH] drm/amd/display: Temporarily disable hostvm on DCN31

by Alex Deucher

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> With HostVM enabled, DCN31 fails to pass validation for 3x4k60. Some Linux userspace does not downgrade one of the monitors to 4k30, and the result is that the monitor does not light up. Disable it until the bandwidth calculation failure is resolved. Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit ba93dddfc92084a1e28ea447ec4f8315f3d8d3fd) Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c index 911bd60d4fbc..3c42ba8566cf 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c @@ -890,7 +890,7 @@ static const struct dc_debug_options debug_defaults_drv = { .disable_z10 = true, .enable_legacy_fast_update = true, .enable_z9_disable_interface = true, /* Allow support for the PMFW interface for disable Z9*/ - .dml_hostvm_override = DML_HOSTVM_NO_OVERRIDE, + .dml_hostvm_override = DML_HOSTVM_OVERRIDE_FALSE, .using_dml2 = false, }; -- 2.49.0

6 months, 2 weeks

4
3
0 0

Re: G R A N T

by U N

Dear, Send your Ref: FSG2025 / Name / Phone Number / Country to Mr. Andrej Mahecic on un.grant(a)socialworker.net, +1 888 673 0430 for your £100,000.00. Sincerely Mr. C. Gunness On behalf of the UN.

6 months, 2 weeks

1
0
0 0

[PATCH v3] usb: common: usb-conn-gpio: use a unique name for usb connector device

by Chance Yang

The current implementation of the usb-conn-gpio driver uses a fixed "usb-charger" name for all USB connector devices. This causes conflicts in the power supply subsystem when multiple USB connectors are present, as duplicate names are not allowed. Use IDA to manage unique IDs for naming usb connectors (e.g., usb-charger-0, usb-charger-1). Fixes: 880287910b189 ("usb: common: usb-conn-gpio: fix NULL pointer dereference of charger") Cc: stable(a)vger.kernel.org Signed-off-by: Chance Yang <chance.yang(a)kneron.us> --- Changes in v3: - Added Cc stable - Link to v2: https://lore.kernel.org/r/20250411-work-next-v2-1-40beb82df5a9@kneron.us Changes in v2: - Replaced atomic_t with IDA for unique ID management - Link to v1: https://lore.kernel.org/r/20250411-work-next-v1-1-93c4b95ee6c1@kneron.us --- drivers/usb/common/usb-conn-gpio.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/usb-conn-gpio.c b/drivers/usb/common/usb-conn-gpio.c index 1e36be2a28fd5ca5e1495b7923e4d3e25d7cedef..421c3af38e06975259f4a1792aa3b3708a192d59 100644 --- a/drivers/usb/common/usb-conn-gpio.c +++ b/drivers/usb/common/usb-conn-gpio.c @@ -21,6 +21,9 @@ #include <linux/regulator/consumer.h> #include <linux/string_choices.h> #include <linux/usb/role.h> +#include <linux/idr.h> + +static DEFINE_IDA(usb_conn_ida); #define USB_GPIO_DEB_MS 20 /* ms */ #define USB_GPIO_DEB_US ((USB_GPIO_DEB_MS) * 1000) /* us */ @@ -30,6 +33,7 @@ struct usb_conn_info { struct device *dev; + int conn_id; /* store the IDA-allocated ID */ struct usb_role_switch *role_sw; enum usb_role last_role; struct regulator *vbus; @@ -161,7 +165,17 @@ static int usb_conn_psy_register(struct usb_conn_info *info) .fwnode = dev_fwnode(dev), }; - desc->name = "usb-charger"; + info->conn_id = ida_alloc(&usb_conn_ida, GFP_KERNEL); + if (info->conn_id < 0) + return info->conn_id; + + desc->name = devm_kasprintf(dev, GFP_KERNEL, "usb-charger-%d", + info->conn_id); + if (!desc->name) { + ida_free(&usb_conn_ida, info->conn_id); + return -ENOMEM; + } + desc->properties = usb_charger_properties; desc->num_properties = ARRAY_SIZE(usb_charger_properties); desc->get_property = usb_charger_get_property; @@ -169,8 +183,10 @@ static int usb_conn_psy_register(struct usb_conn_info *info) cfg.drv_data = info; info->charger = devm_power_supply_register(dev, desc, &cfg); - if (IS_ERR(info->charger)) - dev_err(dev, "Unable to register charger\n"); + if (IS_ERR(info->charger)) { + dev_err(dev, "Unable to register charger %d\n", info->conn_id); + ida_free(&usb_conn_ida, info->conn_id); + } return PTR_ERR_OR_ZERO(info->charger); } @@ -278,6 +294,9 @@ static void usb_conn_remove(struct platform_device *pdev) cancel_delayed_work_sync(&info->dw_det); + if (info->charger) + ida_free(&usb_conn_ida, info->conn_id); + if (info->last_role == USB_ROLE_HOST && info->vbus) regulator_disable(info->vbus); --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250411-work-next-d817787d63f2 Best regards, -- Chance Yang <chance.yang(a)kneron.us>

6 months, 2 weeks

2
1
0 0

[PATCH] usb: renesas_usbhs: Add error handling for usbhsf_fifo_select()

by Wentao Liang

In usbhsf_dcp_data_stage_prepare_pop(), the return value of usbhsf_fifo_select() needs to be checked. A proper implementation can be found in usbhsf_dma_try_pop_with_rx_irq(). Add an error check and jump to PIO pop when FIFO selection fails. Fixes: 9e74d601de8a ("usb: gadget: renesas_usbhs: add data/status stage handler") Cc: stable(a)vger.kernel.org # v3.2+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/renesas_usbhs/fifo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index 10607e273879..6cc07ab4782d 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -466,6 +466,7 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, struct usbhs_pipe *pipe = pkt->pipe; struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe); struct usbhs_fifo *fifo = usbhsf_get_cfifo(priv); + int ret; if (usbhs_pipe_is_busy(pipe)) return 0; @@ -480,10 +481,14 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, usbhs_pipe_sequence_data1(pipe); /* DATA1 */ - usbhsf_fifo_select(pipe, fifo, 0); + ret = usbhsf_fifo_select(pipe, fifo, 0); + if (ret < 0) + goto usbhsf_pio_prepare_pop; + usbhsf_fifo_clear(pipe, fifo); usbhsf_fifo_unselect(pipe, fifo); +usbhsf_pio_prepare_pop: /* * change handler to PIO pop */ -- 2.42.0.windows.2

6 months, 2 weeks

2
1
0 0

[PATCH v1] s390/virtio_ccw: don't allocate/assign airqs for non-existing queues

by David Hildenbrand

If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: <Stable(a)vger.kernel.org> Cc: Cornelia Huck <cohuck(a)redhat.com> Cc: Thomas Huth <thuth(a)redhat.com> Cc: Halil Pasic <pasic(a)linux.ibm.com> Cc: Eric Farman <farman(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Wei Wang <wei.w.wang(a)intel.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- drivers/s390/virtio/virtio_ccw.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5c..4904b831c0a75 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags); -- 2.48.1

6 months, 2 weeks

8
62
0 0

[PATCH v2] usb: gadget: f_fs: Invalidate io_data when USB request is dequeued or interrupted

by Frode Isaksen

From: Frode Isaksen <frode(a)meta.com> Invalidate io_data by setting context to NULL when USB request is dequeued or interrupted, and check for NULL io_data in epfile_io_complete(). The invalidation of io_data in req->context is done when exiting epfile_io(), since then io_data will become invalid as it is allocated on the stack. The epfile_io_complete() may be called after ffs_epfile_io() returns in case the wait_for_completion_interruptible() is interrupted. This fixes a use-after-free error with the following call stack: Unable to handle kernel paging request at virtual address ffffffc02f7bbcc0 pc : ffs_epfile_io_complete+0x30/0x48 lr : usb_gadget_giveback_request+0x30/0xf8 Call trace: ffs_epfile_io_complete+0x30/0x48 usb_gadget_giveback_request+0x30/0xf8 dwc3_remove_requests+0x264/0x2e8 dwc3_gadget_pullup+0x1d0/0x250 kretprobe_trampoline+0x0/0xc4 usb_gadget_remove_driver+0x40/0xf4 usb_gadget_unregister_driver+0xdc/0x178 unregister_gadget_item+0x40/0x6c ffs_closed+0xd4/0x10c ffs_data_clear+0x2c/0xf0 ffs_data_closed+0x178/0x1ec ffs_ep0_release+0x24/0x38 __fput+0xe8/0x27c Signed-off-by: Frode Isaksen <frode(a)meta.com> Cc: stable(a)vger.kernel.org --- v1 -> v2: Removed WARN_ON() in ffs_epfile_io_complete(). Clarified commit message. Added stable Cc tag. drivers/usb/gadget/function/f_fs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 2dea9e42a0f8..e35d32e7be58 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -738,6 +738,9 @@ static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req) { struct ffs_io_data *io_data = req->context; + if (io_data == NULL) + return; + if (req->status) io_data->status = req->status; else @@ -1126,6 +1129,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) spin_lock_irq(&epfile->ffs->eps_lock); if (epfile->ep != ep) { ret = -ESHUTDOWN; + req->context = NULL; goto error_lock; } /* @@ -1140,6 +1144,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data) interrupted = io_data->status < 0; } + req->context = NULL; if (interrupted) ret = -EINTR; else if (io_data->read && io_data->status > 0) -- 2.49.0

6 months, 2 weeks

2
2
0 0

[PATCH v2] usb/gadget: Add NULL check in ast_vhub_init_dev()

by Henry Martin

devm_kasprintf() returns NULL when memory allocation fails. Currently, ast_vhub_init_dev() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. Cc: stable(a)vger.kernel.org # v4.18 Fixes: 7ecca2a4080c ("usb/gadget: Add driver for Aspeed SoC virtual hub") Signed-off-by: Henry Martin <bsdhenrymartin(a)gmail.com> --- V1 -> V2: Add Cc: stable label and correct commit message. drivers/usb/gadget/udc/aspeed-vhub/dev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/gadget/udc/aspeed-vhub/dev.c b/drivers/usb/gadget/udc/aspeed-vhub/dev.c index 573109ca5b79..5b7d41a990d7 100644 --- a/drivers/usb/gadget/udc/aspeed-vhub/dev.c +++ b/drivers/usb/gadget/udc/aspeed-vhub/dev.c @@ -548,6 +548,8 @@ int ast_vhub_init_dev(struct ast_vhub *vhub, unsigned int idx) d->vhub = vhub; d->index = idx; d->name = devm_kasprintf(parent, GFP_KERNEL, "port%d", idx+1); + if (!d->name) + return -ENOMEM; d->regs = vhub->regs + 0x100 + 0x10 * idx; ast_vhub_init_ep0(vhub, &d->ep0, d); -- 2.34.1

6 months, 2 weeks

3
3
0 0

[PATCH V3 1/1] phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking

by Wayne Chang

The current implementation uses bias_pad_enable as a reference count to manage the shared bias pad for all UTMI PHYs. However, during system suspension with connected USB devices, multiple power-down requests for the UTMI pad result in a mismatch in the reference count, which in turn produces warnings such as: [ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763103] Call trace: [ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170 [ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30 [ 237.763110] phy_power_off+0x48/0x100 [ 237.763113] tegra_xusb_enter_elpg+0x204/0x500 [ 237.763119] tegra_xusb_suspend+0x48/0x140 [ 237.763122] platform_pm_suspend+0x2c/0xb0 [ 237.763125] dpm_run_callback.isra.0+0x20/0xa0 [ 237.763127] __device_suspend+0x118/0x330 [ 237.763129] dpm_suspend+0x10c/0x1f0 [ 237.763130] dpm_suspend_start+0x88/0xb0 [ 237.763132] suspend_devices_and_enter+0x120/0x500 [ 237.763135] pm_suspend+0x1ec/0x270 The root cause was traced back to the dynamic power-down changes introduced in commit a30951d31b25 ("xhci: tegra: USB2 pad power controls"), where the UTMI pad was being powered down without verifying its current state. This unbalanced behavior led to discrepancies in the reference count. To rectify this issue, this patch replaces the single reference counter with a bitmask, renamed to utmi_pad_enabled. Each bit in the mask corresponds to one of the four USB2 PHYs, allowing us to track each pad's enablement status individually. With this change: - The bias pad is powered on only when the mask is clear. - Each UTMI pad is powered on or down based on its corresponding bit in the mask, preventing redundant operations. - The overall power state of the shared bias pad is maintained correctly during suspend/resume cycles. The mutex used to prevent race conditions during UTMI pad enable/disable operations has been moved from the tegra186_utmi_bias_pad_power_on/off functions to the parent functions tegra186_utmi_pad_power_on/down. This change ensures that there are no race conditions when updating the bitmask. Cc: stable(a)vger.kernel.org Fixes: a30951d31b25 ("xhci: tegra: USB2 pad power controls") Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1 -> V2: holding the padctl->lock to protect shared bitmask V2 -> V3: updating the commit message with the mutex changes drivers/phy/tegra/xusb-tegra186.c | 44 +++++++++++++++++++------------ 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..cc7b8a6a999f 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -237,6 +237,8 @@ #define DATA0_VAL_PD BIT(1) #define USE_XUSB_AO BIT(4) +#define TEGRA_UTMI_PAD_MAX 4 + #define TEGRA186_LANE(_name, _offset, _shift, _mask, _type) \ { \ .name = _name, \ @@ -269,7 +271,7 @@ struct tegra186_xusb_padctl { /* UTMI bias and tracking */ struct clk *usb2_trk_clk; - unsigned int bias_pad_enable; + DECLARE_BITMAP(utmi_pad_enabled, TEGRA_UTMI_PAD_MAX); /* padctl context */ struct tegra186_xusb_padctl_context context; @@ -603,12 +605,8 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl) u32 value; int err; - mutex_lock(&padctl->lock); - - if (priv->bias_pad_enable++ > 0) { - mutex_unlock(&padctl->lock); + if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX)) return; - } err = clk_prepare_enable(priv->usb2_trk_clk); if (err < 0) @@ -667,17 +665,8 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl) struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); u32 value; - mutex_lock(&padctl->lock); - - if (WARN_ON(priv->bias_pad_enable == 0)) { - mutex_unlock(&padctl->lock); - return; - } - - if (--priv->bias_pad_enable > 0) { - mutex_unlock(&padctl->lock); + if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX)) return; - } value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL1); value |= USB2_PD_TRK; @@ -690,13 +679,13 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl) clk_disable_unprepare(priv->usb2_trk_clk); } - mutex_unlock(&padctl->lock); } static void tegra186_utmi_pad_power_on(struct phy *phy) { struct tegra_xusb_lane *lane = phy_get_drvdata(phy); struct tegra_xusb_padctl *padctl = lane->pad->padctl; + struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); struct tegra_xusb_usb2_port *port; struct device *dev = padctl->dev; unsigned int index = lane->index; @@ -705,9 +694,16 @@ static void tegra186_utmi_pad_power_on(struct phy *phy) if (!phy) return; + mutex_lock(&padctl->lock); + if (test_bit(index, priv->utmi_pad_enabled)) { + mutex_unlock(&padctl->lock); + return; + } + port = tegra_xusb_find_usb2_port(padctl, index); if (!port) { dev_err(dev, "no port found for USB2 lane %u\n", index); + mutex_unlock(&padctl->lock); return; } @@ -724,18 +720,28 @@ static void tegra186_utmi_pad_power_on(struct phy *phy) value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index)); value &= ~USB2_OTG_PD_DR; padctl_writel(padctl, value, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index)); + + set_bit(index, priv->utmi_pad_enabled); + mutex_unlock(&padctl->lock); } static void tegra186_utmi_pad_power_down(struct phy *phy) { struct tegra_xusb_lane *lane = phy_get_drvdata(phy); struct tegra_xusb_padctl *padctl = lane->pad->padctl; + struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl); unsigned int index = lane->index; u32 value; if (!phy) return; + mutex_lock(&padctl->lock); + if (!test_bit(index, priv->utmi_pad_enabled)) { + mutex_unlock(&padctl->lock); + return; + } + dev_dbg(padctl->dev, "power down UTMI pad %u\n", index); value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL0(index)); @@ -748,7 +754,11 @@ static void tegra186_utmi_pad_power_down(struct phy *phy) udelay(2); + clear_bit(index, priv->utmi_pad_enabled); + tegra186_utmi_bias_pad_power_off(padctl); + + mutex_unlock(&padctl->lock); } static int tegra186_xusb_padctl_vbus_override(struct tegra_xusb_padctl *padctl, -- 2.25.1

6 months, 2 weeks

3
2
0 0

[PATCH v1 2/2] mpi3mr: resets the pending interrupt flag

by Ranjan Kumar

If an admin interrupt is missed, admin_pend_isr may stay set and trigger admin reply processing even when no admin IOs are pending. Clearing/Resetting it in the admin completion path prevents this. Fixes: ca41929b2ed5 ("scsi: mpi3mr: Check admin reply queue from Watchdog") Cc: stable(a)vger.kernel.org Signed-off-by: Sathya Prakash <sathya.prakash(a)broadcom.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index d6e402aacb2a..003e1f7005c4 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -451,6 +451,7 @@ int mpi3mr_process_admin_reply_q(struct mpi3mr_ioc *mrioc) return 0; } + atomic_set(&mrioc->admin_pend_isr, 0); reply_desc = (struct mpi3_default_reply_descriptor *)mrioc->admin_reply_base + admin_reply_ci; @@ -2925,6 +2926,7 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc) mrioc->admin_reply_ci = 0; mrioc->admin_reply_ephase = 1; atomic_set(&mrioc->admin_reply_q_in_use, 0); + atomic_set(&mrioc->admin_pend_isr, 0); if (!mrioc->admin_req_base) { mrioc->admin_req_base = dma_alloc_coherent(&mrioc->pdev->dev, @@ -4653,6 +4655,7 @@ void mpi3mr_memset_buffers(struct mpi3mr_ioc *mrioc) if (mrioc->admin_reply_base) memset(mrioc->admin_reply_base, 0, mrioc->admin_reply_q_sz); atomic_set(&mrioc->admin_reply_q_in_use, 0); + atomic_set(&mrioc->admin_pend_isr, 0); if (mrioc->init_cmds.reply) { memset(mrioc->init_cmds.reply, 0, sizeof(*mrioc->init_cmds.reply)); -- 2.31.1

6 months, 2 weeks

1
0
0 0

[PATCH v1 1/2] Regression fix: Fix pending IOs counter per reply queue

by Ranjan Kumar

Commit 199510e33dea ("scsi: mpi3mr: Update consumer index of reply queues after every 100 replies") introduced a regression with Per reply queue pending IOs counter was wrongly decremented leading to counter getting negative. Fixed the issue by dropping the extra atomic decrement for pending IOs counter. Fixes: 199510e33dea ("scsi: mpi3mr: Update consumer index of reply queues after every 100 replies") Cc: stable(a)vger.kernel.org Signed-off-by: Sathya Prakash <sathya.prakash(a)broadcom.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c index 3fcb1ad3b070..d6e402aacb2a 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_fw.c +++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c @@ -565,7 +565,7 @@ int mpi3mr_process_op_reply_q(struct mpi3mr_ioc *mrioc, WRITE_ONCE(op_req_q->ci, le16_to_cpu(reply_desc->request_queue_ci)); mpi3mr_process_op_reply_desc(mrioc, reply_desc, &reply_dma, reply_qidx); - atomic_dec(&op_reply_q->pend_ios); + if (reply_dma) mpi3mr_repost_reply_buf(mrioc, reply_dma); num_op_reply++; -- 2.31.1

6 months, 2 weeks

1
0
0 0

[PATCH v2] asus-laptop: Fix an uninitialized variable

by Denis Arefev

The value returned by acpi_evaluate_integer() is not checked, but the result is not always successful, so it is necessary to add a check of the returned value. If the result remains negative during three iterations of the loop, then the uninitialized variable 'val' will be used in the clamp_val() macro, so it must be initialized with the current value of the 'curr' variable. In this case, the algorithm should be less noisy. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: b23910c2194e ("asus-laptop: Pegatron Lucid accelerometer") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- V1 -> V2: Added check of the return value it as Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> suggested. Changed initialization of 'val' variable it as Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> suggested. drivers/platform/x86/asus-laptop.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/platform/x86/asus-laptop.c b/drivers/platform/x86/asus-laptop.c index d460dd194f19..ff674c6d0bbb 100644 --- a/drivers/platform/x86/asus-laptop.c +++ b/drivers/platform/x86/asus-laptop.c @@ -427,10 +427,12 @@ static int asus_pega_lucid_set(struct asus_laptop *asus, int unit, bool enable) static int pega_acc_axis(struct asus_laptop *asus, int curr, char *method) { int i, delta; - unsigned long long val; + acpi_status status; + unsigned long long val = (unsigned long long)curr; for (i = 0; i < PEGA_ACC_RETRIES; i++) { - acpi_evaluate_integer(asus->handle, method, NULL, &val); - + status = acpi_evaluate_integer(asus->handle, method, NULL, &val); + if (ACPI_FAILURE(status)) + continue; /* The output is noisy. From reading the ASL * dissassembly, timeout errors are returned with 1's * in the high word, and the lack of locking around -- 2.43.0

6 months, 2 weeks

2
1
0 0

[PATCH v3] platform/x86: amd: pmf: Fix STT limits

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On some platforms it has been observed that STT limits are not being applied properly causing poor performance as power limits are set too low. STT limits that are sent to the platform are supposed to be in Q8.8 format. Convert them before sending. Reported-by: Yijun Shen <Yijun.Shen(a)dell.com> Fixes: 7c45534afa443 ("platform/x86/amd/pmf: Add support for PMF Policy Binary") Cc: stable(a)vger.kernel.org Tested-by: Yijun Shen <Yijun_Shen(a)Dell.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v3: * Add a helper with a generic name (so it can be easily be moved to library code in the future) --- drivers/platform/x86/amd/pmf/auto-mode.c | 4 ++-- drivers/platform/x86/amd/pmf/cnqf.c | 8 ++++---- drivers/platform/x86/amd/pmf/core.c | 14 ++++++++++++++ drivers/platform/x86/amd/pmf/pmf.h | 1 + drivers/platform/x86/amd/pmf/sps.c | 12 ++++++++---- drivers/platform/x86/amd/pmf/tee-if.c | 6 ++++-- 6 files changed, 33 insertions(+), 12 deletions(-) diff --git a/drivers/platform/x86/amd/pmf/auto-mode.c b/drivers/platform/x86/amd/pmf/auto-mode.c index 02ff68be10d01..1400ac70c52d1 100644 --- a/drivers/platform/x86/amd/pmf/auto-mode.c +++ b/drivers/platform/x86/amd/pmf/auto-mode.c @@ -120,9 +120,9 @@ static void amd_pmf_set_automode(struct amd_pmf_dev *dev, int idx, amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pwr_ctrl->sppt_apu_only, NULL); amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pwr_ctrl->stt_min, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - pwr_ctrl->stt_skin_temp[STT_TEMP_APU], NULL); + fixp_q88_from_integer(pwr_ctrl->stt_skin_temp[STT_TEMP_APU]), NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - pwr_ctrl->stt_skin_temp[STT_TEMP_HS2], NULL); + fixp_q88_from_integer(pwr_ctrl->stt_skin_temp[STT_TEMP_HS2]), NULL); if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX)) apmf_update_fan_idx(dev, config_store.mode_set[idx].fan_control.manual, diff --git a/drivers/platform/x86/amd/pmf/cnqf.c b/drivers/platform/x86/amd/pmf/cnqf.c index bc8899e15c914..3cde8a5de64a9 100644 --- a/drivers/platform/x86/amd/pmf/cnqf.c +++ b/drivers/platform/x86/amd/pmf/cnqf.c @@ -81,10 +81,10 @@ static int amd_pmf_set_cnqf(struct amd_pmf_dev *dev, int src, int idx, amd_pmf_send_cmd(dev, SET_SPPT, false, pc->sppt, NULL); amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pc->sppt_apu_only, NULL); amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pc->stt_min, NULL); - amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, pc->stt_skin_temp[STT_TEMP_APU], - NULL); - amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, pc->stt_skin_temp[STT_TEMP_HS2], - NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, + fixp_q88_from_integer(pc->stt_skin_temp[STT_TEMP_APU]), NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, + fixp_q88_from_integer(pc->stt_skin_temp[STT_TEMP_HS2]), NULL); if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX)) apmf_update_fan_idx(dev, diff --git a/drivers/platform/x86/amd/pmf/core.c b/drivers/platform/x86/amd/pmf/core.c index a2cb2d5544f5b..5209996eba674 100644 --- a/drivers/platform/x86/amd/pmf/core.c +++ b/drivers/platform/x86/amd/pmf/core.c @@ -176,6 +176,20 @@ static void __maybe_unused amd_pmf_dump_registers(struct amd_pmf_dev *dev) dev_dbg(dev->dev, "AMD_PMF_REGISTER_MESSAGE:%x\n", value); } +/** + * fixp_q88_from_integer: Convert integer to Q8.8 + * @val: input value + * + * Converts an integer into binary fixed point format where 8 bits + * are used for integer and 8 bits are used for the decimal. + * + * Return: unsigned integer converted to Q8.8 format + */ +u32 fixp_q88_from_integer(u32 val) +{ + return val << 8; +} + int amd_pmf_send_cmd(struct amd_pmf_dev *dev, u8 message, bool get, u32 arg, u32 *data) { int rc; diff --git a/drivers/platform/x86/amd/pmf/pmf.h b/drivers/platform/x86/amd/pmf/pmf.h index e6bdee68ccf34..2865e0a70b43d 100644 --- a/drivers/platform/x86/amd/pmf/pmf.h +++ b/drivers/platform/x86/amd/pmf/pmf.h @@ -777,6 +777,7 @@ int apmf_install_handler(struct amd_pmf_dev *pmf_dev); int apmf_os_power_slider_update(struct amd_pmf_dev *dev, u8 flag); int amd_pmf_set_dram_addr(struct amd_pmf_dev *dev, bool alloc_buffer); int amd_pmf_notify_sbios_heartbeat_event_v2(struct amd_pmf_dev *dev, u8 flag); +u32 fixp_q88_from_integer(u32 val); /* SPS Layer */ int amd_pmf_get_pprof_modes(struct amd_pmf_dev *pmf); diff --git a/drivers/platform/x86/amd/pmf/sps.c b/drivers/platform/x86/amd/pmf/sps.c index d3083383f11fb..dfc5285b681f7 100644 --- a/drivers/platform/x86/amd/pmf/sps.c +++ b/drivers/platform/x86/amd/pmf/sps.c @@ -198,9 +198,11 @@ static void amd_pmf_update_slider_v2(struct amd_pmf_dev *dev, int idx) amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, apts_config_store.val[idx].stt_min_limit, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - apts_config_store.val[idx].stt_skin_temp_limit_apu, NULL); + fixp_q88_from_integer(apts_config_store.val[idx].stt_skin_temp_limit_apu), + NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - apts_config_store.val[idx].stt_skin_temp_limit_hs2, NULL); + fixp_q88_from_integer(apts_config_store.val[idx].stt_skin_temp_limit_hs2), + NULL); } void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx, @@ -217,9 +219,11 @@ void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx, amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, config_store.prop[src][idx].stt_min, NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, - config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU], NULL); + fixp_q88_from_integer(config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU]), + NULL); amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, - config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2], NULL); + fixp_q88_from_integer(config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2]), + NULL); } else if (op == SLIDER_OP_GET) { amd_pmf_send_cmd(dev, GET_SPL, true, ARG_NONE, &table->prop[src][idx].spl); amd_pmf_send_cmd(dev, GET_FPPT, true, ARG_NONE, &table->prop[src][idx].fppt); diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c index a1e43873a07b0..22d48048f9d01 100644 --- a/drivers/platform/x86/amd/pmf/tee-if.c +++ b/drivers/platform/x86/amd/pmf/tee-if.c @@ -123,7 +123,8 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_APU: if (dev->prev_data->stt_skintemp_apu != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, + fixp_q88_from_integer(val), NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_APU: %u\n", val); dev->prev_data->stt_skintemp_apu = val; } @@ -131,7 +132,8 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_ case PMF_POLICY_STT_SKINTEMP_HS2: if (dev->prev_data->stt_skintemp_hs2 != val) { - amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val, NULL); + amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, + fixp_q88_from_integer(val), NULL); dev_dbg(dev->dev, "update STT_SKINTEMP_HS2: %u\n", val); dev->prev_data->stt_skintemp_hs2 = val; } -- 2.43.0

6 months, 2 weeks

3
3
0 0

[PATCH] usb: cdnsp: Fix issue with resuming from L1

by Pawel Laszczak

Subject: [PATCH] usb: cdnsp: Fix issue with resuming from L1 In very rare cases after resuming controller from L1 to L0 it reads registers before the clock has been enabled and as the result driver reads incorrect value. To fix this issue driver increases APB timeout value. Probably this issue occurs only on Cadence platform but fix should have no impact for other existing platforms. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-gadget.c | 22 ++++++++++++++++++++++ drivers/usb/cdns3/cdnsp-gadget.h | 4 ++++ 2 files changed, 26 insertions(+) diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index 87f310841735..b12581b94567 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -139,6 +139,21 @@ static void cdnsp_clear_port_change_bit(struct cdnsp_device *pdev, (portsc & PORT_CHANGE_BITS), port_regs); } +static void cdnsp_set_apb_timeout_value(struct cdnsp_device *pdev) +{ + __le32 __iomem *reg; + void __iomem *base; + u32 offset = 0; + u32 val; + + base = &pdev->cap_regs->hc_capbase; + offset = cdnsp_find_next_ext_cap(base, offset, D_XEC_PRE_REGS_CAP); + reg = base + offset + REG_CHICKEN_BITS_3_OFFSET; + + val = le32_to_cpu(readl(reg)); + writel(cpu_to_le32(CHICKEN_APB_TIMEOUT_SET(val)), reg); +} + static void cdnsp_set_chicken_bits_2(struct cdnsp_device *pdev, u32 bit) { __le32 __iomem *reg; @@ -1798,6 +1813,13 @@ static int cdnsp_gen_setup(struct cdnsp_device *pdev) pdev->hci_version = HC_VERSION(pdev->hcc_params); pdev->hcc_params = readl(&pdev->cap_regs->hcc_params); + /* In very rare cases after resuming controller from L1 to L0 it reads + * registers before the clock has been enabled and as the result driver + * reads incorrect value. + * To fix this issue driver increases APB timeout value. + */ + cdnsp_set_apb_timeout_value(pdev); + cdnsp_get_rev_cap(pdev); /* Make sure the Device Controller is halted. */ diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 84887dfea763..a4d678fba005 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -520,6 +520,10 @@ struct cdnsp_rev_cap { #define REG_CHICKEN_BITS_2_OFFSET 0x48 #define CHICKEN_XDMA_2_TP_CACHE_DIS BIT(28) +#define REG_CHICKEN_BITS_3_OFFSET 0x4C +#define CHICKEN_APB_TIMEOUT_VALUE 0x1C20 +#define CHICKEN_APB_TIMEOUT_SET(p) (((p) & ~GENMASK(21, 0)) | CHICKEN_APB_TIMEOUT_VALUE) + /* XBUF Extended Capability ID. */ #define XBUF_CAP_ID 0xCB #define XBUF_RX_TAG_MASK_0_OFFSET 0x1C -- 2.43.0

6 months, 2 weeks

3
5
0 0

[PATCH 1/3] drm/nouveau: Prevent signaled fences in pending list

by Philipp Stanner

Nouveau currently relies on the assumption that dma_fences will only ever get signaled through nouveau_fence_signal(), which takes care of removing a signaled fence from the list nouveau_fence_chan.pending. This self-imposed rule is violated in nouveau_fence_done(), where dma_fence_is_signaled() (somewhat surprisingly, considering its name) can signal the fence without removing it from the list. This enables accesses to already signaled fences through the list, which is a bug. In particular, it can race with nouveau_fence_context_kill(), which would then attempt to set an error code on an already signaled fence, which is illegal. In nouveau_fence_done(), the call to nouveau_fence_update() already ensures to signal all ready fences. Thus, the signaling potentially performed by dma_fence_is_signaled() is actually not necessary. Replace the call to dma_fence_is_signaled() with nouveau_fence_base_is_signaled(). Cc: <stable(a)vger.kernel.org> # 4.10+, precise commit not to be determined Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c index 7cc84472cece..33535987d8ed 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fence.c +++ b/drivers/gpu/drm/nouveau/nouveau_fence.c @@ -274,7 +274,7 @@ nouveau_fence_done(struct nouveau_fence *fence) nvif_event_block(&fctx->event); spin_unlock_irqrestore(&fctx->lock, flags); } - return dma_fence_is_signaled(&fence->base); + return test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->base.flags); } static long -- 2.48.1

6 months, 2 weeks

4
8
0 0

[PATCH RESEND] tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT

by Günther Noack

This requirement was overeagerly loosened in commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), but as it turns out, (1) the logic I implemented there was inconsistent (apologies!), (2) TIOCL_SELMOUSEREPORT might actually be a small security risk after all, and (3) TIOCL_SELMOUSEREPORT is only meant to be used by the mouse daemon (GPM or Consolation), which runs as CAP_SYS_ADMIN already. In more detail: 1. The previous patch has inconsistent logic: In commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), we checked for sel_mode == TIOCL_SELMOUSEREPORT, but overlooked that the lower four bits of this "mode" parameter were actually used as an additional way to pass an argument. So the patch did actually still require CAP_SYS_ADMIN, if any of the mouse button bits are set, but did not require it if none of the mouse buttons bits are set. This logic is inconsistent and was not intentional. We should have the same policies for using TIOCL_SELMOUSEREPORT independent of the value of the "hidden" mouse button argument. I sent a separate documentation patch to the man page list with more details on TIOCL_SELMOUSEREPORT: https://lore.kernel.org/all/20250223091342.35523-2-gnoack3000@gmail.com/ 2. TIOCL_SELMOUSEREPORT is indeed a potential security risk which can let an attacker simulate "keyboard" input to command line applications on the same terminal, like TIOCSTI and some other TIOCLINUX "selection mode" IOCTLs. By enabling mouse reporting on a terminal and then injecting mouse reports through TIOCL_SELMOUSEREPORT, an attacker can simulate mouse movements on the same terminal, similar to the TIOCSTI keystroke injection attacks that were previously possible with TIOCSTI and other TIOCL_SETSEL selection modes. Many programs (including libreadline/bash) are then prone to misinterpret these mouse reports as normal keyboard input because they do not expect input in the X11 mouse protocol form. The attacker does not have complete control over the escape sequence, but they can at least control the values of two consecutive bytes in the binary mouse reporting escape sequence. I went into more detail on that in the discussion at https://lore.kernel.org/all/20250221.0a947528d8f3@gnoack.org/ It is not equally trivial to simulate arbitrary keystrokes as it was with TIOCSTI (commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled")), but the general mechanism is there, and together with the small number of existing legit use cases (see below), it would be better to revert back to requiring CAP_SYS_ADMIN for TIOCL_SELMOUSEREPORT, as it was already the case before commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"). 3. TIOCL_SELMOUSEREPORT is only used by the mouse daemons (GPM or Consolation), and they are the only legit use case: To quote console_codes(4): The mouse tracking facility is intended to return xterm(1)-compatible mouse status reports. Because the console driver has no way to know the device or type of the mouse, these reports are returned in the console input stream only when the virtual terminal driver receives a mouse update ioctl. These ioctls must be generated by a mouse-aware user-mode application such as the gpm(8) daemon. Jared Finder has also confirmed in https://lore.kernel.org/all/491f3df9de6593df8e70dbe77614b026@finder.org/ that Emacs does not call TIOCL_SELMOUSEREPORT directly, and it would be difficult to find good reasons for doing that, given that it would interfere with the reports that GPM is sending. More information on the interaction between GPM, terminals and the kernel with additional pointers is also available in this patch: https://lore.kernel.org/all/a773e48920aa104a65073671effbdee665c105fc.160396… For background on who else uses TIOCL_SELMOUSEREPORT: Debian Code search finds one page of results, the only two known callers are the two mouse daemons GPM and Consolation. (GPM does not show up in the search results because it uses literal numbers to refer to TIOCLINUX-related enums. I looked through GPM by hand instead. TIOCL_SELMOUSEREPORT is also not used from libgpm.) https://codesearch.debian.net/search?q=TIOCL_SELMOUSEREPORT Cc: Jared Finder <jared(a)finder.org> Cc: Jann Horn <jannh(a)google.com> Cc: Hanno Böck <hanno(a)hboeck.de> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN") Signed-off-by: Günther Noack <gnoack3000(a)gmail.com> --- drivers/tty/vt/selection.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 0bd6544e30a6b..791e2f1f7c0b6 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -193,13 +193,12 @@ int set_selection_user(const struct tiocl_selection __user *sel, return -EFAULT; /* - * TIOCL_SELCLEAR, TIOCL_SELPOINTER and TIOCL_SELMOUSEREPORT are OK to - * use without CAP_SYS_ADMIN as they do not modify the selection. + * TIOCL_SELCLEAR and TIOCL_SELPOINTER are OK to use without + * CAP_SYS_ADMIN as they do not modify the selection. */ switch (v.sel_mode) { case TIOCL_SELCLEAR: case TIOCL_SELPOINTER: - case TIOCL_SELMOUSEREPORT: break; default: if (!capable(CAP_SYS_ADMIN)) base-commit: 27102b38b8ca7ffb1622f27bcb41475d121fb67f -- 2.48.1

6 months, 2 weeks

1
1
0 0

[PATCH v2 01/22] rv: Fix out-of-bound memory access in rv_is_container_monitor()

by Nam Cao

When rv_is_container_monitor() is called on the last monitor in rv_monitors_list, KASAN yells: BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110 Read of size 8 at addr ffffffff97c7c798 by task setup/221 The buggy address belongs to the variable: rv_monitors_list+0x18/0x40 This is due to list_next_entry() is called on the last entry in the list. It wraps around to the first list_head, and the first list_head is not embedded in struct rv_monitor_def. Fix it by checking if the monitor is last in the list. Fixes: cb85c660fcd4 ("rv: Add option for nested monitors and include sched") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- kernel/trace/rv/rv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/rv/rv.c b/kernel/trace/rv/rv.c index 50344aa9f7f9..544acb1f6a33 100644 --- a/kernel/trace/rv/rv.c +++ b/kernel/trace/rv/rv.c @@ -225,7 +225,12 @@ bool rv_is_nested_monitor(struct rv_monitor_def *mdef) */ bool rv_is_container_monitor(struct rv_monitor_def *mdef) { - struct rv_monitor_def *next = list_next_entry(mdef, list); + struct rv_monitor_def *next; + + if (list_is_last(&mdef->list, &rv_monitors_list)) + return false; + + next = list_next_entry(mdef, list); return next->parent == mdef->monitor || !mdef->monitor->enable; } -- 2.39.5

6 months, 2 weeks

1
0
0 0

[PATCH 6.14.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9 registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already being used in the kernel. This is required to prevent their EL1 access trap into EL2. The following commits that enabled access into FEAT_PMUv3p9 registers have already been merged upstream from 6.13 onwards. d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") The sysreg patches in this series are required for the final patch which fixes the actual problem. Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Documentation/arch/arm64/booting.rst | 22 ++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++ arch/arm64/tools/sysreg | 103 +++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) -- 2.30.2

6 months, 2 weeks

2
15
0 0

[PATCH] ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4

by Andreas Kemnade

The late init call just writes to omap4 registers as soon as CONFIG_MFD_CPCAP is enabled without checking whether the cpcap driver is actually there or the SoC is indeed an OMAP4. Rather do these things only with the right device combination. Fixes booting the BT200 with said configuration enabled and non-factory X-Loader and probably also some surprising behavior on other devices. Fixes: c145649bf262 ("ARM: OMAP2+: Configure voltage controller for cpcap to low-speed") CC: <stable(a)vger.kernel.org> Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> --- arch/arm/mach-omap2/pmic-cpcap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm/mach-omap2/pmic-cpcap.c b/arch/arm/mach-omap2/pmic-cpcap.c index 4f31e61c0c90..9f9a20274db8 100644 --- a/arch/arm/mach-omap2/pmic-cpcap.c +++ b/arch/arm/mach-omap2/pmic-cpcap.c @@ -264,7 +264,11 @@ int __init omap4_cpcap_init(void) static int __init cpcap_late_init(void) { - omap4_vc_set_pmic_signaling(PWRDM_POWER_RET); + if (!of_find_compatible_node(NULL, NULL, "motorola,cpcap")) + return 0; + + if (soc_is_omap443x() || soc_is_omap446x() || soc_is_omap447x()) + omap4_vc_set_pmic_signaling(PWRDM_POWER_RET); return 0; } -- 2.39.5

6 months, 2 weeks

3
2
0 0

[PATCH] KVM: x86: forcibly leave SMM mode on vCPU reset

by Mikhail Lobanov

Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when a vCPU reset occurs while still in SMM mode, due to the check in kvm_vcpu_reset(). This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Considering that hardware CPUs exit SMM mode completely upon receiving a triple fault by triggering a hardware reset (which inherently leads to exiting SMM), explicitly perform SMM exit prior to the WARN check. Although subsequent code clears vCPU hflags, including the SMM flag, calling kvm_smm_changed ensures the exit from SMM is handled correctly and explicitly, aligning precisely with hardware behavior. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> --- arch/x86/kvm/x86.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4b64ab350bcd..f1c95c21703a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -12409,6 +12409,9 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) if (is_guest_mode(vcpu)) kvm_leave_nested(vcpu); + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); + kvm_lapic_reset(vcpu, init_event); WARN_ON_ONCE(is_guest_mode(vcpu) || is_smm(vcpu)); -- 2.47.2

6 months, 2 weeks

2
1
0 0

[PATCH v2 0/3] mm: Fix apply_to_pte_range() vs lazy MMU mode

by Alexander Gordeev

Hi All, Chages since v1: - left fixes only, improvements will be posted separately; - Fixes: and -stable tags added to patch descriptions; This series is an attempt to fix the violation of lazy MMU mode context requirement as described for arch_enter_lazy_mmu_mode(): This mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. On s390 if I make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable() I am getting this: [ 553.332108] preempt_count: 1, expected: 0 [ 553.332117] no locks held by multipathd/2116. [ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted: [ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR) [ 553.332146] Call Trace: [ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150 [ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8 [ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0 [ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88 [ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110 [ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8 [ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318 [ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768 [ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38 [ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98 [ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90 [ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260 [ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360 [ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378 [ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430 [ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80 [ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0 [ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8 [ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118 [ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328 [ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0 [ 553.332428] [<0000000015913260>] system_call+0x70/0x98 This exposes a KASAN issue fixed with patch 1 and apply_to_pte_range() issue fixed with patch 3, while patch 2 is a prerequisite. Commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu mode") looks like powerpc-only fix, yet not entirely conforming to the above provided requirement (page tables itself are still not protected). If I am not mistaken, xen and sparc are alike. Thanks! Alexander Gordeev (3): kasan: Avoid sleepable page allocation from atomic context mm: Cleanup apply_to_pte_range() routine mm: Protect kernel pgtables in apply_to_pte_range() mm/kasan/shadow.c | 9 +++------ mm/memory.c | 33 +++++++++++++++++++++------------ 2 files changed, 24 insertions(+), 18 deletions(-) -- 2.45.2

6 months, 2 weeks

3
9
0 0

[to-be-updated] mm-protect-kernel-pgtables-in-apply_to_pte_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: protect kernel pgtables in apply_to_pte_range() has been removed from the -mm tree. Its filename was mm-protect-kernel-pgtables-in-apply_to_pte_range.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm: protect kernel pgtables in apply_to_pte_range() Date: Tue, 8 Apr 2025 18:07:32 +0200 The lazy MMU mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. Yet, when it comes to kernel mappings apply_to_pte_range() does not take any locks. That does not conform arch_enter|leave_lazy_mmu_mode() semantics and could potentially lead to re-schedulling a process while in lazy MMU mode or racing on a kernel page table updates. Link: https://lkml.kernel.org/r/ef8f6538b83b7fc3372602f90375348f9b4f3596.17441281… Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 7 ++----- mm/memory.c | 5 ++++- 2 files changed, 6 insertions(+), 6 deletions(-) --- a/mm/kasan/shadow.c~mm-protect-kernel-pgtables-in-apply_to_pte_range +++ a/mm/kasan/shadow.c @@ -308,14 +308,14 @@ static int kasan_populate_vmalloc_pte(pt __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); - spin_lock(&init_mm.page_table_lock); if (likely(pte_none(ptep_get(ptep)))) { set_pte_at(&init_mm, addr, ptep, pte); page = 0; } - spin_unlock(&init_mm.page_table_lock); + if (page) free_page(page); + return 0; } @@ -401,13 +401,10 @@ static int kasan_depopulate_vmalloc_pte( page = (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT); - spin_lock(&init_mm.page_table_lock); - if (likely(!pte_none(ptep_get(ptep)))) { pte_clear(&init_mm, addr, ptep); free_page(page); } - spin_unlock(&init_mm.page_table_lock); return 0; } --- a/mm/memory.c~mm-protect-kernel-pgtables-in-apply_to_pte_range +++ a/mm/memory.c @@ -2926,6 +2926,7 @@ static int apply_to_pte_range(struct mm_ pte = pte_offset_kernel(pmd, addr); if (!pte) return err; + spin_lock(&init_mm.page_table_lock); } else { if (create) pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); @@ -2951,7 +2952,9 @@ static int apply_to_pte_range(struct mm_ arch_leave_lazy_mmu_mode(); - if (mm != &init_mm) + if (mm == &init_mm) + spin_unlock(&init_mm.page_table_lock); + else pte_unmap_unlock(mapped_pte, ptl); *mask |= PGTBL_PTE_MODIFIED; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

6 months, 2 weeks

1
0
0 0

[to-be-updated] mm-cleanup-apply_to_pte_range-routine.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: clean up apply_to_pte_range() has been removed from the -mm tree. Its filename was mm-cleanup-apply_to_pte_range-routine.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm: clean up apply_to_pte_range() Date: Tue, 8 Apr 2025 18:07:31 +0200 Reverse 'create' vs 'mm == &init_mm' conditions and move page table mask modification out of the atomic context. This is a prerequisite for fixing missing kernel page tables lock. Link: https://lkml.kernel.org/r/0c65bc334f17ff1d7d92d31c69d7065769bbce4e.17441281… Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) --- a/mm/memory.c~mm-cleanup-apply_to_pte_range-routine +++ a/mm/memory.c @@ -2915,24 +2915,28 @@ static int apply_to_pte_range(struct mm_ pte_fn_t fn, void *data, bool create, pgtbl_mod_mask *mask) { + int err = create ? -ENOMEM : -EINVAL; pte_t *pte, *mapped_pte; - int err = 0; spinlock_t *ptl; - if (create) { - mapped_pte = pte = (mm == &init_mm) ? - pte_alloc_kernel_track(pmd, addr, mask) : - pte_alloc_map_lock(mm, pmd, addr, &ptl); + if (mm == &init_mm) { + if (create) + pte = pte_alloc_kernel_track(pmd, addr, mask); + else + pte = pte_offset_kernel(pmd, addr); if (!pte) - return -ENOMEM; + return err; } else { - mapped_pte = pte = (mm == &init_mm) ? - pte_offset_kernel(pmd, addr) : - pte_offset_map_lock(mm, pmd, addr, &ptl); + if (create) + pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); + else + pte = pte_offset_map_lock(mm, pmd, addr, &ptl); if (!pte) - return -EINVAL; + return err; + mapped_pte = pte; } + err = 0; arch_enter_lazy_mmu_mode(); if (fn) { @@ -2944,12 +2948,14 @@ static int apply_to_pte_range(struct mm_ } } while (addr += PAGE_SIZE, addr != end); } - *mask |= PGTBL_PTE_MODIFIED; arch_leave_lazy_mmu_mode(); if (mm != &init_mm) pte_unmap_unlock(mapped_pte, ptl); + + *mask |= PGTBL_PTE_MODIFIED; + return err; } _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are mm-protect-kernel-pgtables-in-apply_to_pte_range.patch

6 months, 2 weeks

1
0
0 0

[to-be-updated] kasan-avoid-sleepable-page-allocation-from-atomic-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: avoid sleepable page allocation from atomic context has been removed from the -mm tree. Its filename was kasan-avoid-sleepable-page-allocation-from-atomic-context.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: kasan: avoid sleepable page allocation from atomic context Date: Tue, 8 Apr 2025 18:07:30 +0200 Patch series "mm: Fix apply_to_pte_range() vs lazy MMU mode", v2. This series is an attempt to fix the violation of lazy MMU mode context requirement as described for arch_enter_lazy_mmu_mode(): This mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. On s390 if I make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable() I am getting this: [ 553.332108] preempt_count: 1, expected: 0 [ 553.332117] no locks held by multipathd/2116. [ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted: [ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR) [ 553.332146] Call Trace: [ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150 [ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8 [ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0 [ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88 [ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110 [ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8 [ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318 [ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768 [ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38 [ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98 [ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90 [ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260 [ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360 [ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378 [ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430 [ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80 [ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0 [ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8 [ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118 [ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328 [ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0 [ 553.332428] [<0000000015913260>] system_call+0x70/0x98 This exposes a KASAN issue fixed with patch 1 and apply_to_pte_range() issue fixed with patch 3, while patch 2 is a prerequisite. Commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu mode") looks like powerpc-only fix, yet not entirely conforming to the above provided requirement (page tables itself are still not protected). If I am not mistaken, xen and sparc are alike. This patch (of 3): apply_to_page_range() enters lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. The lazy MMU mode may only be entered only under protection of the page table lock. However, the callback can go into sleep when trying to allocate a single page. Change __get_free_page() allocation mode from GFP_KERNEL to GFP_ATOMIC to avoid scheduling out while in atomic context. Link: https://lkml.kernel.org/r/cover.1744128123.git.agordeev@linux.ibm.com Link: https://lkml.kernel.org/r/2d9f4ac4528701b59d511a379a60107fa608ad30.17441281… Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Guenetr Roeck <linux(a)roeck-us.net> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jeremy Fitzhardinge <jeremy(a)goop.org> Cc: Juegren Gross <jgross(a)suse.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context +++ a/mm/kasan/shadow.c @@ -301,7 +301,7 @@ static int kasan_populate_vmalloc_pte(pt if (likely(!pte_none(ptep_get(ptep)))) return 0; - page = __get_free_page(GFP_KERNEL); + page = __get_free_page(GFP_ATOMIC); if (!page) return -ENOMEM; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are mm-cleanup-apply_to_pte_range-routine.patch mm-protect-kernel-pgtables-in-apply_to_pte_range.patch

6 months, 2 weeks

1
0
0 0

vmbus CVE-2024-36912 CVE-2024-36913

by He Zhe

Hello, I'm investigating if v5.15 and early versions are vulnerable to the following CVEs. Could you please help confirm the following cases? For CVE-2024-36912, the suggested fix is 211f514ebf1e ("Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl") according to https://www.cve.org/CVERecord?id=CVE-2024-36912 It seems 211f514ebf1e is based on d4dccf353db8 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM") which was introduced since v5.16. For v5.15 and early versions, vmbus ring buffer hadn't been made visible to host, so there's no need to backport 211f514ebf1e to those versions, right? For CVE-2024-36913, the suggested fix is 03f5a999adba ("Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails") according to https://www.cve.org/CVERecord?id=CVE-2024-36913 It seems 03f5a999adba is based on f2f136c05fb6 ("Drivers: hv: vmbus: Add SNP support for VMbus channel initiate message") which was introduced since v5.16. For v5.15 and early verions, monitor pages hadn't been made visible to host, so there's no need to backport 03f5a999adba to those versions, right? Thanks, Zhe

6 months, 2 weeks

2
1
0 0

[PATCH 5.15 v3 00/11] KVM: arm64: Backport of SVE fixes to v5.15

by Mark Brown

This series backports some recent fixes for SVE/KVM interactions from Mark Rutland to v5.15. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Changes in v3: - Explicitly include "KVM: arm64: Always start with clearing SVE flag on load", it was included previously as part of a conflcit resolution. - Link to v2: https://lore.kernel.org/r/20250403-stable-sve-5-15-v2-0-30a36a78a20a@kernel… Changes in v2: - Resend with Greg and the stable list added. - Link to v1: https://lore.kernel.org/r/20250402-stable-sve-5-15-v1-0-84d0e5ff1102@kernel… --- Fuad Tabba (1): KVM: arm64: Calculate cptr_el2 traps on activating traps Marc Zyngier (2): KVM: arm64: Get rid of host SVE tracking/saving KVM: arm64: Always start with clearing SVE flag on load Mark Brown (4): KVM: arm64: Discard any SVE state when entering KVM guests arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE arm64/fpsimd: Have KVM explicitly say which FP registers to save arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM Mark Rutland (4): KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Eagerly switch ZCR_EL{1,2} arch/arm64/include/asm/fpsimd.h | 4 +- arch/arm64/include/asm/kvm_host.h | 17 +++-- arch/arm64/include/asm/kvm_hyp.h | 7 ++ arch/arm64/include/asm/processor.h | 7 ++ arch/arm64/kernel/fpsimd.c | 117 +++++++++++++++++++++++--------- arch/arm64/kernel/process.c | 3 + arch/arm64/kernel/ptrace.c | 3 + arch/arm64/kernel/signal.c | 3 + arch/arm64/kvm/arm.c | 1 - arch/arm64/kvm/fpsimd.c | 72 +++++++++----------- arch/arm64/kvm/hyp/entry.S | 5 ++ arch/arm64/kvm/hyp/include/hyp/switch.h | 86 +++++++++++++++-------- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 9 ++- arch/arm64/kvm/hyp/nvhe/switch.c | 52 +++++++++----- arch/arm64/kvm/hyp/vhe/switch.c | 4 ++ arch/arm64/kvm/reset.c | 3 + 16 files changed, 266 insertions(+), 127 deletions(-) --- base-commit: 0c935c049b5c196b83b968c72d348ae6fff83ea2 change-id: 20250326-stable-sve-5-15-bfd75482dcfa Best regards, -- Mark Brown <broonie(a)kernel.org>

6 months, 2 weeks

2
16
0 0

[PATCH 6.12 000/426] 6.12.23-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.23 release. There are 426 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Apr 2025 11:58:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.23-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.23-rc3 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not use PERF enums when perf is not defined Nathan Chancellor <nathan(a)kernel.org> ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix management of listener transports Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Jeff Layton <jlayton(a)kernel.org> nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: vimc: skip .s_stream() for stopped entities Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Yosry Ahmed <yosry.ahmed(a)linux.dev> mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() David Hildenbrand <david(a)redhat.com> mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential wrong error return from get_block Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix random stack corruption after get_block Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in alloc_preauth_hash() Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Norbert Szetei <norbert(a)doyensec.com> ksmbd: fix overflow in dacloffset bounds check Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Sean Christopherson <seanjc(a)google.com> KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Candice Li <candice.li(a)amd.com> Remove unnecessary firmware version check for gc v9_4_2 Robin Murphy <robin.murphy(a)arm.com> media: omap3isp: Handle ARM dma_iommu_mapping Christian Eggers <ceggers(a)arri.de> ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: remove unused acpi function for clc Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Arnd Bergmann <arnd(a)arndb.de> x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Joe Damato <jdamato(a)fastly.com> idpf: Don't hard code napi_struct size Jiri Olsa <jolsa(a)kernel.org> uprobes/x86: Harden uretprobe syscall trampoline check Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Eduard Christian Dumitrescu <eduard.c.dumitrescu(a)gmail.com> platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Shuai Xue <xueshuai(a)linux.alibaba.com> x86/mce: use is_copy_from_user() to determine copy-from-user context Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase MAX_IO_PICS up to 8 Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 WANG Rui <wangrui(a)loongson.cn> rust: Fix enabling Rust and building with GCC for LoongArch Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Fix sparse warning for monitor_sdata Sherry Sun <sherry.sun(a)nxp.com> tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use port struct directly to simply code Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: Use u32 and u8 for register variables Abel Wu <wuyun.abel(a)bytedance.com> cgroup/rstat: Fix forceidle time in cpu.stat Joshua Hahn <joshua.hahn6(a)gmail.com> cgroup/rstat: Tracking cgroup-level niced CPU time Tengda Wu <wutengda(a)huaweicloud.com> tracing: Correct the refcount if the hist/hist_debug file fails to open Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Support POLLPRI event for poll on histogram Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Add poll(POLLIN) support on hist file Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace_events_hist.c code over to use guard() Len Brown <len.brown(a)intel.com> tools/power turbostat: report CoreThr per measurement interval Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: fix num_mec Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Alexandru Gagniuc <alexandru.gagniuc(a)hp.com> kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix multiple wraparounds of sk->sk_rmem_alloc. Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix adapter NULL pointer dereference on reboot Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Florian Fainelli <florian.fainelli(a)broadcom.com> spi: bcm2835: Do not call gpiod_put() on invalid descriptor Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Björn Töpel <bjorn(a)rivosinc.com> riscv/purgatory: 4B align purgatory_start Yao Zi <ziyao(a)disroot.org> riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Josh Poimboeuf <jpoimboe(a)kernel.org> spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Sven Schnelle <svens(a)linux.ibm.com> s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Ming Lei <ming.lei(a)redhat.com> ublk: make sure ubq->canceling is set when queue is frozen Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Christian Schoenebeck <linux_oss(a)crudebyte.com> fs/9p: fix NULL pointer dereference on mkdir Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure David Howells <dhowells(a)redhat.com> netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Roger Quadros <rogerq(a)kernel.org> memory: omap-gpmc: drop no compatible check Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Florian Westphal <fw(a)strlen.de> selftests: netfilter: skip br_netfilter queue tests if kernel is tainted Taehee Yoo <ap420073(a)gmail.com> net: devmem: do not WARN conditionally after netdev_rx_queue_restart() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Keith Busch <kbusch(a)kernel.org> nvme-pci: fix stuck reset on concurrent DPC and HP Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Fix output argument to hypercall that changes page visibility Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix SA Query processing in MLO Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: rt1320: set wake_capable = 0 explicitly Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius Naman Jain <namjain(a)linux.microsoft.com> x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add a check for invalid data size Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Propagate PMF-TA return codes Wentao Guan <guanwentao(a)uniontech.com> HID: i2c-hid: improve i2c_hid_get_report error message Jakub Kicinski <kuba(a)kernel.org> net: dsa: rtl8366rb: don't prompt users for LED control David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/vsec: Add Diamond Rapids support Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Namjae Jeon <linkinjeon(a)kernel.org> cifs: fix incorrect validation for num_aces field of smb_acl Namjae Jeon <linkinjeon(a)kernel.org> smb: common: change the data type of num_aces to le16 Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_pmu_register() vs. perf_init_event() Daniel Bárta <daniel.barta(a)trustlab.cz> ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Fix Asus Z13 2025 audio Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Matthias Proske <email(a)matthias-proske.de> wifi: brcmfmac: keep power during suspend if board requires it Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Mike Lothian <mike(a)fireburn.co.uk> ntsync: Set the permissions to be 0666 Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: use the right version of the rate API Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: remove debugfs dir for virtual monitor Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Cleanup sta TXQs on flush Dan Carpenter <dan.carpenter(a)linaro.org> nfs: Add missing release on error in nfs_lock_and_join_requests() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool/loongarch: Add unwind hints in prepare_frametrace() Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Jim Liu <jim.t90615(a)gmail.com> net: phy: broadcom: Correct BCM5221 PHY model detection Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation Miaoqian Lin <linmq006(a)gmail.com> LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix missing shutdown check Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() xueqin Luo <luoxueqin(a)kylinos.cn> thermal: core: Remove duplicate struct declaration Namhyung Kim <namhyung(a)kernel.org> perf bpf-filter: Fix a parsing error with comma Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Fix possible NPR of keep-alive thread Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Register debugfs after cdev 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES James Clark <james.clark(a)linaro.org> perf: intel-tpebs: Fix incorrect usage of zfree() Stephen Brennan <stephen.s.brennan(a)oracle.com> perf dso: fix dso__is_kallsyms() check Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed David Gow <davidgow(a)google.com> um: Pass the correct Rust target and options with gcc Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path NeilBrown <neilb(a)suse.de> NFS: fix open_owner_id_maxsz and related fields. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for delayed delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for expired delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Avoid unnecessary scans of filesystems for returning delegations Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Ian Rogers <irogers(a)google.com> perf debug: Avoid stack overflow in recursive error message Karan Sanghavi <karansanghvi98(a)gmail.com> iio: light: Add check for array bounds in veml6075_read_int_time_ms Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7173: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: free irq correctly in remove path Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Nuno Sá <nuno.sa(a)analog.com> iio: backend: make sure to NULL terminate stack buffer Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error Luca Ceresoli <luca.ceresoli(a)bootlin.com> perf build: Fix in-tree build due to symbolic link Ian Rogers <irogers(a)google.com> tools/x86: Fix linux/unaligned.h include path in lib/insn.c James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Wentao Liang <vulab(a)iscas.ac.cn> greybus: gb-beagleplay: Add error handling for gb_greybus_init Namhyung Kim <namhyung(a)kernel.org> perf report: Switch data file correctly in TUI Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Heiko Stuebner <heiko.stuebner(a)cherry.de> phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Update inode->i_mapping->a_ops on compression state Chenyuan Yang <chenyuan0y(a)gmail.com> w1: fix NULL pointer dereference in probe James Clark <james.clark(a)linaro.org> perf: Always feature test reallocarray Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Wang Liang <wangliang74(a)huawei.com> RDMA/core: Fix use-after-free when rename device name Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Jiayuan Chen <mrpre(a)163.com> bpf: Fix array bounds error with may_goto Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - remove access to parity register for QAT GEN4 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix larval relookup type and mask Sicelo A. Mhlongo <absicsz(a)gmail.com> power: supply: bq27xxx_battery: do not update cached flags prematurely Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Tengda Wu <wutengda(a)huaweicloud.com> selftests/bpf: Fix freplace_link segfault in tailcalls prog test Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache initialization error flow Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Set IV to NULL explicitly for AES ECB Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Niklas Schnelle <schnelle(a)linux.ibm.com> s390: Remove ioremap_wt() and pgprot_writethrough() Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix CMAC intermediate result handling Yue Haibing <yuehaibing(a)huawei.com> pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Luca Weiss <luca.weiss(a)fairphone.com> remoteproc: qcom: pas: add minidump_id to SC7280 WPSS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r8a08g045: Check the source of the CPU PLL settings David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Suppress binding attributes Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix page_size variable overflow Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use HMAC fallback when keyslots are full Arnd Bergmann <arnd(a)arndb.de> crypto: bpf - Add MODULE_DESCRIPTION for skcipher Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - check return value for hash do_one_req Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Use separate buffer for setkey Bairavi Alagappan <bairavix.alagappan(a)intel.com> crypto: qat - set parity error mask for qat_420xx Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Test the correct request flag Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Arnd Bergmann <arnd(a)arndb.de> dummycon: fix default rows/cols Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix BAR resizing when VF BARs are assigned Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: dwc: ep: Return -ENOMEM for allocation failures Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix config_updating flag never false when no mbox channel Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/kexec: fix physical address calculation in clear_utlb_entry() Christophe Leroy <christophe.leroy(a)csgroup.eu> crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Ashley Smith <ashley.smith(a)collabora.com> drm/panthor: Update CS_STATUS_ defines to correct values Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Set generation limit before PCIe link up Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Program clock inverters in correct register Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix an indent issue in DML21 Tushar Dave <tdave(a)nvidia.com> PCI/ACS: Fix 'pci=config_acs=' parameter John Keeping <jkeeping(a)inmusicbrands.com> drm/panel: ilitek-ili9882t: fix GPIO name in error message Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Remove add_align overwrite unrelated to size0 Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/umsch: fix ucode check Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: refine smu send msg debug log format Vitalii Mordan <mordan(a)ispras.ru> gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: ensure ssd132x pitch is correct John Keeping <jkeeping(a)inmusicbrands.com> drm/ssd130x: fix ssd132x encoding Javier Martinez Canillas <javierm(a)redhat.com> drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Don't take register_mutex with copy_from/to_user() Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Jiri Kosina <jikos(a)kernel.org> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: panel: Fix an API misuse in panel.c Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Geert Uytterhoeven <geert(a)linux-m68k.org> auxdisplay: MAX6959 should select BITREVERSE Frieder Schrempf <frieder.schrempf(a)kontron.de> regulator: pca9450: Fix enable register for LDO5 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/entry: Add __init to ia32_emulation_override_cmdline() Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev James Morse <james.morse(a)arm.com> x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Li Huafei <lihuafei1(a)huawei.com> watchdog/hardlockup/perf: Fix perf_event memory leak Kees Cook <kees(a)kernel.org> kunit/stackinit: Use fill byte different from Clang i386 pattern Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra194: Allow building for Tegra234 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks zihan zhou <15645113830zzh(a)gmail.com> sched: Cancel the slice protection of the idle entity Konstantin Andreev <andreev(a)swemel.ru> smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/Kconfig | 2 +- arch/arm/include/asm/vmlinux.lds.h | 12 +- arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/include/asm/irq.h | 2 +- arch/loongarch/include/asm/stacktrace.h | 3 + arch/loongarch/include/asm/unwind_hints.h | 10 +- arch/loongarch/kernel/env.c | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/crypto/Makefile | 1 + arch/powerpc/kexec/relocate_32.S | 7 +- arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kernel/elf_kexec.c | 3 + arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +++-- arch/riscv/purgatory/entry.S | 1 + arch/s390/include/asm/io.h | 2 - arch/s390/include/asm/pgtable.h | 3 - arch/s390/kernel/entry.S | 2 +- arch/s390/mm/pgtable.c | 10 - arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 -- arch/um/os-Linux/process.c | 51 ---- arch/x86/Kconfig | 3 +- arch/x86/Kconfig.cpu | 2 +- arch/x86/Makefile.um | 7 +- arch/x86/coco/tdx/tdx.c | 26 +- arch/x86/entry/calling.h | 2 + arch/x86/entry/common.c | 2 +- arch/x86/events/intel/core.c | 47 ++-- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/perf_event.h | 3 +- arch/x86/hyperv/hv_vtl.c | 1 + arch/x86/hyperv/ivm.c | 5 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/mce/severity.c | 11 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 +- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/process.c | 9 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kernel/uprobes.c | 14 +- arch/x86/kvm/svm/sev.c | 13 +- arch/x86/kvm/x86.c | 15 +- arch/x86/lib/copy_user_64.S | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 ++-- crypto/api.c | 17 +- crypto/bpf_crypto_skcipher.c | 1 + drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/auxdisplay/Kconfig | 1 + drivers/auxdisplay/panel.c | 4 +- drivers/base/power/main.c | 21 +- drivers/base/power/runtime.c | 2 +- drivers/block/ublk_drv.c | 41 ++- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 ++- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 4 +- drivers/clk/qcom/gcc-x1e80100.c | 30 -- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/renesas/r9a08g045-cpg.c | 5 +- drivers/clk/renesas/rzg2l-cpg.c | 13 +- drivers/clk/renesas/rzg2l-cpg.h | 10 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/Kconfig.arm | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 +-- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 ++++----- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 + drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 +--- drivers/crypto/nx/nx-common-pseries.c | 37 ++- drivers/crypto/tegra/tegra-se-aes.c | 47 ++-- drivers/crypto/tegra/tegra-se-hash.c | 27 +- drivers/crypto/tegra/tegra-se-key.c | 10 +- drivers/crypto/tegra/tegra-se-main.c | 16 +- drivers/crypto/tegra/tegra-se.h | 3 +- drivers/dma/fsl-edma-main.c | 14 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/skx_common.c | 33 +++ drivers/edac/skx_common.h | 11 + drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 - .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 7 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 ++- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 +- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 - drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 +- drivers/gpu/drm/panthor/panthor_fw.h | 6 +- drivers/gpu/drm/solomon/ssd130x-spi.c | 7 +- drivers/gpu/drm/solomon/ssd130x.c | 6 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/greybus/gb-beagleplay.c | 4 +- drivers/hid/Makefile | 1 - drivers/hid/i2c-hid/i2c-hid-core.c | 2 +- drivers/hwmon/nct6775-core.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +++- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +- drivers/iio/adc/ad4130.c | 41 ++- drivers/iio/adc/ad7124.c | 35 ++- drivers/iio/adc/ad7173.c | 25 +- drivers/iio/adc/ad7768-1.c | 15 + drivers/iio/industrialio-backend.c | 4 +- drivers/iio/light/veml6075.c | 8 +- drivers/infiniband/core/device.c | 18 +- drivers/infiniband/core/mad.c | 38 +-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 41 ++- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/leds/led-core.c | 22 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/media/platform/ti/omap3isp/isp.c | 7 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 + drivers/memory/omap-gpmc.c | 20 -- drivers/mfd/sm501.c | 6 +- drivers/misc/ntsync.c | 1 + drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/dsa/realtek/Kconfig | 2 +- drivers/net/ethernet/ibm/ibmveth.c | 39 ++- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/intel/idpf/idpf_main.c | 6 +- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++----- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- drivers/net/phy/broadcom.c | 6 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 - drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/ioctl.c | 2 +- drivers/nvme/host/pci.c | 34 ++- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/debugfs.c | 2 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 16 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci-sysfs.c | 4 +- drivers/pci/pci.c | 22 +- drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 4 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +++- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/amd/pmf/pmf.h | 5 +- drivers/platform/x86/amd/pmf/tee-if.c | 82 ++++-- drivers/platform/x86/dell/dell-uart-backlight.c | 2 +- drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- drivers/platform/x86/intel/hid.c | 7 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/platform/x86/intel/vsec.c | 7 + .../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 11 + drivers/power/supply/bq27xxx_battery.c | 1 - drivers/power/supply/max77693_charger.c | 2 +- drivers/regulator/pca9450-regulator.c | 6 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 +- drivers/remoteproc/qcom_q6v5_pas.c | 13 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/soundwire/slave.c | 1 + drivers/spi/spi-bcm2835.c | 18 +- drivers/spi/spi-cadence-xspi.c | 2 +- drivers/staging/rtl8723bs/Kconfig | 1 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 +- .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/tty/serial/fsl_lpuart.c | 312 ++++++++++----------- drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +- drivers/video/console/Kconfig | 6 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + drivers/w1/masters/w1-uart.c | 4 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/affs/file.c | 9 +- fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/exfat/file.c | 29 +- fs/exfat/inode.c | 41 ++- fs/exfat/namei.c | 5 + fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 +- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 ++-- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/netfs/direct_read.c | 6 +- fs/nfs/delegation.c | 63 +++-- fs/nfs/nfs4xdr.c | 18 +- fs/nfs/sysfs.c | 22 +- fs/nfs/write.c | 4 +- fs/nfsd/nfs4state.c | 37 ++- fs/nfsd/nfsctl.c | 44 ++- fs/nfsd/vfs.c | 28 +- fs/ntfs3/attrib.c | 3 +- fs/ntfs3/file.c | 22 +- fs/ntfs3/frecord.c | 6 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/cifsacl.c | 34 ++- fs/smb/client/connect.c | 16 +- fs/smb/common/smbacl.h | 3 +- fs/smb/server/auth.c | 6 +- fs/smb/server/connection.h | 11 + fs/smb/server/mgmt/user_session.c | 37 ++- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 54 +++- fs/smb/server/smbacl.c | 50 ++-- fs/smb/server/smbacl.h | 2 +- include/drm/display/drm_dp_mst_helper.h | 7 + include/linux/cgroup-defs.h | 1 + include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/fwnode.h | 2 +- include/linux/interrupt.h | 8 +- include/linux/nfs_fs_sb.h | 4 + include/linux/nmi.h | 4 - include/linux/pgtable.h | 28 +- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/sched/smt.h | 2 +- include/linux/thermal.h | 2 - include/linux/trace_events.h | 14 + include/linux/uprobes.h | 2 + include/rdma/ib_verbs.h | 1 + init/Kconfig | 5 + kernel/bpf/core.c | 19 +- kernel/bpf/verifier.c | 7 + kernel/cgroup/rstat.c | 38 +-- kernel/cpu.c | 5 - kernel/events/core.c | 46 ++- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 15 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/sched/fair.c | 50 +++- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events.c | 14 + kernel/trace/trace_events_hist.c | 133 +++++++-- kernel/trace/trace_events_synth.c | 36 ++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + kernel/watchdog.c | 25 -- kernel/watchdog_perf.c | 28 +- lib/842/842_compress.c | 2 + lib/stackinit_kunit.c | 30 +- lib/vsprintf.c | 2 +- mm/gup.c | 3 + mm/memory.c | 13 +- mm/zswap.c | 30 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +-- net/core/devmem.c | 4 +- net/core/dst.c | 8 + net/core/rtnetlink.c | 3 + net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 42 +-- net/ipv6/addrconf.c | 37 ++- net/ipv6/calipso.c | 21 +- net/ipv6/route.c | 42 ++- net/mac80211/driver-ops.c | 10 +- net/mac80211/iface.c | 11 +- net/mac80211/rx.c | 10 +- net/mac80211/sta_info.c | 20 +- net/mac80211/util.c | 5 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/sctp/sysctl.c | 4 + net/vmw_vsock/af_vsock.c | 6 +- rust/Makefile | 4 +- rust/kernel/print.rs | 7 +- scripts/package/debian/rules | 6 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 34 +-- sound/core/timer.c | 147 +++++----- sound/pci/hda/patch_realtek.c | 50 +++- sound/soc/amd/acp/acp-legacy-common.c | 10 +- sound/soc/codecs/cs35l41-spi.c | 5 +- sound/soc/codecs/rt1320-sdw.c | 3 + sound/soc/codecs/rt5665.c | 24 +- sound/soc/codecs/wsa884x.c | 4 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/ti/j721e-evm.c | 2 + tools/arch/x86/lib/insn.c | 2 +- tools/lib/bpf/linker.c | 2 +- tools/objtool/check.c | 35 +-- tools/perf/Makefile.config | 10 +- tools/perf/Makefile.perf | 2 +- tools/perf/bench/syscall.c | 22 +- tools/perf/builtin-report.c | 2 +- .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/tests/shell/record_bpf_filter.sh | 4 +- tools/perf/util/arm-spe.c | 8 +- tools/perf/util/bpf-filter.l | 2 +- tools/perf/util/comm.c | 2 + tools/perf/util/debug.c | 2 +- tools/perf/util/dso.h | 4 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/intel-tpebs.c | 2 +- tools/perf/util/pmu.c | 7 +- tools/perf/util/pmu.h | 5 + tools/perf/util/pmus.c | 20 +- tools/perf/util/python.c | 17 +- tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/units.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 + tools/power/x86/turbostat/turbostat.c | 2 +- .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- .../selftests/net/netfilter/br_netfilter.sh | 7 + .../selftests/net/netfilter/br_netfilter_queue.sh | 7 + tools/testing/selftests/net/netfilter/nft_queue.sh | 1 + 420 files changed, 3561 insertions(+), 2029 deletions(-)

6 months, 2 weeks

8
7
0 0

[PATCH 6.6 000/269] 6.6.87-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.87 release. There are 269 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Apr 2025 11:58:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.87-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.87-rc2 Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not use PERF enums when perf is not defined Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Oleg Nesterov <oleg(a)redhat.com> exec: fix the racy usage of fs_struct->in_exec Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Angelos Oikonomopoulos <angelos(a)igalia.com> arm64: Don't call NULL in do_compat_alignment_fixup() Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Norbert Szetei <norbert(a)doyensec.com> ksmbd: validate zero num_subauth before sub_auth is accessed Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix session use-after-free in multichannel connection Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_sessions_deregister() Norbert Szetei <norbert(a)doyensec.com> ksmbd: add bounds check for create lease context Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add bounds check for durable handle context Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Miaoqian Lin <linmq006(a)gmail.com> mmc: omap: Fix memory leak in mmc_omap_new_slot Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Ivan Orlov <ivan.orlov0322(a)gmail.com> kunit/overflow: Fix UB in overflow_allocation_test Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Apply static call for drain_pebs Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Tianyu Lan <tiala(a)microsoft.com> x86/hyperv: Fix check of return value from snp_set_vmsa() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Don't override subprog's return value Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Fix off-by-one error in build_prologue() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Increase ARCH_DMA_MINALIGN up to 16 Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_index before accessing dc->links[] Tengda Wu <wutengda(a)huaweicloud.com> tracing: Correct the refcount if the hist/hist_debug file fails to open Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Support POLLPRI event for poll on histogram Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/hist: Add poll(POLLIN) support on hist file Steven Rostedt <rostedt(a)goodmis.org> tracing: Switch trace_events_hist.c code over to use guard() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Allow creating instances with specified system events Yeoreum Yun <yeoreum.yun(a)arm.com> perf/core: Fix child_total_time_enabled accounting bug at task exit Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: fix num_mec Dave Marquardt <davemarq(a)linux.ibm.com> net: ibmveth: make veth_pool_store stop hanging Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Ido Schimmel <idosch(a)nvidia.com> ipv6: Do not consider link down nexthops in path selection Ido Schimmel <idosch(a)nvidia.com> ipv6: Start path selection from the first nexthop Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow David Oberhollenzer <david.oberhollenzer(a)sigma-star.at> net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Antoine Tenart <atenart(a)kernel.org> net: decrease cached dst counters in dst_release Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't unregister hook when table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change k1 configuration on MTP and later platforms Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Herton R. Krzesinski <herton(a)redhat.com> x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: errata: Use medany for relocatable builds Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix gang directory lifetimes Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Roger Quadros <rogerq(a)kernel.org> memory: omap-gpmc: drop no compatible check Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Keith Busch <kbusch(a)kernel.org> nvme-pci: fix stuck reset on concurrent DPC and HP Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Fix output argument to hypercall that changes page visibility Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Naman Jain <namjain(a)linux.microsoft.com> x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA Wentao Guan <guanwentao(a)uniontech.com> HID: i2c-hid: improve i2c_hid_get_report error message David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/vsec: Add Diamond Rapids support Dmitry Panchenko <dmitry(a)d-systems.ee> platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Namjae Jeon <linkinjeon(a)kernel.org> cifs: fix incorrect validation for num_aces field of smb_acl Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_pmu_register() vs. perf_init_event() Daniel Bárta <daniel.barta(a)trustlab.cz> ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Fix Asus Z13 2025 audio Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Matthias Proske <email(a)matthias-proske.de> wifi: brcmfmac: keep power during suspend if board requires it Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: use the right version of the rate API Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> rcu-tasks: Always inline rcu_irq_work_resched() Josh Poimboeuf <jpoimboe(a)kernel.org> context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() David Laight <david.laight.linux(a)gmail.com> objtool: Fix verbose disassembly if CROSS_COMPILE isn't set Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Rework the arch_kgdb_breakpoint() implementation 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix segfault in ignore_unreachable_insn() Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Lama Kayal <lkayal(a)nvidia.com> net/mlx5e: SHAMPO, Make reserved size independent of page size Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix r_count dec/increment mismatch Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Lubomir Rintel <lkundrak(a)v3.sk> rndis_host: Flag RNDIS modems as WWAN devices Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix netns refcount imbalance causing leaks and use-after-free Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Shut down the nfs_client only after all the superblocks Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Marcus Meissner <meissner(a)suse.de> perf tools: annotate asm_pure_loop.S Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: n_tty: use uint for space returned by tty_write_room() 谢致邦 (XIE Zhibang) <Yeking(a)Red54.com> staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Benjamin Berg <benjamin.berg(a)intel.com> um: hostfs: avoid issues on inode number reuse by host Benjamin Berg <benjamin.berg(a)intel.com> um: remove copy_from_kernel_nofault_allowed Cyan Yang <cyan.yang(a)sifive.com> selftests/mm/cow: fix the incorrect error handling Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Anshuman Khandual <anshuman.khandual(a)arm.com> arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX David Hildenbrand <david(a)redhat.com> kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Ian Rogers <irogers(a)google.com> perf evlist: Add success path to evlist__create_syswide_maps Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad4130: Fix comparison of channel setups Peng Fan <peng.fan(a)nxp.com> dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Prevent integer overflow in hdr_first_de() Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: correct debug message page size calculation Thomas Richter <tmricht(a)linux.ibm.com> perf bench: Fix perf bench syscall loop count Leo Yan <leo.yan(a)arm.com> perf arm-spe: Fix load-store operation checking Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Mario Limonciello <mario.limonciello(a)amd.com> ucsi_ccg: Don't show failed to get FW build information error James Clark <james.clark(a)linaro.org> perf pmu: Don't double count common sysfs and json events Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight-etm4x: add isb() before reading the TRCSTATR Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Ian Rogers <irogers(a)google.com> perf stat: Fix find_stat for mixed legacy/non-legacy events Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Remi Pommarel <repk(a)triplefau.lt> leds: Fix LED_OFF brightness race Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzv2m: Fix missing of_node_put() call Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Alice Ryhl <aliceryhl(a)google.com> rust: fix signature of rust_fmt_argument Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Select NUMA_NO_NODE to create map Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Fix calculation of total invalidated pages Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 Kees Bakker <kees(a)ijzerbout.nl> RDMA/mana_ib: Ensure variable err is initialized Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Fix string read in strncmp benchmark Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for sec spec check Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: histb: Fix an error handling path in histb_pcie_probe() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> drm/amd/display: avoid NPD when ASIC does not support DMUB Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Douglas Anderson <dianders(a)chromium.org> drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix potential premature regulator disabling Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Use existing per-interface slice count in DSC timing Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't use active in atomic_check() Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure Kai-Heng Feng <kaihengf(a)nvidia.com> PCI: Use downstream bridges for distributing resources José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Hermes Wu <Hermes.wu(a)ite.com.tw> drm/bridge: it6505: fix HDCP V match check is not performed correctly Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Maud Spierings <maudspierings(a)gocontroll.com> dt-bindings: vendor-prefixes: add GOcontroll Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> ASoC: cs35l41: check the return value from spi_setup() Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-ddv: Fix temperature calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: HEVC: Initialize start_bit field Chao Gao <chao.gao(a)intel.com> x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Josh Poimboeuf <jpoimboe(a)kernel.org> x86/traps: Make exc_double_fault() consistently noreturn Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Disable the kernel perf counter during configure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Peter Zijlstra <peterz(a)infradead.org> lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Stanislav Spassov <stanspas(a)amazon.de> x86/fpu: Fix guest FPU state buffer allocation size Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Konstantin Andreev <andreev(a)swemel.ru> smack: dont compile ipv6 code unless ipv6 is configured zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch ------------- Diffstat: .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm64/kernel/compat_alignment.c | 2 + arch/loongarch/Kconfig | 4 +- arch/loongarch/include/asm/cache.h | 2 + arch/loongarch/kernel/kgdb.c | 5 +- arch/loongarch/net/bpf_jit.c | 12 +- arch/loongarch/net/bpf_jit.h | 5 + arch/powerpc/configs/mpc885_ads_defconfig | 2 +- arch/powerpc/platforms/cell/spufs/gang.c | 1 + arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 + arch/riscv/errata/Makefile | 6 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/riscv/kvm/vcpu_pmu.c | 1 + arch/riscv/mm/hugetlbpage.c | 74 +++++--- arch/um/include/shared/os.h | 1 - arch/um/kernel/Makefile | 2 +- arch/um/kernel/maccess.c | 19 -- arch/um/os-Linux/process.c | 51 ------ arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/events/intel/core.c | 47 ++--- arch/x86/events/intel/ds.c | 13 +- arch/x86/events/perf_event.h | 3 +- arch/x86/hyperv/hv_vtl.c | 1 + arch/x86/hyperv/ivm.c | 5 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/fpu/core.c | 6 +- arch/x86/kernel/process.c | 7 +- arch/x86/kernel/traps.c | 18 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/lib/copy_user_64.S | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/memtype.c | 52 +++--- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 7 + drivers/acpi/x86/utils.c | 3 +- drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec.h | 1 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +++++-------- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/dma/fsl-edma-main.c | 2 +- drivers/edac/i10nm_base.c | 2 + drivers/edac/ie31200_edac.c | 19 +- drivers/edac/skx_common.c | 33 ++++ drivers/edac/skx_common.h | 11 ++ drivers/firmware/cirrus/cs_dsp.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 -- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 + .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 + .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- drivers/gpu/drm/bridge/ite-it6505.c | 7 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/mediatek/mtk_dp.c | 6 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++-- drivers/gpu/drm/msm/msm_dsc_helper.h | 11 -- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/i2c-hid/i2c-hid-core.c | 2 +- drivers/hwmon/nct6775-core.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 20 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++++- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/accel/msa311.c | 28 +-- drivers/iio/adc/ad4130.c | 41 ++++- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/erdma/erdma_cm.c | 1 - drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/infiniband/hw/mlx5/odp.c | 10 +- drivers/leds/led-core.c | 22 ++- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + .../platform/verisilicon/hantro_g2_hevc_dec.c | 1 + drivers/media/rc/streamzap.c | 2 +- drivers/memory/omap-gpmc.c | 20 -- drivers/mfd/sm501.c | 6 +- drivers/mmc/host/omap.c | 19 +- drivers/mmc/host/sdhci-omap.c | 4 +- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/dsa/mv88e6xxx/chip.c | 11 +- drivers/net/dsa/mv88e6xxx/phy.c | 3 + drivers/net/ethernet/ibm/ibmveth.c | 39 ++-- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 + drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +- drivers/net/usb/rndis_host.c | 16 +- drivers/net/usb/usbnet.c | 6 +- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/pci.c | 34 +++- drivers/nvme/host/tcp.c | 5 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/dwc/pcie-histb.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 9 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pci/setup-bus.c | 3 +- drivers/pinctrl/intel/pinctrl-intel.c | 1 - drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +- drivers/platform/x86/intel/hid.c | 7 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/platform/x86/intel/vsec.c | 7 + drivers/power/supply/max77693_charger.c | 2 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 12 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/soundwire/slave.c | 1 + drivers/staging/rtl8723bs/Kconfig | 1 + .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/n_tty.c | 13 +- drivers/usb/host/xhci-mem.c | 6 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +- drivers/vhost/scsi.c | 25 +-- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/exec.c | 15 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 2 +- fs/fuse/file.c | 4 +- fs/hostfs/hostfs.h | 2 +- fs/hostfs/hostfs_kern.c | 7 +- fs/hostfs/hostfs_user.c | 59 +++--- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/nfs/delegation.c | 33 ++-- fs/nfs/sysfs.c | 22 ++- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ntfs3/ntfs.h | 2 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/smb/client/cifsacl.c | 8 +- fs/smb/client/connect.c | 16 +- fs/smb/server/auth.c | 6 +- fs/smb/server/mgmt/user_session.c | 33 +++- fs/smb/server/mgmt/user_session.h | 2 + fs/smb/server/oplock.c | 12 +- fs/smb/server/smb2pdu.c | 40 ++-- fs/smb/server/smbacl.c | 5 + include/drm/display/drm_dp_mst_helper.h | 7 + include/linux/context_tracking_irq.h | 8 +- include/linux/coresight.h | 4 + include/linux/fwnode.h | 2 +- include/linux/interrupt.h | 8 +- include/linux/pgtable.h | 28 ++- include/linux/pm_runtime.h | 2 + include/linux/rcupdate.h | 2 +- include/linux/sched/smt.h | 2 +- include/linux/trace.h | 4 +- include/linux/trace_events.h | 14 ++ include/rdma/ib_verbs.h | 1 + kernel/events/core.c | 46 +++-- kernel/events/ring_buffer.c | 2 +- kernel/events/uprobes.c | 13 +- kernel/fork.c | 4 + kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/deadline.c | 2 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace.c | 23 ++- kernel/trace/trace.h | 1 + kernel/trace/trace_boot.c | 2 +- kernel/trace/trace_events.c | 62 ++++++- kernel/trace/trace_events_hist.c | 133 +++++++++++--- kernel/trace/trace_events_synth.c | 36 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/overflow_kunit.c | 3 +- lib/vsprintf.c | 2 +- mm/memory.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/dst.c | 8 + net/core/rtnetlink.c | 3 + net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/udp.c | 16 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/route.c | 42 ++++- net/mac80211/sta_info.c | 20 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_skbprio.c | 3 - net/vmw_vsock/af_vsock.c | 6 +- rust/kernel/print.rs | 7 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/selinux/install_policy.sh | 15 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 10 +- sound/pci/hda/patch_realtek.c | 33 +++- sound/soc/codecs/cs35l41-spi.c | 4 +- sound/soc/codecs/rt5665.c | 24 +-- sound/soc/fsl/imx-card.c | 4 + sound/soc/ti/j721e-evm.c | 2 + tools/lib/bpf/linker.c | 2 +- tools/objtool/check.c | 35 +--- tools/perf/bench/syscall.c | 22 ++- .../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 + tools/perf/util/arm-spe.c | 8 +- tools/perf/util/evlist.c | 13 +- tools/perf/util/pmu.c | 7 +- tools/perf/util/pmu.h | 5 + tools/perf/util/pmus.c | 20 +- tools/perf/util/python.c | 17 +- tools/perf/util/stat-shadow.c | 3 +- tools/perf/util/units.c | 2 +- .../selftests/bpf/prog_tests/bloom_filter_map.c | 5 + tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +- tools/testing/selftests/mm/cow.c | 2 +- 280 files changed, 2335 insertions(+), 1182 deletions(-)

6 months, 2 weeks

9
8
0 0

[PATCH 5.10.y] drm/i915/gt: Cleanup partial engine discovery failures

by Zhi Yang

From: Chris Wilson <chris.p.wilson(a)intel.com> commit 78a033433a5ae4fee85511ee075bc9a48312c79e upstream. If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines only have 'engine->release == NULL' and so will leak any of the common objects allocated. v2: - Drop the destroy_pinned_context() helper for now. It's not really worth it with just a single callsite at the moment. (Janusz) Signed-off-by: Chris Wilson <chris.p.wilson(a)intel.com> Cc: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Signed-off-by: Matt Roper <matthew.d.roper(a)intel.com> Reviewed-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220915232654.3283095-2-matt… Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gt/intel_engine_cs.c b/drivers/gpu/drm/i915/gt/intel_engine_cs.c index a19537706ed1..eb6f4d7f1e34 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_cs.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_cs.c @@ -904,8 +904,13 @@ int intel_engines_init(struct intel_gt *gt) return err; err = setup(engine); - if (err) + if (err) { + intel_engine_cleanup_common(engine); return err; + } + + /* The backend should now be responsible for cleanup */ + GEM_BUG_ON(engine->release == NULL); err = engine_init_common(engine); if (err) -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.13.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9 registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already being used in the kernel. This is required to prevent their EL1 access trap into EL2. The following commits that enabled access into FEAT_PMUv3p9 registers have already been merged upstream from 6.13 onwards. d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") The sysreg patches in this series are required for the final patch which fixes the actual problem. Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Documentation/arch/arm64/booting.rst | 22 ++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++ arch/arm64/tools/sysreg | 103 +++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) -- 2.30.2

6 months, 2 weeks

5
20
0 0

[PATCH 5.10.y] drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

by bin.lan.cn＠windriver.com

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit 63de35a8fcfca59ae8750d469a7eb220c7557baf ] An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]--- Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Roman Li <roman.li(a)amd.com> Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c index 01c4e8753294..f02305089b56 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c @@ -1698,7 +1698,7 @@ static struct link_encoder *dcn21_link_encoder_create( kzalloc(sizeof(struct dcn21_link_encoder), GFP_KERNEL); int link_regs_id; - if (!enc21) + if (!enc21 || enc_init_data->hpd_source >= ARRAY_SIZE(link_enc_hpd_regs)) return NULL; link_regs_id = -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.15.y] drm/i915/gt: Cleanup partial engine discovery failures

by Zhi Yang

From: Chris Wilson <chris.p.wilson(a)intel.com> commit 78a033433a5ae4fee85511ee075bc9a48312c79e upstream. If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines only have 'engine->release == NULL' and so will leak any of the common objects allocated. v2: - Drop the destroy_pinned_context() helper for now. It's not really worth it with just a single callsite at the moment. (Janusz) Signed-off-by: Chris Wilson <chris.p.wilson(a)intel.com> Cc: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Signed-off-by: Matt Roper <matthew.d.roper(a)intel.com> Reviewed-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220915232654.3283095-2-matt… Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gt/intel_engine_cs.c b/drivers/gpu/drm/i915/gt/intel_engine_cs.c index eb99441e0ada..42cb3ad04d89 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_cs.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_cs.c @@ -983,8 +983,13 @@ int intel_engines_init(struct intel_gt *gt) return err; err = setup(engine); - if (err) + if (err) { + intel_engine_cleanup_common(engine); return err; + } + + /* The backend should now be responsible for cleanup */ + GEM_BUG_ON(engine->release == NULL); err = engine_init_common(engine); if (err) -- 2.34.1

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040844-busload-dumpling-45ff@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 Mon Sep 17 00:00:00 2001 From: Vishal Annapurve <vannapurve(a)google.com> Date: Fri, 28 Feb 2025 01:44:15 +0000 Subject: [PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE handler will enable interrupts before TDCALL is routed to hypervisor leading to missed wakeup events, as current TDX spec doesn't expose interruptibility state information to allow #VE handler to selectively enable interrupts. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from executing HLT instruction in STI-shadow. But it missed the paravirt routine which can be reached via this path as an example: kvm_wait() => safe_halt() => raw_safe_halt() => arch_safe_halt() => irq.safe_halt() => pv_native_safe_halt() To reliably handle arch_safe_halt() for TDX VMs, introduce explicit dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines with TDX-safe versions that execute direct TDCALL and needed interrupt flag updates. Executing direct TDCALL brings in additional benefit of avoiding HLT related #VEs altogether. As tested by Ryan Afranji: "Tested with the specjbb2015 benchmark. It has heavy lock contention which leads to many halt calls. TDX VMs suffered a poor score before this patchset. Verified the major performance improvement with this patchset applied." Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-3-vannapurve@google.com diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 05b4eca156cf..f614c0522a0b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -878,6 +878,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 7772b01ab738..aa0eb4057226 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include <asm/ia32.h> #include <asm/insn.h> #include <asm/insn-eval.h> +#include <asm/paravirt_types.h> #include <asm/pgtable.h> #include <asm/set_memory.h> #include <asm/traps.h> @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled = false; @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args = { @@ -1109,6 +1120,19 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin = tdx_kexec_begin; x86_platform.guest.enc_kexec_finish = tdx_kexec_finish; + /* + * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that + * will enable interrupts before HLT TDCALL invocation if executed + * in STI-shadow, possibly resulting in missed wakeup events. + * + * Modify all possible HLT execution paths to use TDX specific routines + * that directly execute TDCALL and toggle the interrupt state as + * needed after TDCALL completion. This also reduces HLT related #VEs + * in addition to having a reliable halt logic execution. + */ + pv_ops.irq.safe_halt = tdx_safe_halt; + pv_ops.irq.halt = tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 65394aa9b49f..4a1922ec80cf 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); -void tdx_safe_halt(void); +void tdx_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); @@ -72,7 +72,7 @@ void __init tdx_dump_td_ctls(u64 td_ctls); #else static inline void tdx_early_init(void) { }; -static inline void tdx_safe_halt(void) { }; +static inline void tdx_halt(void) { }; static inline bool tdx_early_handle_ve(struct pt_regs *regs) { return false; } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 91f6ff618852..962c3ce39323 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -939,7 +939,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); }

6 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040827-manila-alkalize-ba6e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Fri, 28 Feb 2025 01:44:14 +0000 Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index abb8374c9ff7..9a9b21b78905 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index bed346bfac89..c4c23190925c 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 62912023b46f..631c306ce1ff 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 97925632c28e..1ccd05d8999f 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void)) static_call_update(pv_sched_clock, func); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local,

6 months, 2 weeks

3
2
0 0

[PATCH 5.15.y] drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing

by Zhi Yang

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> commit 15c2990e0f0108b9c3752d7072a97d45d4283aea upstream. This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These variables were previously assumed to be null at line 922, but they were used later in the code without checking if they were null. This could potentially lead to a null pointer dereference, which would cause a crash. The null checks ensure that 'stream' and 'plane' are not null before they are used, preventing potential crashes. Fixes the below static smatch checker: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922) drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922) Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Cc: Bhawanpreet Lakha <Bhawanpreet.Lakha(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Roman Li <roman.li(a)amd.com> Cc: Hersen Wu <hersenxs.wu(a)amd.com> Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c index 81547178a934..30716b88136c 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c @@ -784,6 +784,9 @@ bool dcn30_apply_idle_power_optimizations(struct dc *dc, bool enable) stream = dc->current_state->streams[0]; plane = (stream ? dc->current_state->stream_status[0].plane_states[0] : NULL); + if (!stream || !plane) + return false; + if (stream && plane) { cursor_cache_enable = stream->cursor_position.enable && plane->address.grph.cursor_cache_addr.quad_part; -- 2.34.1

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040803-womb-decorated-10be@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Mon, 10 Feb 2025 21:28:25 -0500 Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be of the same type as the callbacks in 'struct kobj_attribute'. However, ->show() and ->store() in the platform_profile driver are defined for struct device_attribute with the help of DEVICE_ATTR_RO() and DEVICE_ATTR_RW(), which results in a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) There is no functional issue from the type mismatch because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast does not break anything aside from CFI. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: All applicable <stable(a)vger.kernel.org> Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca> Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v… [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index fc92e43d0fe9..1b6317f759f9 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data) /** * platform_profile_choices_show - Show the available profile choices for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data) /** * platform_profile_show - Show the current profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to write to * * Return: The number of bytes written */ -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_LAST; @@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev, /** * platform_profile_store - Set the profile for legacy sysfs interface - * @dev: The device + * @kobj: The kobject * @attr: The attribute * @buf: The buffer to read from * @count: The number of bytes to read * * Return: The number of bytes read */ -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)]; @@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL };

6 months, 2 weeks

3
2
0 0

[PATCH 5.10.y] drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration

by jianqi.ren.cn＠windriver.com

From: Hersen Wu <hersenxs.wu(a)amd.com> [ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ] [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes. Reviewed-by: Alex Hung <alex.hung(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [get_pipe_idx() was introduced as a helper by dda4fb85e433 ("drm/amd/display: DML changes for DCN32/321") in v6.0. This patch backports it to make code clearer. And minor conflict is resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- .../drm/amd/display/dc/dml/display_mode_vba.c | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c index b32093136089..7dfcb1e0a6ff 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c +++ b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c @@ -825,11 +825,30 @@ static unsigned int CursorBppEnumToBits(enum cursor_bpp ebpp) } } +static unsigned int get_pipe_idx(struct display_mode_lib *mode_lib, unsigned int plane_idx) +{ + int pipe_idx = -1; + int i; + + ASSERT(plane_idx < DC__NUM_DPP__MAX); + + for (i = 0; i < DC__NUM_DPP__MAX ; i++) { + if (plane_idx == mode_lib->vba.pipe_plane[i]) { + pipe_idx = i; + break; + } + } + ASSERT(pipe_idx >= 0); + + return pipe_idx; +} + void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib) { soc_bounding_box_st *soc = &mode_lib->vba.soc; unsigned int k; unsigned int total_pipes = 0; + unsigned int pipe_idx = 0; mode_lib->vba.VoltageLevel = mode_lib->vba.cache_pipes[0].clks_cfg.voltage; mode_lib->vba.ReturnBW = mode_lib->vba.ReturnBWPerState[mode_lib->vba.VoltageLevel][mode_lib->vba.maxMpcComb]; @@ -849,8 +868,14 @@ void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib) mode_lib->vba.DISPCLK = soc->clock_limits[mode_lib->vba.VoltageLevel].dispclk_mhz; // Total Available Pipes Support Check - for (k = 0; k < mode_lib->vba.NumberOfActivePlanes; ++k) + for (k = 0; k < mode_lib->vba.NumberOfActivePlanes; ++k) { + pipe_idx = get_pipe_idx(mode_lib, k); + if (pipe_idx == -1) { + ASSERT(0); + continue; // skip inactive planes + } total_pipes += mode_lib->vba.DPPPerPlane[k]; + } ASSERT(total_pipes <= DC__NUM_DPP__MAX); } -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.15.y] drm/amd/pm: Fix negative array index read

by jianqi.ren.cn＠windriver.com

From: Jesse Zhang <jesse.zhang(a)amd.com> [ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ] Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) Signed-off-by: Jesse Zhang <Jesse.Zhang(a)amd.com> Reviewed-by: Tim Huang <Tim.Huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- .../gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c index dfba0bc73207..9f5dcfaebe63 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c +++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c @@ -1231,19 +1231,22 @@ static int navi10_get_current_clk_freq_by_table(struct smu_context *smu, value); } -static bool navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type) +static int navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type) { PPTable_t *pptable = smu->smu_table.driver_pptable; DpmDescriptor_t *dpm_desc = NULL; - uint32_t clk_index = 0; + int clk_index = 0; clk_index = smu_cmn_to_asic_specific_index(smu, CMN2ASIC_MAPPING_CLK, clk_type); + if (clk_index < 0) + return clk_index; + dpm_desc = &pptable->DpmDescriptor[clk_index]; /* 0 - Fine grained DPM, 1 - Discrete DPM */ - return dpm_desc->SnapToDiscrete == 0; + return dpm_desc->SnapToDiscrete == 0 ? 1 : 0; } static inline bool navi10_od_feature_is_supported(struct smu_11_0_overdrive_table *od_table, enum SMU_11_0_ODFEATURE_CAP cap) @@ -1299,7 +1302,11 @@ static int navi10_print_clk_levels(struct smu_context *smu, if (ret) return size; - if (!navi10_is_support_fine_grained_dpm(smu, clk_type)) { + ret = navi10_is_support_fine_grained_dpm(smu, clk_type); + if (ret < 0) + return ret; + + if (!ret) { for (i = 0; i < count; i++) { ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, i, &value); if (ret) @@ -1468,7 +1475,11 @@ static int navi10_force_clk_levels(struct smu_context *smu, case SMU_UCLK: case SMU_FCLK: /* There is only 2 levels for fine grained DPM */ - if (navi10_is_support_fine_grained_dpm(smu, clk_type)) { + ret = navi10_is_support_fine_grained_dpm(smu, clk_type); + if (ret < 0) + return ret; + + if (ret) { soft_max_level = (soft_max_level >= 1 ? 1 : 0); soft_min_level = (soft_min_level >= 1 ? 1 : 0); } -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 5.10.y] drm/amd/pm: Fix negative array index read

by jianqi.ren.cn＠windriver.com

From: Jesse Zhang <jesse.zhang(a)amd.com> [ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ] Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) Signed-off-by: Jesse Zhang <Jesse.Zhang(a)amd.com> Reviewed-by: Tim Huang <Tim.Huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- .../gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c index a7773b6453d5..0af9ee3a520a 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c +++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c @@ -900,19 +900,22 @@ static int navi10_get_current_clk_freq_by_table(struct smu_context *smu, value); } -static bool navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type) +static int navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type) { PPTable_t *pptable = smu->smu_table.driver_pptable; DpmDescriptor_t *dpm_desc = NULL; - uint32_t clk_index = 0; + int clk_index = 0; clk_index = smu_cmn_to_asic_specific_index(smu, CMN2ASIC_MAPPING_CLK, clk_type); + if (clk_index < 0) + return clk_index; + dpm_desc = &pptable->DpmDescriptor[clk_index]; /* 0 - Fine grained DPM, 1 - Discrete DPM */ - return dpm_desc->SnapToDiscrete == 0 ? true : false; + return dpm_desc->SnapToDiscrete == 0 ? 1 : 0; } static inline bool navi10_od_feature_is_supported(struct smu_11_0_overdrive_table *od_table, enum SMU_11_0_ODFEATURE_CAP cap) @@ -964,7 +967,11 @@ static int navi10_print_clk_levels(struct smu_context *smu, if (ret) return size; - if (!navi10_is_support_fine_grained_dpm(smu, clk_type)) { + ret = navi10_is_support_fine_grained_dpm(smu, clk_type); + if (ret < 0) + return ret; + + if (!ret) { for (i = 0; i < count; i++) { ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, i, &value); if (ret) @@ -1127,7 +1134,11 @@ static int navi10_force_clk_levels(struct smu_context *smu, case SMU_UCLK: case SMU_FCLK: /* There is only 2 levels for fine grained DPM */ - if (navi10_is_support_fine_grained_dpm(smu, clk_type)) { + ret = navi10_is_support_fine_grained_dpm(smu, clk_type); + if (ret < 0) + return ret; + + if (ret) { soft_max_level = (soft_max_level >= 1 ? 1 : 0); soft_min_level = (soft_min_level >= 1 ? 1 : 0); } -- 2.34.1

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040827-discern-goldmine-da71@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Fri, 28 Feb 2025 01:44:14 +0000 Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index abb8374c9ff7..9a9b21b78905 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index bed346bfac89..c4c23190925c 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 62912023b46f..631c306ce1ff 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 97925632c28e..1ccd05d8999f 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void)) static_call_update(pv_sched_clock, func); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local,

6 months, 2 weeks

3
2
0 0

[PATCH 5.15.y] drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

by bin.lan.cn＠windriver.com

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit 63de35a8fcfca59ae8750d469a7eb220c7557baf ] An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]--- Cc: Tom Chung <chiahsuan.chung(a)amd.com> Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Cc: Roman Li <roman.li(a)amd.com> Cc: Alex Hung <alex.hung(a)amd.com> Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c index 7c5c1414b7a1..257ab8820c7a 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c @@ -1852,7 +1852,7 @@ static struct link_encoder *dcn21_link_encoder_create( kzalloc(sizeof(struct dcn21_link_encoder), GFP_KERNEL); int link_regs_id; - if (!enc21) + if (!enc21 || enc_init_data->hpd_source >= ARRAY_SIZE(link_enc_hpd_regs)) return NULL; link_regs_id = -- 2.34.1

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040826-tracing-shanty-607f@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Fri, 28 Feb 2025 01:44:14 +0000 Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Vishal Annapurve <vannapurve(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> Tested-by: Ryan Afranji <afranji(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)kernel.org Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index abb8374c9ff7..9a9b21b78905 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags) #endif +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include <asm/paravirt.h> #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index bed346bfac89..c4c23190925c 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 62912023b46f..631c306ce1ff 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 97925632c28e..1ccd05d8999f 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void)) static_call_update(pv_sched_clock, func); } +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif struct pv_info pv_info = { @@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = { .irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt = pv_native_safe_halt, .irq.halt = native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ /* Mmu ops. */ .mmu.flush_tlb_user = native_flush_tlb_local,

6 months, 2 weeks

3
2
0 0

[PATCH 5.10/5.15] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

by Xiangyu Chen

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> commit b25e11f978b63cb7857890edb3a698599cddb10e upstream. This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- net/bluetooth/hci_event.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 50e21f67a73d..83af50c3838a 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4859,19 +4859,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { BT_DBG("Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm; -- 2.34.1

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x e7607f7d6d81af71dcc5171278aadccc94d277cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-boaster-hazing-36c3@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e7607f7d6d81af71dcc5171278aadccc94d277cd Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Thu, 20 Mar 2025 22:33:49 +0100 Subject: [PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE ld.lld prior to 21.0.0 does not support using the KEEP keyword within an overlay description, which may be needed to avoid discarding necessary sections within an overlay with '--gc-sections', which can be enabled for the kernel via CONFIG_LD_DEAD_CODE_DATA_ELIMINATION. Disallow CONFIG_LD_DEAD_CODE_DATA_ELIMINATION without support for KEEP within OVERLAY and introduce a macro, OVERLAY_KEEP, that can be used to conditionally add KEEP when it is properly supported to avoid breaking old versions of ld.lld. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/381599f1fe973afad3094e55ec99b16… Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 202dbd17ad2f..25ed6f1a7c7a 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -121,7 +121,7 @@ config ARM select HAVE_KERNEL_XZ select HAVE_KPROBES if !XIP_KERNEL && !CPU_ENDIAN_BE32 && !CPU_V7M select HAVE_KRETPROBES if HAVE_KPROBES - select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_IS_LLD) + select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_CAN_USE_KEEP_IN_OVERLAY) select HAVE_MOD_ARCH_SPECIFIC select HAVE_NMI select HAVE_OPTPROBES if !THUMB2_KERNEL diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h index 89697f204715..a54db342653a 100644 --- a/arch/arm/include/asm/vmlinux.lds.h +++ b/arch/arm/include/asm/vmlinux.lds.h @@ -34,6 +34,12 @@ #define NOCROSSREFS #endif +#ifdef CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY +#define OVERLAY_KEEP(x) KEEP(x) +#else +#define OVERLAY_KEEP(x) x +#endif + /* Set start/end symbol names to the LMA for the section */ #define ARM_LMA(sym, section) \ sym##_start = LOADADDR(section); \ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..fc994f5cd5db 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -129,6 +129,11 @@ config CC_HAS_COUNTED_BY # https://github.com/llvm/llvm-project/pull/112636 depends on !(CC_IS_CLANG && CLANG_VERSION < 190103) +config LD_CAN_USE_KEEP_IN_OVERLAY + # ld.lld prior to 21.0.0 did not support KEEP within an overlay description + # https://github.com/llvm/llvm-project/pull/130661 + def_bool LD_IS_BFD || LLD_VERSION >= 210000 + config RUSTC_HAS_COERCE_POINTEE def_bool RUSTC_VERSION >= 108400

6 months, 2 weeks

4
3
0 0

[PATCH 5.10.y] nvme: avoid double free special payload

by Cliff Liu

From: Chunguang Xu <chunguang.xu(a)shopee.com> [ Upstream commit e5d574ab37f5f2e7937405613d9b1a724811e5ad ] If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned. Signed-off-by: Chunguang Xu <chunguang.xu(a)shopee.com> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [Minor context change fixed] Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- drivers/nvme/host/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 019a6dbdcbc2..7d6aab68446e 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -852,6 +852,7 @@ void nvme_cleanup_cmd(struct request *req) clear_bit_unlock(0, &ns->ctrl->discard_page_busy); else kfree(page_address(page) + req->special_vec.bv_offset); + req->rq_flags &= ~RQF_SPECIAL_PAYLOAD; } } EXPORT_SYMBOL_GPL(nvme_cleanup_cmd); -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 0/3] spi: fsl-qspi: Fix double cleanup in probe error path

by Kevin Hao

This patch series fixes double cleanup issues in the fsl-qspi probe error path and also simplifies the probe error handling using managed APIs. Signed-off-by: Kevin Hao <haokexin(a)gmail.com> --- Kevin Hao (3): spi: fsl-qspi: Fix double cleanup in probe error path spi: fsl-spi: Remove redundant probe error message spi: fsl-qspi: Simplify probe error handling using managed API drivers/spi/spi-fsl-qspi.c | 77 +++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 46 deletions(-) --- base-commit: 29e7bf01ed8033c9a14ed0dc990dfe2736dbcd18 change-id: 20250410-spi-10adc098d566 Best regards, -- Kevin Hao <haokexin(a)gmail.com>

6 months, 2 weeks

3
4
0 0

[PATCH 5.15 000/281] 5.15.180-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.180 release. There are 281 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 11 Apr 2025 11:58:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.180-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.180-rc2 Nathan Chancellor <nathan(a)kernel.org> mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not use PERF enums when perf is not defined Vlastimil Babka <vbabka(a)suse.cz> mm, slab: remove duplicate kernel-doc comment for ksize() Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: put dl_stid if fail to queue dl_recall Roman Smirnov <r.smirnov(a)omp.ru> jfs: add index corruption check to DT_GETPAGE() Qasim Ijaz <qasdev00(a)gmail.com> jfs: fix slab-out-of-bounds read in ea_get() Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Ran Xiaokai <ran.xiaokai(a)zte.com.cn> tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Douglas Raillard <douglas.raillard(a)arm.com> tracing: Ensure module defining synth event cannot be unloaded while tracing Tengda Wu <wutengda(a)huaweicloud.com> tracing: Fix use-after-free in print_graph_function_flags during tracer switching Karel Balej <balejk(a)matfyz.cz> mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Murad Masimov <m.masimov(a)mt-integration.ru> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Jann Horn <jannh(a)google.com> x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Guilherme G. Piccoli <gpiccoli(a)igalia.com> x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Markus Elfring <elfring(a)users.sourceforge.net> ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Ying Lu <luying1(a)xiaomi.com> usbnet:fix NPE during rx_complete Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops Kamal Dasu <kdasu.kdev(a)gmail.com> mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: disable transceiver during system PM Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Henry Martin <bsdhenrymartin(a)gmail.com> arcnet: Add NULL check in com20020pci_probe() Lin Ma <linma(a)zju.edu.cn> net: fix geneve_opt length integer overflow Fernando Fernandez Mancera <ffmancera(a)riseup.net> ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Lin Ma <linma(a)zju.edu.cn> netfilter: nft_tunnel: fix geneve_opt type confusion addition Guillaume Nault <gnault(a)redhat.com> tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: avoid timeout during connect() if the socket is closing Tobias Waldekranz <tobias(a)waldekranz.com> net: mvpp2: Prevent parser TCAM memory corruption Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: skbprio: Remove overly strict queue assertions Debin Zhu <mowenroot(a)163.com> netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: imx-card: Add NULL check in imx_card_probe() Nikita Shubin <n.shubin(a)yadro.com> ntb: intel: Fix using link status DB's Yajun Deng <yajun.deng(a)linux.dev> ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Juhan Jin <juhan.jin(a)foxmail.com> riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak in spufs_create_context() Al Viro <viro(a)zeniv.linux.org.uk> spufs: fix a leak on spufs_new_file() failure Tasos Sahanidis <tasos(a)tasossah.com> hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Oliver Hartkopp <socketcan(a)hartkopp.net> can: statistics: use atomic access in hot path Navon John Lukose <navonjohnlukose(a)gmail.com> ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Keep display off while going into S4 Vladis Dronov <vdronov(a)redhat.com> x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long <longman(a)redhat.com> locking/semaphore: Use wake_q to wake up processes outside lock critical section Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/deadline: Use online cpus for validating runtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect validation for num_aces field of smb_acl Simon Tatham <anakin(a)pobox.com> affs: don't write overlarge OFS data block size fields Simon Tatham <anakin(a)pobox.com> affs: generate OFS sequence numbers starting at 1 Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Icenowy Zheng <uwu(a)icenowy.me> nvme-pci: clean up CMBMSC when registering CMB fails Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: fix possible UAF in nvme_tcp_poll Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: allocate chained SG tables for dump Josh Poimboeuf <jpoimboe(a)kernel.org> sched/smt: Always inline sched_smt_active() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix mbox INTR handler when num VFs > 64 Giovanni Gherdovich <ggherdovich(a)suse.cz> ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Feng Yang <yangfeng(a)kylinos.cn> ring-buffer: Fix bytes_dropped calculation issue Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix multichannel connection failure Miaoqian Lin <linmq006(a)gmail.com> ksmbd: use aead_request_free to match aead_request_alloc Mark Zhang <markzhang(a)nvidia.com> rtnetlink: Allocate vfinfo size for VF GUIDs when supported Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_find_last_cluster() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() Bart Van Assche <bvanassche(a)acm.org> fs/procfs: fix the comment above proc_pid_wchan() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Check if there is space to copy all the event Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Don't keep a raw_data pointer to consumed ring buffer space Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Decrement the refcount of just created event on failure Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fixup description of sample.id event member Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing the IBI rules Alistair Popple <apopple(a)nvidia.com> fuse: fix dax truncate/punch_hole fault path Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't trigger uneccessary scans for return-on-close delegations Vasiliy Kovalev <kovalev(a)altlinux.org> ocfs2: validate l_tree_depth to avoid out-of-bounds access Sourabh Jain <sourabhjain(a)linux.ibm.com> kexec: initialize ELF lowest address to ULONG_MAX Arnaldo Carvalho de Melo <acme(a)redhat.com> perf units: Fix insufficient array space Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix comparison of channel configs Dan Carpenter <dan.carpenter(a)linaro.org> fs/ntfs3: Fix a couple integer overflows on 32bit systems Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Ilkka Koskinen <ilkka(a)os.amperecomputing.com> coresight: catu: Fix number of pages while using 64k pages Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> soundwire: slave: fix an OF node reference leak in soundwire slave device Qasim Ijaz <qasdev00(a)gmail.com> isofs: fix KMSAN uninit-value bug in do_isofs_readdir() Barnabás Czémán <barnabas.czeman(a)mainlining.org> clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead auth key length Jann Horn <jannh(a)google.com> x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> mfd: sm501: Switch to BIT() to mitigate integer overflows Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Herbert Xu <herbert(a)gondor.apana.org.au> crypto: nx - Fix uninitialised hv_nxc on error Artur Weber <aweber.kernel(a)gmail.com> power: supply: max77693: Fix wrong conversion of charge input threshold value Jann Horn <jannh(a)google.com> x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12a: fix mmc A peripheral clock Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop non existing 32k clock parent Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: g12b: fix cluster A parent data Prathamesh Shete <pshete(a)nvidia.com> pinctrl: tegra: Set SFIO mode to Mux Register Maher Sanalla <msanalla(a)nvidia.com> IB/mad: Check available slots before posting receive WRs Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Roman Gushchin <roman.gushchin(a)linux.dev> RDMA/core: Don't expose hw_counters outside of init net namespace Peter Geis <pgwipeout(a)gmail.com> clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rzg2l: Fix missing of_node_put() call Fabrizio Castro <fabrizio.castro.jz(a)renesas.com> pinctrl: renesas: rza2: Fix missing of_node_put() call Tanya Agarwal <tanyaagarwal25699(a)gmail.com> lib: 842: Improve error handling in sw842_compress() Hou Tao <houtao1(a)huawei.com> bpf: Use preempt_count() directly in bpf_send_signal_common() Vladimir Lypak <vladimir.lypak(a)gmail.com> clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Will McVicker <willmcvicker(a)google.com> clk: samsung: Fix UBSAN panic in samsung_clk_init() Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix hypothetical STT_SECTION extern NULL deref case Luca Weiss <luca(a)lucaweiss.eu> remoteproc: qcom_q6v5_pas: Make single-PD handling more robust Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Increase NR_FWNODE_REFERENCE_ARGS Peng Fan <peng.fan(a)nxp.com> remoteproc: core: Clear table_sz when rproc_shutdown Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead authsize alignment Jerome Brunet <jbrunet(a)baylibre.com> clk: amlogic: gxbb: drop incorrect flag on 32k clock Danila Chernetsov <listdansp(a)mail.ru> fbdev: sm501fb: Add some geometry checks. Arnd Bergmann <arnd(a)arndb.de> mdacon: rework dependency list Markus Elfring <elfring(a)users.sourceforge.net> fbdev: au1100fb: Move a variable assignment behind a null pointer check Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Don't enable HPIE when resuming in poll mode Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Dan Carpenter <dan.carpenter(a)linaro.org> PCI: Remove stray put_device() in pci_register_host_bridge() Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Nishanth Aravamudan <naravamudan(a)nvidia.com> PCI: Avoid reset when disabled via sysfs Feng Tang <feng.tang(a)linux.alibaba.com> PCI/portdrv: Only disable pciehp interrupts early when needed Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Use internal register to change link capability Hans Zhang <18255117159(a)163.com> PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Daniel Stodden <daniel.stodden(a)gmail.com> PCI/ASPM: Fix link state exit during switch upstream function removal AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_hdmi: Unregister audio platform device on failure José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Fix use after free and double free on init error Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm: xlnx: zynqmp: Fix max dma segment size Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix drm RAD print Geert Uytterhoeven <geert+renesas(a)glider.be> drm/bridge: ti-sn65dsi86: Fix multiple instances Jayesh Choudhary <j-choudhary(a)ti.com> ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Always honor no_shutup_pins Jiri Kosina <jkosina(a)suse.com> HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: allgro-dvt: unregister v4l2_device on the error path Tao Chen <chen.dylane(a)linux.dev> perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix handling devices with direct_complete set on errors Chenyuan Yang <chenyuan0y(a)gmail.com> thermal: int340x: Add NULL check for adev Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the error path order of ie31200_init() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the DIMM size mask for several SoCs Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer Tim Schumacher <tim.schumacher1(a)huawei.com> selinux: Chain up tool resolving errors in install_policy.sh Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Adjust check before setting power.must_resume Arnd Bergmann <arnd(a)arndb.de> x86/platform: Only allow CONFIG_EISA for 32-bit Benjamin Berg <benjamin.berg(a)intel.com> x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Jie Zhan <zhanjie9(a)hisilicon.com> cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() zuoqian <zuoqian113(a)gmail.com> cpufreq: scpi: compare kHz instead of Hz Mike Rapoport (Microsoft) <rppt(a)kernel.org> x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Eric Sandeen <sandeen(a)redhat.com> watch_queue: fix pipe accounting mismatch Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin John Keeping <jkeeping(a)inmusicbrands.com> serial: 8250_dma: terminate correct DMA in tx_dma_flush() Luo Qiu <luoqiu(a)kylinsec.com.cn> memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Dominique Martinet <dominique.martinet(a)atmark-techno.com> net: usb: usbnet: restore usb%d name exception for local mac addresses Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990B composition Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add Brainboxes XC devices Cameron Williams <cang1(a)live.co.uk> tty: serial: 8250: Add some more device IDs William Breathitt Gray <wbg(a)kernel.org> counter: microchip-tcb-capture: Fix undefined counter channel state on probe Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> counter: stm32-lptimer-cnt: fix error handling when enabling Dhruv Deshpande <dhrv.d(a)proton.me> ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Maxim Mikityanskiy <maxtram95(a)gmail.com> netfilter: socket: Lookup orig tuple for IPv6 SNAT Yanjun Yang <yangyj.ee(a)gmail.com> ARM: Remove address checking for MMUless devices Kees Cook <keescook(a)chromium.org> ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kees Cook <keescook(a)chromium.org> ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() Minjoong Kim <pwn9uin(a)gmail.com> atm: Fix NULL pointer dereference Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: hid-plantronics: Add mic mute mapping and generalize quirks Terry Junge <linuxhid(a)cosmicgizmosystems.com> ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Justin Klaassen <justin(a)tidylabs.net> arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Arthur Mongodin <amongodin(a)randorisec.fr> mptcp: Fix data stream corruption in the address announcement David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix JPEG video caps max size for navi1x and raven Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Guillaume Nault <gnault(a)redhat.com> Revert "gre: Fix IPv6 link-local address generation." Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Fix match_session bug preventing session reuse Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Check for invalid input params when building scaling params Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing closetimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing actimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acdirmax mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acregmax mount option Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: ops: Consistently treat platform_max as control value Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: Handle memfd_secret() files in build_id_parse() Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore correct backlight brightness after a GPU reset Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Stephan Gerhold <stephan.gerhold(a)linaro.org> net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Jann Horn <jannh(a)google.com> sched: Clarify wake_up_q()'s write to task->wake_q.next Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Rik van Riel <riel(a)surriel.com> scsi: core: Use GFP_NOIO to avoid circular locking dependency Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: Bridge, fix the crash caused by LAG state check Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove misbehaving actions length check Kees Cook <keescook(a)chromium.org> openvswitch: Use kmalloc_size_roundup() to match ksize() usage Kees Cook <keescook(a)chromium.org> slab: Introduce kmalloc_size_roundup() Kees Cook <keescook(a)chromium.org> slab: clean up function prototypes Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 link-local address generation. Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Verify after ATU Load ops Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Wang Yufen <wangyufen(a)huawei.com> ipv6: Fix signed integer overflow in __ip6_append_data Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 Eric Dumazet <edumazet(a)google.com> vlan: fix memory leak in vlan_newlink() ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 4 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm/boot/dts/bcm2711.dtsi | 11 +- arch/arm/mach-shmobile/headsmp.S | 1 + arch/arm/mm/fault.c | 8 + arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +- arch/powerpc/platforms/cell/spufs/inode.c | 9 +- arch/riscv/include/asm/ftrace.h | 4 +- arch/x86/Kconfig | 2 +- arch/x86/entry/calling.h | 2 + arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 -- arch/x86/kernel/cpu/sgx/driver.c | 10 +- arch/x86/kernel/dumpstack.c | 5 +- arch/x86/kernel/irq.c | 2 + arch/x86/kernel/process.c | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/mm/pat/cpa-test.c | 2 +- block/bio.c | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 4 + drivers/acpi/resource.c | 13 ++ drivers/base/power/main.c | 21 +-- drivers/base/power/runtime.c | 2 +- drivers/clk/meson/g12a.c | 38 ++-- drivers/clk/meson/gxbb.c | 14 +- drivers/clk/qcom/gcc-msm8953.c | 2 +- drivers/clk/qcom/mmcc-sdm660.c | 2 +- drivers/clk/rockchip/clk-rk3328.c | 2 +- drivers/clk/samsung/clk.c | 2 +- drivers/clocksource/i8253.c | 36 ++-- drivers/counter/microchip-tcb-capture.c | 19 ++ drivers/counter/stm32-lptimer-cnt.c | 24 ++- drivers/cpufreq/cpufreq_governor.c | 45 ++--- drivers/cpufreq/scpi-cpufreq.c | 5 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 ++- drivers/crypto/nx/nx-common-pseries.c | 37 ++-- drivers/edac/ie31200_edac.c | 19 +- drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17 +- .../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +- .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 +++ drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 + drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/drm_dp_mst_topology.c | 8 +- drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/gpu/drm/vkms/vkms_drv.c | 15 +- drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 + drivers/hid/Makefile | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-plantronics.c | 144 +++++++-------- drivers/hid/hid-quirks.c | 1 + drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +- drivers/hv/vmbus_drv.c | 13 ++ drivers/hwmon/nct6775.c | 4 +- drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-omap.c | 26 +-- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/mma8452.c | 10 +- drivers/iio/adc/ad7124.c | 35 +++- drivers/infiniband/core/device.c | 9 + drivers/infiniband/core/mad.c | 38 ++-- drivers/infiniband/core/sysfs.c | 1 + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 23 ++- drivers/infiniband/hw/hns/hns_roce_hem.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +- drivers/infiniband/hw/mlx5/cq.c | 2 +- drivers/media/dvb-frontends/dib8000.c | 5 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 1 + drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/sm501.c | 6 +- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-brcmstb.c | 86 ++++++++- drivers/mmc/host/sdhci-pxav3.c | 1 + drivers/net/arcnet/com20020-pci.c | 17 +- drivers/net/can/flexcan.c | 18 +- drivers/net/dsa/mv88e6xxx/chip.c | 59 ++++-- drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++------- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/usb/usbnet.c | 27 ++- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 + drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +- drivers/ntb/test/ntb_perf.c | 4 +- drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 3 +- drivers/nvme/host/pci.c | 21 ++- drivers/nvme/host/tcp.c | 5 +- drivers/nvme/target/rdma.c | 33 +++- drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +- drivers/pci/controller/cadence/pcie-cadence.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 4 +- drivers/pci/controller/pcie-xilinx-cpm.c | 10 +- drivers/pci/hotplug/pciehp_hpc.c | 4 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aspm.c | 17 +- drivers/pci/pcie/portdrv_core.c | 8 +- drivers/pci/probe.c | 5 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 + drivers/pinctrl/tegra/pinctrl-tegra.c | 3 + .../x86/intel/speed_select_if/isst_if_common.c | 2 +- drivers/power/supply/max77693_charger.c | 2 +- drivers/powercap/powercap_sys.c | 3 +- drivers/regulator/core.c | 12 +- drivers/remoteproc/qcom_q6v5_mss.c | 21 ++- drivers/remoteproc/qcom_q6v5_pas.c | 10 +- drivers/remoteproc/remoteproc_core.c | 1 + drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/scsi/scsi_scan.c | 2 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soundwire/slave.c | 1 + drivers/thermal/cpufreq_cooling.c | 2 - .../intel/int340x_thermal/int3402_thermal.c | 3 + drivers/tty/serial/8250/8250_dma.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 46 +++++ drivers/tty/serial/fsl_lpuart.c | 25 ++- drivers/usb/serial/ftdi_sio.c | 14 ++ drivers/usb/serial/ftdi_sio_ids.h | 13 ++ drivers/usb/serial/option.c | 48 +++-- drivers/video/console/Kconfig | 2 +- drivers/video/fbdev/au1100fb.c | 4 +- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/video/fbdev/sm501fb.c | 7 + fs/affs/file.c | 9 +- fs/btrfs/extent-tree.c | 5 +- fs/cifs/cifs_debug.c | 2 + fs/cifs/cifsglob.h | 8 + fs/cifs/connect.c | 15 +- fs/cifs/fs_context.c | 14 +- fs/exfat/fatent.c | 2 +- fs/ext4/dir.c | 3 + fs/ext4/super.c | 27 ++- fs/fuse/dax.c | 1 - fs/fuse/dir.c | 4 +- fs/fuse/file.c | 4 +- fs/isofs/dir.c | 3 +- fs/jfs/jfs_dtree.c | 3 +- fs/jfs/xattr.c | 13 +- fs/ksmbd/auth.c | 2 +- fs/ksmbd/mgmt/user_session.c | 16 ++ fs/ksmbd/mgmt/user_session.h | 2 + fs/ksmbd/smb2pdu.c | 12 +- fs/ksmbd/smbacl.c | 5 +- fs/namei.c | 24 ++- fs/nfs/delegation.c | 33 ++-- fs/nfsd/nfs4state.c | 31 +++- fs/ntfs3/index.c | 4 +- fs/ocfs2/alloc.c | 8 + fs/proc/base.c | 2 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 ++ fs/vboxsf/super.c | 3 +- include/drm/drm_dp_mst_helper.h | 7 + include/linux/fs.h | 2 + include/linux/fwnode.h | 2 +- include/linux/i8253.h | 1 - include/linux/interrupt.h | 8 +- include/linux/pm_runtime.h | 2 + include/linux/proc_fs.h | 7 +- include/linux/sched/smt.h | 2 +- include/linux/slab.h | 99 ++++++---- include/net/ipv6.h | 4 +- include/rdma/ib_verbs.h | 1 + include/sound/soc.h | 5 +- kernel/events/ring_buffer.c | 2 +- kernel/kexec_elf.c | 2 +- kernel/locking/semaphore.c | 13 +- kernel/sched/core.c | 5 +- kernel/sched/deadline.c | 2 +- kernel/time/hrtimer.c | 22 ++- kernel/trace/bpf_trace.c | 2 +- kernel/trace/ring_buffer.c | 4 +- kernel/trace/trace_events_synth.c | 37 +++- kernel/trace/trace_functions_graph.c | 1 + kernel/trace/trace_irqsoff.c | 2 - kernel/trace/trace_osnoise.c | 1 - kernel/trace/trace_sched_wakeup.c | 2 - kernel/watch_queue.c | 9 + lib/842/842_compress.c | 2 + lib/buildid.c | 5 + mm/slab.c | 9 +- mm/slab_common.c | 34 ++-- mm/slob.c | 14 ++ net/8021q/vlan_netlink.c | 10 +- net/atm/lec.c | 3 +- net/atm/mpc.c | 2 + net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/bluetooth/hci_event.c | 13 +- net/can/af_can.c | 12 +- net/can/af_can.h | 12 +- net/can/proc.c | 46 +++-- net/core/neighbour.c | 1 + net/core/netpoll.c | 9 +- net/core/rtnetlink.c | 3 + net/core/sock_map.c | 5 +- net/ipv4/ip_tunnel_core.c | 4 +- net/ipv4/tcp.c | 6 +- net/ipv6/addrconf.c | 37 ++-- net/ipv6/calipso.c | 21 ++- net/ipv6/ip6_output.c | 6 +- net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++ net/ipv6/route.c | 5 +- net/mptcp/options.c | 6 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 2 + net/netfilter/nft_ct.c | 6 +- net/netfilter/nft_exthdr.c | 10 +- net/netfilter/nft_set_hash.c | 3 +- net/netfilter/nft_tunnel.c | 6 +- net/openvswitch/actions.c | 6 - net/openvswitch/flow_netlink.c | 17 +- net/sched/act_tunnel_key.c | 2 +- net/sched/cls_flower.c | 2 +- net/sched/sch_api.c | 6 + net/sched/sch_skbprio.c | 3 - net/sctp/stream.c | 2 +- net/vmw_vsock/af_vsock.c | 6 +- net/xfrm/xfrm_output.c | 2 +- scripts/selinux/install_policy.sh | 15 +- sound/pci/hda/patch_realtek.c | 28 ++- sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/fsl/imx-card.c | 4 + sound/soc/sh/rcar/core.c | 14 -- sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 18 +- sound/soc/soc-ops.c | 15 +- sound/soc/sof/intel/hda-codec.c | 1 + sound/soc/ti/j721e-evm.c | 2 + sound/usb/mixer_quirks.c | 51 ++++++ tools/lib/bpf/linker.c | 2 +- tools/perf/util/python.c | 17 +- tools/perf/util/units.c | 2 +- 281 files changed, 2105 insertions(+), 1000 deletions(-)

6 months, 2 weeks

8
7
0 0

[PATCH 5/5] xhci: Limit time spent with xHC interrupts disabled during bus resume

by Mathias Nyman

Current xhci bus resume implementation prevents xHC host from generating interrupts during high-speed USB 2 and super-speed USB 3 bus resume. Only reason to disable interrupts during bus resume would be to prevent the interrupt handler from interfering with the resume process of USB 2 ports. Host initiated resume of USB 2 ports is done in two stages. The xhci driver first transitions the port from 'U3' to 'Resume' state, then wait in Resume for 20ms, and finally moves port to U0 state. xhci driver can't prevent interrupts by keeping the xhci spinlock due to this 20ms sleep. Limit interrupt disabling to the USB 2 port resume case only. resuming USB 2 ports in bus resume is only done in special cases where USB 2 ports had to be forced to suspend during bus suspend. The current way of preventing interrupts by clearing the 'Interrupt Enable' (INTE) bit in USBCMD register won't prevent the Interrupter registers 'Interrupt Pending' (IP), 'Event Handler Busy' (EHB) and USBSTS register Event Interrupt (EINT) bits from being set. New interrupts can't be issued before those bits are properly clered. Disable interrupts by clearing the interrupter register 'Interrupt Enable' (IE) bit instead. This way IP, EHB and INTE won't be set before IE is enabled again and a new interrupt is triggered. Reported-by: Devyn Liu <liudingyuan(a)huawei.com> Closes: https://lore.kernel.org/linux-usb/b1a9e2d51b4d4ff7a304f77c5be8164e@huawei.c… Cc: stable(a)vger.kernel.org Tested-by: Devyn Liu <liudingyuan(a)huawei.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-hub.c | 30 ++++++++++++++++-------------- drivers/usb/host/xhci.c | 4 ++-- drivers/usb/host/xhci.h | 2 ++ 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index c0f226584a40..486347776cb2 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1878,9 +1878,10 @@ int xhci_bus_resume(struct usb_hcd *hcd) int max_ports, port_index; int sret; u32 next_state; - u32 temp, portsc; + u32 portsc; struct xhci_hub *rhub; struct xhci_port **ports; + bool disabled_irq = false; rhub = xhci_get_rhub(hcd); ports = rhub->ports; @@ -1896,17 +1897,20 @@ int xhci_bus_resume(struct usb_hcd *hcd) return -ESHUTDOWN; } - /* delay the irqs */ - temp = readl(&xhci->op_regs->command); - temp &= ~CMD_EIE; - writel(temp, &xhci->op_regs->command); - /* bus specific resume for ports we suspended at bus_suspend */ - if (hcd->speed >= HCD_USB3) + if (hcd->speed >= HCD_USB3) { next_state = XDEV_U0; - else + } else { next_state = XDEV_RESUME; - + if (bus_state->bus_suspended) { + /* + * prevent port event interrupts from interfering + * with usb2 port resume process + */ + xhci_disable_interrupter(xhci->interrupters[0]); + disabled_irq = true; + } + } port_index = max_ports; while (port_index--) { portsc = readl(ports[port_index]->addr); @@ -1974,11 +1978,9 @@ int xhci_bus_resume(struct usb_hcd *hcd) (void) readl(&xhci->op_regs->command); bus_state->next_statechange = jiffies + msecs_to_jiffies(5); - /* re-enable irqs */ - temp = readl(&xhci->op_regs->command); - temp |= CMD_EIE; - writel(temp, &xhci->op_regs->command); - temp = readl(&xhci->op_regs->command); + /* re-enable interrupter */ + if (disabled_irq) + xhci_enable_interrupter(xhci->interrupters[0]); spin_unlock_irqrestore(&xhci->lock, flags); return 0; diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index ca390beda85b..90eb491267b5 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -322,7 +322,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci) xhci_info(xhci, "Fault detected\n"); } -static int xhci_enable_interrupter(struct xhci_interrupter *ir) +int xhci_enable_interrupter(struct xhci_interrupter *ir) { u32 iman; @@ -335,7 +335,7 @@ static int xhci_enable_interrupter(struct xhci_interrupter *ir) return 0; } -static int xhci_disable_interrupter(struct xhci_interrupter *ir) +int xhci_disable_interrupter(struct xhci_interrupter *ir) { u32 iman; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 28b6264f8b87..242ab9fbc8ae 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1890,6 +1890,8 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, struct usb_tt *tt, gfp_t mem_flags); int xhci_set_interrupter_moderation(struct xhci_interrupter *ir, u32 imod_interval); +int xhci_enable_interrupter(struct xhci_interrupter *ir); +int xhci_disable_interrupter(struct xhci_interrupter *ir); /* xHCI ring, segment, TRB, and TD functions */ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb); -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH 4/5] usb: xhci: Fix invalid pointer dereference in Etron workaround

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> This check is performed before prepare_transfer() and prepare_ring(), so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of times this code is called. Then enqueue + 1 is an invalid pointer. It will crash the kernel right away or load some junk which may look like a link TRB and cause the real link TRB to be replaced with a NOOP. This wouldn't end well. Use a functionally equivalent test which doesn't dereference the pointer and always gives correct result. Something has crashed my machine twice in recent days while playing with an Etron HC, and a control transfer stress test ran for confirmation has just crashed it again. The same test passes with this patch applied. Fixes: 5e1c67abc930 ("xhci: Fix control transfer error on Etron xHCI host") Cc: stable(a)vger.kernel.org Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 4e975caca235..b906bc2eea5f 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -3777,7 +3777,7 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags, * enqueue a No Op TRB, this can prevent the Setup and Data Stage * TRB to be breaked by the Link TRB. */ - if (trb_is_link(ep_ring->enqueue + 1)) { + if (last_trb_on_seg(ep_ring->enq_seg, ep_ring->enqueue + 1)) { field = TRB_TYPE(TRB_TR_NOOP) | ep_ring->cycle_state; queue_trb(xhci, ep_ring, false, 0, 0, TRB_INTR_TARGET(0), field); -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH 6.1.y] x86/split_lock: Fix the delayed detection logic

by Maksim Davydov

commit c929d08df8bee855528b9d15b853c892c54e1eee upstream. If the warning mode with disabled mitigation mode is used, then on each CPU where the split lock occurred detection will be disabled in order to make progress and delayed work will be scheduled, which then will enable detection back. Now it turns out that all CPUs use one global delayed work structure. This leads to the fact that if a split lock occurs on several CPUs at the same time (within 2 jiffies), only one CPU will schedule delayed work, but the rest will not. The return value of schedule_delayed_work_on() would have shown this, but it is not checked in the code. A diagram that can help to understand the bug reproduction: - sld_update_msr() enables/disables SLD on both CPUs on the same core - schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT. If a work has the 'pending' status, then schedule_delayed_work_on() will return an error code and, most importantly, the work will not be placed in the workqueue. Let's say we have a multicore system on which split_lock_mitigate=0 and a multithreaded application is running that calls splitlock in multiple threads. Due to the fact that sld_update_msr() affects the entire core (both CPUs), we will consider 2 CPUs from different cores. Let the 2 threads of this application schedule to CPU0 (core 0) and to CPU 2 (core 1), then: | || | | CPU 0 (core 0) || CPU 2 (core 1) | |_________________________________||___________________________________| | || | | 1) SPLIT LOCK occured || | | || | | 2) split_lock_warn() || | | || | | 3) sysctl_sld_mitigate == 0 || | | (work = &sl_reenable) || | | || | | 4) schedule_delayed_work_on() || | | (reenable will be called || | | after 2 jiffies on CPU 0) || | | || | | 5) disable SLD for core 0 || | | || | | ------------------------- || | | || | | || 6) SPLIT LOCK occured | | || | | || 7) split_lock_warn() | | || | | || 8) sysctl_sld_mitigate == 0 | | || (work = &sl_reenable, | | || the same address as in 3) ) | | || | | 2 jiffies || 9) schedule_delayed_work_on() | | || fials because the work is in | | || the pending state since 4). | | || The work wasn't placed to the | | || workqueue. reenable won't be | | || called on CPU 2 | | || | | || 10) disable SLD for core 0 | | || | | || From now on SLD will | | || never be reenabled on core 1 | | || | | ------------------------- || | | || | | 11) enable SLD for core 0 by || | | __split_lock_reenable || | | || | If the application threads can be scheduled to all processor cores, then over time there will be only one core left, on which SLD will be enabled and split lock will be able to be detected; and on all other cores SLD will be disabled all the time. Most likely, this bug has not been noticed for so long because sysctl_sld_mitigate default value is 1, and in this case a semaphore is used that does not allow 2 different cores to have SLD disabled at the same time, that is, strictly only one work is placed in the workqueue. In order to fix the warning mode with disabled mitigation mode, delayed work has to be per-CPU. Implement it. Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode") Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ravi Bangoria <ravi.bangoria(a)amd.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru --- arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index b91f3d72bcdd..2c43a1423b09 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -1204,7 +1204,13 @@ static void __split_lock_reenable(struct work_struct *work) { sld_update_msr(true); } -static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable); +/* + * In order for each CPU to schedule its delayed work independently of the + * others, delayed work struct must be per-CPU. This is not required when + * sysctl_sld_mitigate is enabled because of the semaphore that limits + * the number of simultaneously scheduled delayed works to 1. + */ +static DEFINE_PER_CPU(struct delayed_work, sl_reenable); /* * If a CPU goes offline with pending delayed work to re-enable split lock @@ -1225,7 +1231,7 @@ static int splitlock_cpu_offline(unsigned int cpu) static void split_lock_warn(unsigned long ip) { - struct delayed_work *work; + struct delayed_work *work = NULL; int cpu; if (!current->reported_split_lock) @@ -1247,11 +1253,17 @@ static void split_lock_warn(unsigned long ip) if (down_interruptible(&buslock_sem) == -EINTR) return; work = &sl_reenable_unlock; - } else { - work = &sl_reenable; } cpu = get_cpu(); + + if (!work) { + work = this_cpu_ptr(&sl_reenable); + /* Deferred initialization of per-CPU struct */ + if (!work->work.func) + INIT_DELAYED_WORK(work, __split_lock_reenable); + } + schedule_delayed_work_on(cpu, work, 2); /* Disable split lock detection on this CPU to make progress */ -- 2.34.1

6 months, 2 weeks

1
0
0 0

[PATCH 6.6.y] x86/split_lock: Fix the delayed detection logic

by Maksim Davydov

commit c929d08df8bee855528b9d15b853c892c54e1eee upstream. If the warning mode with disabled mitigation mode is used, then on each CPU where the split lock occurred detection will be disabled in order to make progress and delayed work will be scheduled, which then will enable detection back. Now it turns out that all CPUs use one global delayed work structure. This leads to the fact that if a split lock occurs on several CPUs at the same time (within 2 jiffies), only one CPU will schedule delayed work, but the rest will not. The return value of schedule_delayed_work_on() would have shown this, but it is not checked in the code. A diagram that can help to understand the bug reproduction: - sld_update_msr() enables/disables SLD on both CPUs on the same core - schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT. If a work has the 'pending' status, then schedule_delayed_work_on() will return an error code and, most importantly, the work will not be placed in the workqueue. Let's say we have a multicore system on which split_lock_mitigate=0 and a multithreaded application is running that calls splitlock in multiple threads. Due to the fact that sld_update_msr() affects the entire core (both CPUs), we will consider 2 CPUs from different cores. Let the 2 threads of this application schedule to CPU0 (core 0) and to CPU 2 (core 1), then: | || | | CPU 0 (core 0) || CPU 2 (core 1) | |_________________________________||___________________________________| | || | | 1) SPLIT LOCK occured || | | || | | 2) split_lock_warn() || | | || | | 3) sysctl_sld_mitigate == 0 || | | (work = &sl_reenable) || | | || | | 4) schedule_delayed_work_on() || | | (reenable will be called || | | after 2 jiffies on CPU 0) || | | || | | 5) disable SLD for core 0 || | | || | | ------------------------- || | | || | | || 6) SPLIT LOCK occured | | || | | || 7) split_lock_warn() | | || | | || 8) sysctl_sld_mitigate == 0 | | || (work = &sl_reenable, | | || the same address as in 3) ) | | || | | 2 jiffies || 9) schedule_delayed_work_on() | | || fials because the work is in | | || the pending state since 4). | | || The work wasn't placed to the | | || workqueue. reenable won't be | | || called on CPU 2 | | || | | || 10) disable SLD for core 0 | | || | | || From now on SLD will | | || never be reenabled on core 1 | | || | | ------------------------- || | | || | | 11) enable SLD for core 0 by || | | __split_lock_reenable || | | || | If the application threads can be scheduled to all processor cores, then over time there will be only one core left, on which SLD will be enabled and split lock will be able to be detected; and on all other cores SLD will be disabled all the time. Most likely, this bug has not been noticed for so long because sysctl_sld_mitigate default value is 1, and in this case a semaphore is used that does not allow 2 different cores to have SLD disabled at the same time, that is, strictly only one work is placed in the workqueue. In order to fix the warning mode with disabled mitigation mode, delayed work has to be per-CPU. Implement it. Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode") Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ravi Bangoria <ravi.bangoria(a)amd.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru --- arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 38eeff91109f..6c0e0619e6d3 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -1168,7 +1168,13 @@ static void __split_lock_reenable(struct work_struct *work) { sld_update_msr(true); } -static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable); +/* + * In order for each CPU to schedule its delayed work independently of the + * others, delayed work struct must be per-CPU. This is not required when + * sysctl_sld_mitigate is enabled because of the semaphore that limits + * the number of simultaneously scheduled delayed works to 1. + */ +static DEFINE_PER_CPU(struct delayed_work, sl_reenable); /* * If a CPU goes offline with pending delayed work to re-enable split lock @@ -1189,7 +1195,7 @@ static int splitlock_cpu_offline(unsigned int cpu) static void split_lock_warn(unsigned long ip) { - struct delayed_work *work; + struct delayed_work *work = NULL; int cpu; if (!current->reported_split_lock) @@ -1211,11 +1217,17 @@ static void split_lock_warn(unsigned long ip) if (down_interruptible(&buslock_sem) == -EINTR) return; work = &sl_reenable_unlock; - } else { - work = &sl_reenable; } cpu = get_cpu(); + + if (!work) { + work = this_cpu_ptr(&sl_reenable); + /* Deferred initialization of per-CPU struct */ + if (!work->work.func) + INIT_DELAYED_WORK(work, __split_lock_reenable); + } + schedule_delayed_work_on(cpu, work, 2); /* Disable split lock detection on this CPU to make progress */ -- 2.34.1

6 months, 2 weeks

1
0
0 0

[PATCH v2] serial: sifive: lock port in startup()/shutdown() callbacks

by Ryo Takakura

startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS. The register is also accessed from write() callback. If console were printing and startup()/shutdown() callback gets called, its access to the register could be overwritten. Add port->lock to startup()/shutdown() callbacks to make sure their access to SIFIVE_SERIAL_IE_OFFS is synchronized against write() callback. Fixes: 45c054d0815b ("tty: serial: add driver for the SiFive UART") Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com> Cc: stable(a)vger.kernel.org --- This patch used be part of a series for converting sifive driver to nbcon[0]. It's now sent seperatly as the rest of the series does not need be applied to the stable branch. Sincerely, Ryo Takakura [0] https://lore.kernel.org/all/20250405043833.397020-1-ryotkkr98@gmail.com/ --- drivers/tty/serial/sifive.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c index 5904a2d4c..054a8e630 100644 --- a/drivers/tty/serial/sifive.c +++ b/drivers/tty/serial/sifive.c @@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state) static int sifive_serial_startup(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_enable_rxwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); return 0; } @@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port) static void sifive_serial_shutdown(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_disable_rxwm(ssp); __ssp_disable_txwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); } /** -- 2.34.1

6 months, 2 weeks

2
2
0 0

[PATCH] ocfs2: fix panic in failed foilio allocation

by Mark Tinguely

In commit 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" the chunk page allocations became order 0 folio allocations. If an allocation failed, the folio array entry should be NULL so the error path can skip the entry. In the port it is -ENOMEM and the error path panics trying to free this bad value. Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> Cc: stable(a)vger.kernel.org Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c index 40b6bce12951..89aadc6cdd87 100644 --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(struct address_space *mapping, if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } -- 2.39.5 (Apple Git-154)

6 months, 2 weeks

1
0
0 0

Linux 6.14.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.2 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/netlink/specs/netdev.yaml | 4 Documentation/netlink/specs/rt_route.yaml | 180 - Documentation/networking/xsk-tx-metadata.rst | 62 Makefile | 2 arch/arm/Kconfig | 2 arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1-mba6ulx.dts | 3 arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1.dtsi | 2 arch/arm/boot/dts/ti/omap/omap4-panda-a4.dts | 5 arch/arm/include/asm/vmlinux.lds.h | 12 arch/arm64/boot/dts/freescale/imx8mp-skov-reva.dtsi | 39 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 7 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8390-genio-700-evk.dts | 1033 --------- arch/arm64/boot/dts/mediatek/mt8390-genio-common.dtsi | 1046 ++++++++++ arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 4 arch/arm64/boot/dts/renesas/r8a77990.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 2 arch/arm64/boot/dts/rockchip/rk3318-a95x-z2.dts | 4 arch/arm64/boot/dts/rockchip/rk3399-nanopi4.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 14 arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 25 arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts | 3 arch/arm64/boot/dts/rockchip/rk3588-orangepi-5-compact.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 2 arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 6 arch/arm64/boot/dts/ti/k3-am62p-j722s-common-mcu.dtsi | 8 arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 26 arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 15 arch/arm64/include/asm/mem_encrypt.h | 11 arch/arm64/kernel/compat_alignment.c | 2 arch/loongarch/Kconfig | 4 arch/loongarch/include/asm/cache.h | 2 arch/loongarch/include/asm/irq.h | 2 arch/loongarch/include/asm/stacktrace.h | 3 arch/loongarch/include/asm/unwind_hints.h | 10 arch/loongarch/kernel/env.c | 2 arch/loongarch/kernel/kgdb.c | 5 arch/loongarch/net/bpf_jit.c | 12 arch/loongarch/net/bpf_jit.h | 5 arch/m68k/include/asm/processor.h | 14 arch/m68k/sun3/mmu_emu.c | 7 arch/parisc/include/uapi/asm/socket.h | 12 arch/powerpc/configs/mpc885_ads_defconfig | 2 arch/powerpc/crypto/Makefile | 1 arch/powerpc/kexec/relocate_32.S | 7 arch/powerpc/perf/core-book3s.c | 8 arch/powerpc/perf/vpa-pmu.c | 1 arch/powerpc/platforms/cell/spufs/gang.c | 1 arch/powerpc/platforms/cell/spufs/inode.c | 63 arch/powerpc/platforms/cell/spufs/spufs.h | 2 arch/riscv/Kconfig | 2 arch/riscv/errata/Makefile | 6 arch/riscv/include/asm/cpufeature.h | 4 arch/riscv/include/asm/ftrace.h | 4 arch/riscv/kernel/elf_kexec.c | 3 arch/riscv/kernel/mcount.S | 24 arch/riscv/kernel/traps_misaligned.c | 14 arch/riscv/kernel/unaligned_access_speed.c | 91 arch/riscv/kernel/vec-copy-unaligned.S | 2 arch/riscv/kvm/main.c | 4 arch/riscv/kvm/vcpu_pmu.c | 1 arch/riscv/mm/hugetlbpage.c | 76 arch/riscv/purgatory/entry.S | 1 arch/s390/include/asm/io.h | 2 arch/s390/include/asm/pgtable.h | 3 arch/s390/kernel/entry.S | 2 arch/s390/kernel/perf_pai_crypto.c | 3 arch/s390/kernel/perf_pai_ext.c | 3 arch/s390/mm/pgtable.c | 10 arch/um/include/shared/os.h | 1 arch/um/kernel/Makefile | 2 arch/um/kernel/maccess.c | 19 arch/um/os-Linux/process.c | 51 arch/x86/Kconfig | 3 arch/x86/Kconfig.cpu | 2 arch/x86/Makefile.um | 7 arch/x86/coco/tdx/tdx.c | 26 arch/x86/entry/calling.h | 2 arch/x86/entry/common.c | 2 arch/x86/entry/vdso/vdso-layout.lds.S | 2 arch/x86/entry/vdso/vma.c | 2 arch/x86/events/amd/brs.c | 3 arch/x86/events/amd/lbr.c | 3 arch/x86/events/core.c | 5 arch/x86/events/intel/core.c | 47 arch/x86/events/intel/ds.c | 13 arch/x86/events/intel/lbr.c | 50 arch/x86/events/perf_event.h | 18 arch/x86/hyperv/ivm.c | 2 arch/x86/include/asm/irqflags.h | 40 arch/x86/include/asm/paravirt.h | 20 arch/x86/include/asm/paravirt_types.h | 3 arch/x86/include/asm/tdx.h | 4 arch/x86/include/asm/tlbflush.h | 2 arch/x86/include/asm/vdso/vsyscall.h | 1 arch/x86/kernel/cpu/bus_lock.c | 20 arch/x86/kernel/cpu/mce/severity.c | 11 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/fpu/core.c | 6 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/process.c | 9 arch/x86/kernel/traps.c | 18 arch/x86/kernel/tsc.c | 4 arch/x86/kernel/uprobes.c | 14 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/x86.c | 15 arch/x86/lib/copy_user_64.S | 18 arch/x86/mm/mem_encrypt_identity.c | 4 arch/x86/mm/pat/cpa-test.c | 2 arch/x86/mm/pat/memtype.c | 52 block/badblocks.c | 284 -- block/bio.c | 11 block/blk-settings.c | 51 block/blk-throttle.c | 13 crypto/algapi.c | 3 crypto/api.c | 17 crypto/bpf_crypto_skcipher.c | 1 drivers/accel/amdxdna/aie2_smu.c | 2 drivers/acpi/acpi_video.c | 9 drivers/acpi/nfit/core.c | 2 drivers/acpi/platform_profile.c | 26 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 7 drivers/acpi/x86/utils.c | 3 drivers/ata/libata-core.c | 2 drivers/auxdisplay/Kconfig | 1 drivers/auxdisplay/panel.c | 4 drivers/base/power/main.c | 21 drivers/base/power/runtime.c | 2 drivers/block/null_blk/main.c | 17 drivers/block/ublk_drv.c | 39 drivers/bluetooth/btnxpuart.c | 6 drivers/bluetooth/btusb.c | 2 drivers/bus/qcom-ssc-block-bus.c | 34 drivers/clk/clk-stm32f4.c | 4 drivers/clk/imx/clk-imx8mp-audiomix.c | 6 drivers/clk/meson/g12a.c | 38 drivers/clk/meson/gxbb.c | 14 drivers/clk/mmp/clk-pxa1908-apmu.c | 4 drivers/clk/qcom/gcc-ipq5424.c | 24 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/gcc-sm8650.c | 4 drivers/clk/qcom/gcc-x1e80100.c | 30 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/renesas/r9a08g045-cpg.c | 5 drivers/clk/renesas/rzg2l-cpg.c | 13 drivers/clk/renesas/rzg2l-cpg.h | 10 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/cpufreq/Kconfig.arm | 2 drivers/cpufreq/amd-pstate-trace.h | 46 drivers/cpufreq/amd-pstate.c | 80 drivers/cpufreq/amd-pstate.h | 18 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cpufreq-dt.c | 2 drivers/cpufreq/cpufreq_governor.c | 45 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/cpufreq/mediatek-cpufreq.c | 2 drivers/cpufreq/mvebu-cpufreq.c | 2 drivers/cpufreq/qcom-cpufreq-hw.c | 2 drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 drivers/cpufreq/scmi-cpufreq.c | 2 drivers/cpufreq/scpi-cpufreq.c | 7 drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6 drivers/cpufreq/virtual-cpufreq.c | 2 drivers/cpuidle/cpuidle-arm.c | 8 drivers/cpuidle/cpuidle-big_little.c | 2 drivers/cpuidle/cpuidle-psci.c | 4 drivers/cpuidle/cpuidle-qcom-spm.c | 2 drivers/cpuidle/cpuidle-riscv-sbi.c | 4 drivers/crypto/hisilicon/sec2/sec.h | 1 drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 - drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 drivers/crypto/nx/nx-common-pseries.c | 37 drivers/crypto/tegra/tegra-se-aes.c | 401 ++- drivers/crypto/tegra/tegra-se-hash.c | 287 +- drivers/crypto/tegra/tegra-se-key.c | 29 drivers/crypto/tegra/tegra-se-main.c | 16 drivers/crypto/tegra/tegra-se.h | 39 drivers/dma/amd/ae4dma/ae4dma-pci.c | 4 drivers/dma/amd/ae4dma/ae4dma.h | 2 drivers/dma/amd/ptdma/ptdma-dmaengine.c | 90 drivers/dma/fsl-edma-main.c | 14 drivers/edac/i10nm_base.c | 2 drivers/edac/ie31200_edac.c | 19 drivers/edac/igen6_edac.c | 21 drivers/edac/skx_common.c | 33 drivers/edac/skx_common.h | 11 drivers/firmware/arm_ffa/bus.c | 3 drivers/firmware/arm_ffa/driver.c | 60 drivers/firmware/arm_scmi/driver.c | 10 drivers/firmware/cirrus/cs_dsp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 461 ---- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 12 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 drivers/gpu/drm/bridge/ite-it6505.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 drivers/gpu/drm/drm_file.c | 26 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/mediatek/mtk_dp.c | 6 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 132 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 24 drivers/gpu/drm/msm/dsi/dsi_host.c | 8 drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 drivers/gpu/drm/msm/msm_atomic.c | 13 drivers/gpu/drm/msm/msm_dsc_helper.h | 11 drivers/gpu/drm/msm/msm_gem_submit.c | 2 drivers/gpu/drm/msm/msm_kms.h | 7 drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 drivers/gpu/drm/panthor/panthor_device.c | 22 drivers/gpu/drm/panthor/panthor_drv.c | 14 drivers/gpu/drm/panthor/panthor_fw.c | 9 drivers/gpu/drm/panthor/panthor_fw.h | 6 drivers/gpu/drm/panthor/panthor_heap.c | 54 drivers/gpu/drm/panthor/panthor_heap.h | 2 drivers/gpu/drm/panthor/panthor_mmu.c | 27 drivers/gpu/drm/panthor/panthor_mmu.h | 3 drivers/gpu/drm/panthor/panthor_sched.c | 84 drivers/gpu/drm/panthor/panthor_sched.h | 3 drivers/gpu/drm/solomon/ssd130x-spi.c | 7 drivers/gpu/drm/solomon/ssd130x.c | 6 drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xe/Kconfig | 2 drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 drivers/gpu/drm/xlnx/zynqmp_dp_audio.c | 4 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/greybus/gb-beagleplay.c | 4 drivers/hid/Makefile | 1 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/hwtracing/coresight/coresight-core.c | 20 drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/accel/msa311.c | 26 drivers/iio/adc/ad4130.c | 41 drivers/iio/adc/ad7124.c | 60 drivers/iio/adc/ad7173.c | 30 drivers/iio/adc/ad7192.c | 5 drivers/iio/adc/ad7768-1.c | 15 drivers/iio/adc/ad_sigma_delta.c | 1 drivers/iio/dac/adi-axi-dac.c | 8 drivers/iio/industrialio-backend.c | 4 drivers/iio/industrialio-gts-helper.c | 11 drivers/iio/light/Kconfig | 1 drivers/iio/light/veml6030.c | 577 ++--- drivers/iio/light/veml6075.c | 8 drivers/infiniband/core/device.c | 18 drivers/infiniband/core/mad.c | 38 drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/erdma/erdma_cm.c | 1 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/infiniband/hw/mlx5/mr.c | 41 drivers/infiniband/hw/mlx5/odp.c | 10 drivers/iommu/amd/amd_iommu.h | 7 drivers/iommu/intel/iommu.c | 17 drivers/iommu/io-pgtable-dart.c | 2 drivers/iommu/iommu.c | 5 drivers/leds/led-core.c | 22 drivers/leds/leds-st1202.c | 4 drivers/md/md-bitmap.c | 6 drivers/md/md.c | 71 drivers/md/md.h | 6 drivers/md/raid1-10.c | 2 drivers/md/raid1.c | 17 drivers/md/raid10.c | 19 drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/media/platform/ti/omap3isp/isp.c | 7 drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1 drivers/media/rc/streamzap.c | 2 drivers/media/test-drivers/vimc/vimc-streamer.c | 6 drivers/memory/mtk-smi.c | 33 drivers/mfd/sm501.c | 6 drivers/misc/pci_endpoint_test.c | 22 drivers/mmc/host/omap.c | 19 drivers/mmc/host/sdhci-omap.c | 4 drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/bonding/bond_main.c | 8 drivers/net/bonding/bond_options.c | 3 drivers/net/can/rockchip/rockchip_canfd-core.c | 5 drivers/net/dsa/microchip/ksz8.c | 11 drivers/net/dsa/microchip/ksz_dcb.c | 231 -- drivers/net/dsa/mv88e6xxx/chip.c | 32 drivers/net/dsa/mv88e6xxx/phy.c | 3 drivers/net/dsa/sja1105/sja1105_ethtool.c | 9 drivers/net/dsa/sja1105/sja1105_ptp.c | 20 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 3 drivers/net/ethernet/ibm/ibmveth.c | 39 drivers/net/ethernet/ibm/ibmvnic.c | 30 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 drivers/net/ethernet/intel/ice/devlink/health.c | 6 drivers/net/ethernet/intel/ice/ice_common.c | 3 drivers/net/ethernet/intel/ice/ice_ptp.c | 6 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 39 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 24 drivers/net/ethernet/intel/idpf/idpf_lib.c | 31 drivers/net/ethernet/intel/idpf/idpf_main.c | 6 drivers/net/ethernet/intel/igb/igb_ptp.c | 6 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 143 + drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 + drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mediatek/airoha_eth.c | 20 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 15 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 27 drivers/net/ethernet/microchip/lan743x_ptp.c | 6 drivers/net/ethernet/renesas/ravb_ptp.c | 3 drivers/net/ethernet/sfc/ef100_netdev.c | 7 drivers/net/ethernet/sfc/ef100_nic.c | 47 drivers/net/ethernet/sfc/efx.c | 24 drivers/net/ethernet/sfc/mcdi_port.c | 59 drivers/net/ethernet/sfc/mcdi_port_common.c | 11 drivers/net/ethernet/sfc/net_driver.h | 6 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 65 drivers/net/ipvlan/ipvlan_l3s.c | 1 drivers/net/phy/bcm-phy-ptp.c | 3 drivers/net/phy/broadcom.c | 6 drivers/net/usb/rndis_host.c | 16 drivers/net/usb/usbnet.c | 6 drivers/net/virtio_net.c | 30 drivers/net/vmxnet3/vmxnet3_drv.c | 10 drivers/net/wireless/ath/ath11k/dp_rx.c | 14 drivers/net/wireless/ath/ath11k/mac.c | 5 drivers/net/wireless/ath/ath11k/pci.c | 2 drivers/net/wireless/ath/ath11k/reg.c | 22 drivers/net/wireless/ath/ath12k/core.c | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 2 drivers/net/wireless/ath/ath12k/dp_tx.c | 2 drivers/net/wireless/ath/ath12k/mac.c | 9 drivers/net/wireless/ath/ath12k/pci.c | 2 drivers/net/wireless/ath/ath12k/wmi.c | 2 drivers/net/wireless/ath/ath9k/common-spectral.c | 4 drivers/net/wireless/marvell/mwifiex/fw.h | 14 drivers/net/wireless/marvell/mwifiex/main.c | 4 drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 18 drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 45 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 drivers/net/wireless/realtek/rtw89/core.h | 2 drivers/net/wireless/realtek/rtw89/fw.c | 12 drivers/net/wireless/realtek/rtw89/pci.h | 56 drivers/net/wireless/realtek/rtw89/pci_be.c | 2 drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 13 drivers/net/wireless/realtek/rtw89/rtw8852bt_rfk.c | 13 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvdimm/badrange.c | 2 drivers/nvdimm/nd.h | 2 drivers/nvdimm/pfn_devs.c | 7 drivers/nvdimm/pmem.c | 2 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/debugfs.c | 2 drivers/nvme/target/pci-epf.c | 11 drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-histb.c | 12 drivers/pci/controller/pcie-brcmstb.c | 16 drivers/pci/controller/pcie-mediatek-gen3.c | 28 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/endpoint/functions/pci-epf-test.c | 126 - drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/iov.c | 48 drivers/pci/pci-sysfs.c | 4 drivers/pci/pci.c | 22 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/bwctrl.c | 6 drivers/pci/pcie/portdrv.c | 8 drivers/pci/probe.c | 5 drivers/pci/setup-bus.c | 39 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 drivers/pinctrl/bcm/pinctrl-bcm2835.c | 14 drivers/pinctrl/intel/pinctrl-intel.c | 1 drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/x86/dell/dell-uart-backlight.c | 2 drivers/platform/x86/dell/dell-wmi-ddv.c | 6 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 drivers/platform/x86/thinkpad_acpi.c | 11 drivers/power/supply/bq27xxx_battery.c | 1 drivers/power/supply/max77693_charger.c | 2 drivers/ptp/ptp_ocp.c | 4 drivers/regulator/pca9450-regulator.c | 6 drivers/remoteproc/qcom_q6v5_mss.c | 21 drivers/remoteproc/qcom_q6v5_pas.c | 13 drivers/remoteproc/remoteproc_core.c | 1 drivers/rtc/rtc-renesas-rtca3.c | 15 drivers/scsi/hisi_sas/hisi_sas.h | 3 drivers/scsi/hisi_sas/hisi_sas_main.c | 28 drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 4 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 4 drivers/scsi/mpi3mr/mpi3mr_app.c | 1 drivers/scsi/mpt3sas/mpt3sas_base.c | 12 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 drivers/soc/mediatek/mt8167-mmsys.h | 13 drivers/soc/mediatek/mt8188-mmsys.h | 2 drivers/soc/mediatek/mt8365-mmsys.h | 48 drivers/soundwire/generic_bandwidth_allocation.c | 5 drivers/soundwire/slave.c | 1 drivers/spi/spi-amd.c | 2 drivers/spi/spi-bcm2835.c | 18 drivers/spi/spi-cadence-xspi.c | 2 drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 2 drivers/staging/gpib/agilent_82357a/agilent_82357a.c | 424 +--- drivers/staging/gpib/cb7210/cb7210.c | 2 drivers/staging/gpib/hp_82341/hp_82341.c | 2 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 518 ++-- drivers/staging/rtl8723bs/Kconfig | 1 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 28 drivers/target/loopback/tcm_loop.c | 5 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/n_tty.c | 13 drivers/tty/serial/fsl_lpuart.c | 312 +- drivers/usb/host/xhci-mem.c | 6 drivers/usb/typec/altmodes/thunderbolt.c | 10 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/vhost/scsi.c | 25 drivers/video/console/Kconfig | 6 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/sm501fb.c | 7 drivers/w1/masters/w1-uart.c | 4 fs/9p/vfs_inode_dotl.c | 2 fs/autofs/autofs_i.h | 2 fs/bcachefs/fs-ioctl.c | 6 fs/btrfs/block-group.c | 40 fs/btrfs/disk-io.c | 3 fs/coredump.c | 4 fs/dlm/lockspace.c | 2 fs/erofs/internal.h | 2 fs/erofs/super.c | 8 fs/exec.c | 15 fs/exfat/fatent.c | 2 fs/exfat/file.c | 29 fs/exfat/inode.c | 41 fs/ext4/dir.c | 3 fs/ext4/ext4.h | 17 fs/ext4/ext4_jbd2.h | 29 fs/ext4/inode.c | 19 fs/ext4/mballoc-test.c | 2 fs/ext4/namei.c | 16 fs/ext4/super.c | 81 fs/ext4/xattr.c | 32 fs/ext4/xattr.h | 10 fs/f2fs/checkpoint.c | 15 fs/f2fs/compress.c | 1 fs/f2fs/data.c | 10 fs/f2fs/f2fs.h | 3 fs/f2fs/file.c | 20 fs/f2fs/inode.c | 7 fs/f2fs/namei.c | 8 fs/f2fs/segment.c | 29 fs/f2fs/segment.h | 9 fs/f2fs/super.c | 67 fs/fsopen.c | 2 fs/fuse/dax.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 4 fs/gfs2/super.c | 21 fs/hostfs/hostfs.h | 2 fs/hostfs/hostfs_kern.c | 7 fs/hostfs/hostfs_user.c | 59 fs/isofs/dir.c | 3 fs/jbd2/journal.c | 27 fs/jfs/inode.c | 2 fs/jfs/jfs_dtree.c | 3 fs/jfs/jfs_extent.c | 10 fs/jfs/jfs_imap.c | 13 fs/jfs/xattr.c | 15 fs/nfs/delegation.c | 63 fs/nfs/nfs4xdr.c | 18 fs/nfs/sysfs.c | 22 fs/nfs/write.c | 4 fs/nfsd/Kconfig | 12 fs/nfsd/nfs4callback.c | 14 fs/nfsd/nfs4state.c | 53 fs/nfsd/nfsctl.c | 53 fs/nfsd/stats.c | 4 fs/nfsd/stats.h | 2 fs/nfsd/vfs.c | 28 fs/ntfs3/attrib.c | 3 fs/ntfs3/file.c | 22 fs/ntfs3/frecord.c | 6 fs/ntfs3/index.c | 4 fs/ntfs3/ntfs.h | 2 fs/ntfs3/super.c | 89 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/smb/client/connect.c | 16 fs/smb/server/auth.c | 6 fs/smb/server/connection.h | 11 fs/smb/server/mgmt/user_session.c | 37 fs/smb/server/mgmt/user_session.h | 2 fs/smb/server/oplock.c | 12 fs/smb/server/smb2pdu.c | 54 fs/smb/server/smbacl.c | 21 include/asm-generic/rwonce.h | 10 include/drm/display/drm_dp_mst_helper.h | 7 include/drm/drm_file.h | 5 include/linux/arm_ffa.h | 3 include/linux/avf/virtchnl.h | 4 include/linux/badblocks.h | 10 include/linux/context_tracking_irq.h | 8 include/linux/coresight.h | 4 include/linux/cpuset.h | 11 include/linux/dma-direct.h | 13 include/linux/fwnode.h | 2 include/linux/if_bridge.h | 6 include/linux/iio/iio-gts-helper.h | 1 include/linux/iio/iio.h | 26 include/linux/interrupt.h | 8 include/linux/mem_encrypt.h | 23 include/linux/nfs_fs_sb.h | 4 include/linux/nmi.h | 4 include/linux/perf_event.h | 37 include/linux/pgtable.h | 28 include/linux/pm_runtime.h | 2 include/linux/rcupdate.h | 2 include/linux/reboot.h | 18 include/linux/sched.h | 7 include/linux/sched/deadline.h | 4 include/linux/sched/smt.h | 2 include/linux/seccomp.h | 8 include/linux/thermal.h | 2 include/linux/uprobes.h | 2 include/linux/writeback.h | 24 include/net/ax25.h | 1 include/net/bluetooth/hci.h | 34 include/net/bluetooth/hci_core.h | 5 include/net/bonding.h | 1 include/net/xdp_sock.h | 10 include/net/xdp_sock_drv.h | 1 include/net/xfrm.h | 11 include/rdma/ib_verbs.h | 1 include/trace/define_trace.h | 7 include/trace/events/writeback.h | 21 include/uapi/linux/if_xdp.h | 10 include/uapi/linux/netdev.h | 3 init/Kconfig | 5 io_uring/io-wq.c | 40 io_uring/io-wq.h | 7 io_uring/io_uring.c | 3 io_uring/net.c | 23 kernel/bpf/core.c | 19 kernel/bpf/verifier.c | 7 kernel/cgroup/cpuset.c | 27 kernel/cpu.c | 5 kernel/events/core.c | 39 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 15 kernel/fork.c | 4 kernel/kexec_elf.c | 2 kernel/reboot.c | 84 kernel/rseq.c | 80 kernel/sched/core.c | 8 kernel/sched/deadline.c | 37 kernel/sched/debug.c | 8 kernel/sched/fair.c | 50 kernel/sched/rt.c | 2 kernel/sched/sched.h | 2 kernel/sched/topology.c | 15 kernel/seccomp.c | 14 kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace_events.c | 7 kernel/trace/trace_events_synth.c | 36 kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 kernel/watchdog.c | 25 kernel/watchdog_perf.c | 28 lib/842/842_compress.c | 2 lib/stackinit_kunit.c | 30 lib/vsprintf.c | 2 mm/gup.c | 3 mm/memory.c | 13 mm/page-writeback.c | 37 mm/zswap.c | 30 net/ax25/af_ax25.c | 30 net/ax25/ax25_route.c | 74 net/bluetooth/hci_core.c | 62 net/bluetooth/hci_event.c | 25 net/bluetooth/hci_sync.c | 30 net/bridge/br_ioctl.c | 36 net/bridge/br_private.h | 3 net/core/dev_ioctl.c | 19 net/core/dst.c | 8 net/core/netdev-genl.c | 2 net/core/rtnetlink.c | 3 net/core/rtnl_net_debug.c | 2 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/udp.c | 42 net/ipv6/addrconf.c | 37 net/ipv6/calipso.c | 21 net/ipv6/route.c | 42 net/mac80211/cfg.c | 12 net/mac80211/mlme.c | 9 net/netfilter/nf_tables_api.c | 4 net/netfilter/nf_tables_core.c | 11 net/netfilter/nfnetlink_queue.c | 2 net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_skbprio.c | 3 net/sctp/sysctl.c | 4 net/socket.c | 19 net/vmw_vsock/af_vsock.c | 6 net/wireless/core.c | 6 net/wireless/nl80211.c | 2 net/xdp/xsk.c | 8 net/xfrm/xfrm_device.c | 13 net/xfrm/xfrm_state.c | 32 net/xfrm/xfrm_user.c | 2 rust/Makefile | 4 rust/kernel/print.rs | 7 samples/bpf/Makefile | 2 samples/trace_events/trace-events-sample.h | 8 scripts/gdb/linux/symbols.py | 13 scripts/package/debian/rules | 6 scripts/selinux/install_policy.sh | 15 security/smack/smack.h | 6 security/smack/smack_lsm.c | 34 sound/core/timer.c | 147 - sound/pci/hda/patch_realtek.c | 9 sound/soc/amd/acp/acp-legacy-common.c | 10 sound/soc/codecs/cs35l41-spi.c | 5 sound/soc/codecs/mt6359.c | 9 sound/soc/codecs/rt5665.c | 24 sound/soc/fsl/imx-card.c | 4 sound/soc/generic/simple-card-utils.c | 7 sound/soc/tegra/tegra210_adx.c | 6 sound/soc/ti/j721e-evm.c | 2 sound/usb/mixer_quirks.c | 7 tools/arch/x86/lib/insn.c | 2 tools/bpf/runqslower/Makefile | 3 tools/include/uapi/linux/if_xdp.h | 10 tools/include/uapi/linux/netdev.h | 3 tools/lib/bpf/btf.c | 4 tools/lib/bpf/linker.c | 2 tools/lib/bpf/str_error.c | 2 tools/lib/bpf/str_error.h | 7 tools/objtool/arch/loongarch/decode.c | 28 tools/objtool/arch/loongarch/include/arch/elf.h | 7 tools/objtool/arch/powerpc/decode.c | 14 tools/objtool/arch/x86/decode.c | 13 tools/objtool/check.c | 84 tools/objtool/elf.c | 6 tools/objtool/include/objtool/arch.h | 3 tools/objtool/include/objtool/elf.h | 27 tools/perf/Makefile.config | 10 tools/perf/Makefile.perf | 2 tools/perf/arch/powerpc/util/header.c | 4 tools/perf/arch/x86/util/topdown.c | 2 tools/perf/bench/syscall.c | 22 tools/perf/builtin-report.c | 32 tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10 tools/perf/pmu-events/empty-pmu-events.c | 8 tools/perf/pmu-events/jevents.py | 8 tools/perf/tests/hwmon_pmu.c | 16 tools/perf/tests/pmu.c | 85 tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 tools/perf/tests/shell/record_bpf_filter.sh | 4 tools/perf/tests/shell/stat_all_pmu.sh | 48 tools/perf/tests/shell/test_data_symbol.sh | 17 tools/perf/tests/tool_pmu.c | 4 tools/perf/tests/workloads/datasym.c | 34 tools/perf/util/arm-spe.c | 8 tools/perf/util/bpf-filter.l | 2 tools/perf/util/comm.c | 2 tools/perf/util/debug.c | 2 tools/perf/util/dso.h | 4 tools/perf/util/evlist.c | 13 tools/perf/util/evsel.c | 16 tools/perf/util/expr.c | 2 tools/perf/util/hwmon_pmu.c | 14 tools/perf/util/hwmon_pmu.h | 16 tools/perf/util/intel-tpebs.c | 2 tools/perf/util/machine.c | 4 tools/perf/util/parse-events.c | 2 tools/perf/util/pmu.c | 263 +- tools/perf/util/pmu.h | 12 tools/perf/util/pmus.c | 171 + tools/perf/util/python.c | 17 tools/perf/util/stat-shadow.c | 3 tools/perf/util/stat.c | 13 tools/perf/util/tool_pmu.c | 34 tools/perf/util/tool_pmu.h | 2 tools/perf/util/units.c | 2 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 30 tools/testing/selftests/bpf/Makefile | 1 tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5 tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 tools/testing/selftests/mm/cow.c | 2 tools/testing/selftests/pcie_bwctrl/Makefile | 2 tools/verification/rv/Makefile.rv | 2 748 files changed, 9332 insertions(+), 7044 deletions(-) Aaron Kling (1): cpufreq: tegra194: Allow building for Tegra234 Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Aditya Kumar Singh (1): wifi: nl80211: store chandef on the correct link when starting CAC Adrián Larumbe (5): drm/panthor: Fix race condition when gathering fdinfo group samples drm/file: Add fdinfo helper for printing regions with prefix drm/panthor: Expose size of driver internal BO's over fdinfo drm/panthor: Replace sleep locks with spinlocks in fdinfo path drm/panthor: Avoid sleep locking in the internal BO size path Ahmad Fatoum (4): arm64: dts: imx8mp-skov: correct PMIC board limits arm64: dts: imx8mp-skov: operate CPU at 850 mV by default reboot: replace __hw_protection_shutdown bool action parameter with an enum reboot: reboot, not shutdown, on hw_protection_reboot timeout Akhil R (10): crypto: tegra - Use separate buffer for setkey crypto: tegra - Do not use fixed size buffers crypto: tegra - check return value for hash do_one_req crypto: tegra - Transfer HASH init function to crypto engine crypto: tegra - Fix HASH intermediate result handling crypto: tegra - Use HMAC fallback when keyslots are full crypto: tegra - Fix CMAC intermediate result handling crypto: tegra - Set IV to NULL explicitly for AES ECB crypto: tegra - finalize crypto req on error crypto: tegra - Reserve keyslots to allocate dynamically Akihiko Odaki (1): virtio_net: Fix endian with virtio_net_ctrl_rss Al Viro (3): spufs: fix a leak on spufs_new_file() failure spufs: fix gang directory lifetimes spufs: fix a leak in spufs_create_context() Alex Deucher (7): drm/amdgpu/umsch: declare umsch firmware drm/amdgpu/umsch: fix ucode check drm/amdgpu/vcn5.0.1: use correct dpm helper drm/amdgpu/mes: optimize compute loop handling drm/amdgpu/mes: enable compute pipes across all MEC drm/amdgpu/gfx11: fix num_mec drm/amdgpu/gfx12: fix num_mec Alexandre Ghiti (2): riscv: Fix missing __free_pages() in check_vector_unaligned_access() riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Alexandru Gagniuc (1): kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Alice Ryhl (1): rust: fix signature of rust_fmt_argument Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andreas Gruenbacher (2): gfs2: minor evict fix gfs2: skip if we cannot defer delete Andrew Jones (6): riscv: Annotate unaligned access init functions riscv: Fix riscv_online_cpu_vec riscv: Fix check_unaligned_access_all_cpus riscv: Change check_unaligned_access_speed_all_cpus to void riscv: Fix set up of cpu hotplug callbacks riscv: Fix set up of vector cpu hotplug callback Andrii Nakryiko (1): libbpf: Fix hypothetical STT_SECTION extern NULL deref case Andy Shevchenko (3): auxdisplay: panel: Fix an API misuse in panel.c pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Angelo Dureghello (1): iio: dac: adi-axi-dac: modify stream enable AngeloGioacchino Del Regno (5): soc: mediatek: mtk-mmsys: Fix MT8188 VDO1 DPI1 output selection soc: mediatek: mt8167-mmsys: Fix missing regval in all entries soc: mediatek: mt8365-mmsys: Fix routing table masks and values drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Angelos Oikonomopoulos (1): arm64: Don't call NULL in do_compat_alignment_fixup() Anshuman Khandual (1): arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Antoine Tenart (1): net: decrease cached dst counters in dst_release Antonio Quartulli (1): scripts/gdb/linux/symbols.py: address changes to module_sect_attrs Anuj Gupta (2): block: ensure correct integrity capability propagation in stacked devices block: Correctly initialize BLK_INTEGRITY_NOGENERATE and BLK_INTEGRITY_NOVERIFY Armin Wolf (1): platform/x86: dell-ddv: Fix temperature calculation Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (6): x86/platform: Only allow CONFIG_EISA for 32-bit firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() dummycon: fix default rows/cols mdacon: rework dependency list crypto: bpf - Add MODULE_DESCRIPTION for skcipher x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Artur Weber (1): power: supply: max77693: Fix wrong conversion of charge input threshold value Asahi Lina (1): iommu/io-pgtable-dart: Only set subpage protection disable for DART 1 Ashley Smith (1): drm/panthor: Update CS_STATUS_ defines to correct values Atish Patra (2): RISC-V: KVM: Disable the kernel perf counter during configure RISC-V: KVM: Teardown riscv specific bits after kvm_exit Aurabindo Pillai (1): drm/amd/display: fix an indent issue in DML21 Bairavi Alagappan (2): crypto: qat - set parity error mask for qat_420xx crypto: qat - remove access to parity register for QAT GEN4 Baochen Qiang (1): wifi: ath12k: use link specific bss_conf as well in ath12k_mac_vif_cache_flush() Baokun Li (5): ext4: convert EXT4_FLAGS_* defines to enum ext4: add EXT4_FLAGS_EMERGENCY_RO bit ext4: correct behavior under errors=remount-ro mode ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set ext4: goto right label 'out_mmap_sem' in ext4_setattr() Bard Liao (1): soundwire: take in count the bandwidth of a prepared stream Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (5): wifi: ath12k: Fix locking in "QMI firmware ready" error paths scsi: mpi3mr: Fix locking in an error path scsi: mpt3sas: Fix a locking bug in an error path drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() fs/procfs: fix the comment above proc_pid_wchan() Bartosz Golaszewski (1): pinctrl: bcm2835: don't -EINVAL on alternate funcs from get_direction() Basavaraj Natikar (2): dmaengine: ae4dma: Use the MSI count and its corresponding IRQ number dmaengine: ptdma: Utilize the AE4DMA engine's multi-queue functionality Benjamin Berg (3): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() um: remove copy_from_kernel_nofault_allowed um: hostfs: avoid issues on inode number reuse by host Benjamin Gaignard (1): media: verisilicon: HEVC: Initialize start_bit field Benson Leung (2): usb: typec: thunderbolt: Fix loops that iterate TYPEC_PLUG_SOP_P and TYPEC_PLUG_SOP_PP usb: typec: thunderbolt: Remove IS_ERR check for plug Björn Töpel (1): riscv/purgatory: 4B align purgatory_start Boris Brezillon (1): drm/panthor: Fix a race between the reset and suspend path Boris Burkov (1): btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Boris Ostrovsky (1): x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Caleb Sander Mateos (3): io_uring/net: only import send_zc buffer once io_uring: use lockless_cq flag in io_req_complete_post() nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Candice Li (1): Remove unnecessary firmware version check for gc v9_4_2 Chao Gao (1): x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Chao Yu (7): f2fs: quota: fix to avoid warning in dquot_writeback_dquots() f2fs: fix to avoid panic once fallocation fails for pinfile f2fs: fix to set .discard_granularity correctly f2fs: fix potential deadloop in prepare_compress_overwrite() f2fs: fix to call f2fs_recover_quota_end() correctly f2fs: fix to avoid accessing uninitialized curseg f2fs: fix to avoid running out of free segments Charles Han (3): ext4: fix potential null dereference in ext4 kunit test drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init clk: mmp: Fix NULL vs IS_ERR() check Chen-Yu Tsai (3): arm64: dts: mediatek: mt8173-elm: Drop pmic's #address-cells and #size-cells arm64: dts: mediatek: mt8173: Fix some node names arm64: dts: rockchip: Remove bluetooth node from rock-3a Cheng Xu (1): RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chenyuan Yang (3): thermal: int340x: Add NULL check for adev netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error w1: fix NULL pointer dereference in probe Chiara Meiohas (1): RDMA/mlx5: Fix calculation of total invalidated pages Christian Brauner (1): fs: support O_PATH fds with FSCONFIG_SET_FD Christian Eggers (1): ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Christian Schoenebeck (1): fs/9p: fix NULL pointer dereference on mkdir Christophe JAILLET (4): bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() PCI: histb: Fix an error handling path in histb_pcie_probe() ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Christophe Leroy (2): crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD powerpc/kexec: fix physical address calculation in clear_utlb_entry() Chuck Lever (5): NFSD: Fix callback decoder status codes NFSD: Add a Kconfig setting to enable delegated timestamps NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Chukun Pan (1): arm64: dts: rockchip: Move rk356x scmi SHMEM to reserved memory Chunhai Guo (1): f2fs: fix missing discard for active segments Claudiu Beznea (3): pinctrl: renesas: rzg2l: Suppress binding attributes clk: renesas: r8a08g045: Check the source of the CPU PLL settings rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled Cong Wang (1): net_sched: skbprio: Remove overly strict queue assertions Cyan Yang (1): selftests/mm/cow: fix the incorrect error handling Dan Carpenter (7): drm/msm/gem: Fix error code msm_parse_deps() PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() PCI: dwc: ep: Return -ENOMEM for allocation failures fs/ntfs3: Fix a couple integer overflows on 32bit systems fs/ntfs3: Prevent integer overflow in hdr_first_de() nfs: Add missing release on error in nfs_lock_and_join_requests() Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. Dapeng Mi (1): perf x86/topdown: Fix topdown leader sampling test error on hybrid Dario Binacchi (1): clk: stm32f4: fix an uninitialized variable Dave Marquardt (1): net: ibmveth: make veth_pool_store stop hanging Dave Penkler (7): staging: gpib: Add missing interface entry point staging: gpib: Fix pr_err format warning staging: gpib: Fix cb7210 pcmcia Oops staging: gpib: ni_usb console messaging cleanup staging: gpib: Fix Oops after disconnect in ni_usb staging: gpib: agilent usb console messaging cleanup staging: gpib: Fix Oops after disconnect in agilent usb David Gow (1): um: Pass the correct Rust target and options with gcc David Hildenbrand (3): x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs David Laight (1): objtool: Fix verbose disassembly if CROSS_COMPILE isn't set David Oberhollenzer (1): net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dhananjay Ugwekar (4): cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update cpufreq/amd-pstate: Convert all perf values to u8 cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Dmitry Antipov (3): wifi: ath9k: do not submit zero bytes to the entropy pool jfs: reject on-disk inodes of an unsupported type wifi: rtw89: rtw8852b{t}: fix TSSI debug timestamps Dmitry Baryshkov (4): drm/msm/dpu: don't use active in atomic_check() drm/msm/dpu: move needs_cdm setting to dpu_encoder_get_topology() drm/msm/dpu: simplify dpu_encoder_get_topology() interface drm/msm/dpu: don't set crtc_state->mode_changed from atomic_check() Dmitry Vyukov (1): perf report: Fix input reload/switch with symbol sort key Douglas Anderson (1): drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Eduard Christian Dumitrescu (1): platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Edward Adam Davis (1): wifi: cfg80211: init wiphy_work before allocating rfkill fails Edward Cree (2): sfc: rip out MDIO support sfc: fix NULL dereferences in ef100_process_design_param() Emil Tantilov (2): idpf: check error for register_netdev() on init idpf: fix adapter NULL pointer dereference on reboot Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Fabrizio Castro (3): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call pinctrl: renesas: rzv2m: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Filipe Manana (2): btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work() btrfs: fix reclaimed bytes accounting after automatic block group reclaim Florian Fainelli (2): spi: bcm2835: Do not call gpiod_put() on invalid descriptor spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Florian Westphal (1): netfilter: nf_tables: don't unregister hook when table is dormant Francesco Dolcini (1): arm64: dts: ti: k3-am62p: Enable AUDIO_REFCLKx Frieder Schrempf (1): regulator: pca9450: Fix enable register for LDO5 Gabriele Monaco (1): tracing: Fix DECLARE_TRACE_CONDITION Gao Xiang (1): erofs: allow 16-byte volume name again Geert Uytterhoeven (5): m68k: sun3: Fix DEBUG_MMU_EMU build auxdisplay: MAX6959 should select BITREVERSE arm64: dts: renesas: r8a774c0: Re-add voltages to OPP table arm64: dts: renesas: r8a77990: Re-add voltages to OPP table drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Gergo Koteles (1): ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 6.14.2 Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (1): tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Guixin Liu (1): scsi: target: tcm_loop: Fix wrong abort tag Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Hans de Goede (1): ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Heiko Stuebner (1): phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Hengqi Chen (3): LoongArch: BPF: Fix off-by-one error in build_prologue() LoongArch: BPF: Don't override subprog's return value LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (4): crypto: iaa - Test the correct request flag crypto: api - Fix larval relookup type and mask crypto: api - Call crypto_alg_put in crypto_unregister_alg crypto: nx - Fix uninitialised hv_nxc on error Hermes Wu (1): drm/bridge: it6505: fix HDCP V match check is not performed correctly Herton R. Krzesinski (1): x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Hrushikesh Salunke (1): arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Huacai Chen (2): LoongArch: Increase ARCH_DMA_MINALIGN up to 16 LoongArch: Increase MAX_IO_PICS up to 8 Ian Rogers (10): libbpf: Add namespace for errstr making it libbpf_errstr perf stat: Fix find_stat for mixed legacy/non-legacy events perf stat: Don't merge counters purely on name perf pmus: Restructure pmu_read_sysfs to scan fewer PMUs tools/x86: Fix linux/unaligned.h include path in lib/insn.c perf tests: Fix data symbol test with LTO builds perf debug: Avoid stack overflow in recursive error message perf evlist: Add success path to evlist__create_syswide_maps perf evsel: tp_format accessing improvements perf pmu: Rename name matching for no suffix or wildcard variants Ido Schimmel (2): ipv6: Start path selection from the first nexthop ipv6: Do not consider link down nexthops in path selection Ilkka Koskinen (2): coresight: catu: Fix number of pages while using 64k pages perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Ilpo Järvinen (8): platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static PCI: Remove add_align overwrite unrelated to size0 PCI: Simplify size1 assignment logic PCI: Allow relaxed bridge window tail sizing for optional resources PCI: Fix BAR resizing when VF BARs are assigned PCI: pciehp: Don't enable HPIE when resuming in poll mode PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type Jacky Bai (2): cpuidle: Init cpuidle only for present CPUs cpufreq: Init cpufreq only for present CPUs Jacob Keller (5): igb: reject invalid external timestamp requests for 82580-based HW renesas: reject PTP_STRICT_FLAGS as unsupported net: lan743x: reject unsupported external timestamp requests broadcom: fix supported flag check in periodic output function ptp: ocp: reject unsupported periodic output flags Jakub Kicinski (1): netlink: specs: rt_route: pull the ifa- prefix out of the names James Clark (5): perf: Always feature test reallocarray perf tests: Fix Tool PMU test segfault perf pmu: Dynamically allocate tool PMU perf pmu: Don't double count common sysfs and json events perf: intel-tpebs: Fix incorrect usage of zfree() James Morse (1): x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Jan Glaza (3): virtchnl: make proto and filter action count unsigned ice: stop truncating queue ids when checking ice: validate queue quanta parameters to prevent OOB access Jan Kara (1): ext4: verify fast symlink length Jann Horn (5): rwonce: handle KCSAN like KASAN in read_word_at_a_time() rwonce: fix crash by removing READ_ONCE() for unaligned read x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jason-JH Lin (1): drm/mediatek: Fix config_updating flag never false when no mbox channel Javier Carrasco (3): iio: light: veml6030: extend regmap to support regfields iio: gts-helper: export iio_gts_get_total_gain() iio: light: veml6030: fix scale to conform to ABI Javier Martinez Canillas (1): drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jeff Chen (2): wifi: mwifiex: Fix premature release of RF calibration data. wifi: mwifiex: Fix RF calibration data download from file Jeff Layton (2): nfsd: don't ignore the return code of svc_proc_register() nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Jens Axboe (1): io_uring/net: improve recv bundles Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jesse Brandeburg (1): ice: fix reservation of resources for RDMA when disabled Jianfeng Liu (1): arm64: dts: rockchip: Fix pcie reset gpio on Orange Pi 5 Max Jiawen Wu (2): net: libwx: fix Tx descriptor content for some tunnel packets net: libwx: fix Tx L4 checksum Jiayuan Chen (1): bpf: Fix array bounds error with may_goto Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Liu (1): net: phy: broadcom: Correct BCM5221 PHY model detection Jim Quinlan (4): PCI: brcmstb: Set generation limit before PCIe link up PCI: brcmstb: Use internal register to change link capability PCI: brcmstb: Fix error path after a call to regulator_bulk_get() PCI: brcmstb: Fix potential premature regulator disabling Jinghao Jia (1): samples/bpf: Fix broken vmlinux path for VMLINUX_BTF Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Jiri Olsa (1): uprobes/x86: Harden uretprobe syscall trampoline check Jiri Slaby (SUSE) (1): tty: n_tty: use uint for space returned by tty_write_room() Joe Hattori (2): media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johannes Berg (1): wifi: mac80211: remove SSID from ML reconf John Keeping (3): drm/ssd130x: fix ssd132x encoding drm/ssd130x: ensure ssd132x pitch is correct drm/panel: ilitek-ili9882t: fix GPIO name in error message Jonathan Cameron (3): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. iio: core: Rework claim and release of direct mode to work with sparse. Jonathan Santos (1): iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Josh Poimboeuf (11): x86/traps: Make exc_double_fault() consistently noreturn objtool: Fix detection of consecutive jump tables on Clang 20 objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() objtool: Fix segfault in ignore_unreachable_insn() sched/smt: Always inline sched_smt_active() context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() rcu-tasks: Always inline rcu_irq_work_resched() objtool/loongarch: Add unwind hints in prepare_frametrace() spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Juri Lelli (5): sched/deadline: Ignore special tasks when rebuilding domains sched/topology: Wrappers for sched_domains_mutex sched/deadline: Generalize unique visiting of root domains sched/deadline: Rebuild root domain accounting after every update include/{topology,cpuset}: Move dl_rebuild_rd_accounting to cpuset.h Kai-Heng Feng (1): PCI: Use downstream bridges for distributing resources Kan Liang (5): perf: Save PMU specific data in task_struct perf: Supply task information to sched_task() perf/x86/lbr: Fix shorter LBRs call stacks for the system-wide mode perf tools: Add skip check in tool_pmu__event_to_str() perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Kang Yang (1): wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode Karan Sanghavi (1): iio: light: Add check for array bounds in veml6075_read_int_time_ms Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Karol Kolacinski (1): ice: ensure periodic output start time is in the future Kees Bakker (1): RDMA/mana_ib: Ensure variable err is initialized Kees Cook (1): kunit/stackinit: Use fill byte different from Clang i386 pattern Kemeng Shi (1): ext4: add missing brelse() for bh2 in ext4_dx_add_entry() Kent Overstreet (1): bcachefs: bch2_ioctl_subvolume_destroy() fixes Kevin Loughlin (1): x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Kirill A. Shutemov (1): x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Konrad Dybcio (1): clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Konstantin Andreev (2): smack: dont compile ipv6 code unless ipv6 is configured smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Komarov (1): fs/ntfs3: Update inode->i_mapping->a_ops on compression state Krzysztof Kozlowski (1): drm/msm/dsi/phy: Program clock inverters in correct register Kuninori Morimoto (1): ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() Kuniyuki Iwashima (4): net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init(). udp: Fix multiple wraparounds of sk->sk_rmem_alloc. udp: Fix memory accounting leak. Lama Kayal (1): net/mlx5e: SHAMPO, Make reserved size independent of page size Laurentiu Mihalcea (3): arm64: dts: imx8mp: add AUDIO_AXI_CLK_ROOT to AUDIOMIX block arm64: dts: imx8mp: change AUDIO_AXI_CLK_ROOT freq. to 800MHz clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Len Brown (1): tools/power turbostat: report CoreThr per measurement interval Leo Stone (1): f2fs: add check for deleted inode Leo Yan (1): perf arm-spe: Fix load-store operation checking Leon Romanovsky (1): xfrm: delay initialization of offload path till its actually requested Li Huafei (1): watchdog/hardlockup/perf: Fix perf_event memory leak Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Li Nan (8): md: ensure resync is prioritized over recovery badblocks: Fix error shitf ops badblocks: factor out a helper try_adjacent_combine badblocks: attempt to merge adjacent badblocks during ack_all_badblocks badblocks: return error directly when setting badblocks exceeds 512 badblocks: return error if any badblock set fails badblocks: fix the using of MAX_BADBLOCKS badblocks: fix merge issue when new badblocks align with pre+1 Liang Jie (1): wifi: rtw89: Correct immediate cfg_len calculation for scan_offload_be Likhitha Korrapati (1): perf tools: Fix is_compat_mode build break in ppc64 Lin Ma (2): netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Lizhi Hou (1): accel/amdxdna: Return error when setting clock failed for npu1 Lorenzo Bianconi (4): net: airoha: Fix lan4 support in airoha_qdma_get_gdm_port() PCI: mediatek-gen3: Configure PBUS_CSR registers for EN7581 SoC net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() net: airoha: Fix ETS priomap validation Louis-Alexis Eyraud (3): arm64: dts: mediatek: mt8390-genio-700-evk: Move common parts to dtsi arm64: dts: mediatek: mt8390-genio-common: Fix duplicated regulator name ASoC: mediatek: mt6359: Fix DT parse error due to wrong child node name Lubomir Rintel (1): rndis_host: Flag RNDIS modems as WWAN devices Luca Ceresoli (1): perf build: Fix in-tree build due to symbolic link Luca Weiss (4): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom: pas: add minidump_id to SC7280 WPSS remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Luiz Augusto von Dentz (2): Bluetooth: hci_core: Enable buffer flow control for SCO/eSCO Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT Lukas Wunner (1): PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion Lukasz Czapnik (1): ice: fix input validation for virtchnl BW Macpaul Lin (1): arm64: dts: mediatek: mt6359: fix dtbs_check error for audio-codec Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Maksim Davydov (1): x86/split_lock: Fix the delayed detection logic Manikanta Mylavarapu (2): drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock clk: qcom: ipq5424: fix software and hardware flow control error of UART Manivannan Sadhasivam (2): wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path Marcus Meissner (1): perf tools: annotate asm_pure_loop.S Marek Behún (5): net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family net: dsa: mv88e6xxx: enable PVT for 6321 switch net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family net: dsa: mv88e6xxx: enable STU methods for 6320 family Marijn Suijten (4): drm/msm/dsi: Use existing per-interface slice count in DSC timing drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host drm/msm/dpu: Fall back to a single DSC encoder (1:1:1) on small SoCs drm/msm/dpu: Remove arbitrary limit of 1 interface in DSC topology Mario Limonciello (1): ucsi_ccg: Don't show failed to get FW build information error Mark Bloch (1): net/mlx5: LAG, reload representors on LAG creation failure Mark Harmstone (1): btrfs: don't clobber ret in btrfs_validate_super() Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Mateusz Polchlopek (1): ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Maud Spierings (1): dt-bindings: vendor-prefixes: add GOcontroll Maurizio Lombardi (1): nvme-pci: skip nvme_write_sq_db on empty rqlist Max Kellermann (3): io_uring/io-wq: eliminate redundant io_work_get_acct() calls io_uring/io-wq: cache work->flags in variable io_uring/io-wq: do not use bogus hash value Max Merchel (1): ARM: dts: imx6ul-tqma6ul1: Change include order to disable fec2 node Maxim Mikityanskiy (1): net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context Miaoqian Lin (3): ksmbd: use aead_request_free to match aead_request_alloc LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() mmc: omap: Fix memory leak in mmc_omap_new_slot Michael Chan (2): bnxt_en: Mask the bd_cnt field in the TX BD properly bnxt_en: Linearize TX SKB if the fragments exceed the max Michael Guralnik (2): RDMA/mlx5: Fix page_size variable overflow RDMA/mlx5: Fix MR cache initialization error flow Michael Jeanson (1): rseq: Update kernel fields in lockstep with CONFIG_DEBUG_RSEQ=y Michael Walle (2): arm64: dts: ti: k3-am62p: fix pinctrl settings arm64: dts: ti: k3-j722s: fix pinctrl settings Mike Christie (1): vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Mikhail Lobanov (1): wifi: mac80211: check basic rates validity in sta_link_apply_parameters Ming Lei (2): block: fix adding folio to bio ublk: make sure ubq->canceling is set when queue is frozen Ming Yen Hsieh (2): wifi: mt76: mt7925: remove unused acpi function for clc wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Moshe Shemesh (1): net/mlx5: Start health poll after enable hca Murad Masimov (3): ax25: Remove broken autobind acpi: nfit: fix narrowing conversion in acpi_nfit_ctl media: streamzap: fix race between device disconnection and urb callback Namhyung Kim (4): perf report: Switch data file correctly in TUI perf machine: Fixup kernel maps ends after adding extra maps perf test: Add timeout to datasym workload perf bpf-filter: Fix a parsing error with comma Namjae Jeon (6): ksmbd: fix multichannel connection failure ksmbd: fix r_count dec/increment mismatch ksmbd: add bounds check for durable handle context ksmbd: fix use-after-free in ksmbd_sessions_deregister() ksmbd: fix session use-after-free in multichannel connection ksmbd: fix null pointer dereference in alloc_preauth_hash() Nathan Chancellor (3): crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() ACPI: platform-profile: Fix CFI violation when accessing sysfs files ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix kernel panic during FW release Neil Armstrong (1): clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() NeilBrown (1): NFS: fix open_owner_id_maxsz and related fields. Nick Child (1): ibmvnic: Use kernel helpers for hex dumps Nicolas Bouchinet (1): coredump: Fixes core_pipe_limit sysctl proc_handler Nicolas Escande (2): wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path wifi: ath12k: Add missing htt_metadata flag in ath12k_dp_tx() Nicolas Frattaroli (1): arm64: dts: rockchip: remove ethm0_clk0_25m_out from Sige5 gmac0 Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (3): wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() mfd: sm501: Switch to BIT() to mitigate integer overflows media: vimc: skip .s_stream() for stopped entities Niklas Cassel (5): ata: libata: Fix NCQ Non-Data log not supported print nvmet: pci-epf: Always configure BAR0 as 64-bit misc: pci_endpoint_test: Fix pci_endpoint_test_bars_read_bar() error handling misc: pci_endpoint_test: Handle BAR sizes larger than INT_MAX PCI: endpoint: pci-epf-test: Handle endianness properly Niklas Neronin (1): usb: xhci: correct debug message page size calculation Niklas Schnelle (1): s390: Remove ioremap_wt() and pgprot_writethrough() Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Norbert Szetei (3): ksmbd: add bounds check for create lease context ksmbd: fix overflow in dacloffset bounds check ksmbd: validate zero num_subauth before sub_auth is accessed Nuno Sá (1): iio: backend: make sure to NULL terminate stack buffer Ojaswin Mujoo (2): ext4: define ext4_journal_destroy wrapper ext4: avoid journaling sb update on error if journal is destroying Oleg Nesterov (2): seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER exec: fix the racy usage of fs_struct->in_exec Oleksij Rempel (1): net: dsa: microchip: fix DCB apptrust configuration on KSZ88x3 Olga Kornievskaia (1): nfsd: fix management of listener transports Olivia Mackintosh (1): ALSA: usb-audio: separate DJM-A9 cap lvl options P Praneesh (1): wifi: ath11k: fix RCU stall while reaping monitor destination ring Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Palmer Dabbelt (1): RISC-V: errata: Use medany for relocatable builds Paolo Bonzini (1): KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (2): scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Pavel Begunkov (2): io_uring: check for iowq alloc_workqueue failure io_uring: fix retry handling off iowq Pedro Nishiyama (3): Bluetooth: Add quirk for broken READ_VOICE_SETTING Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers Peng Fan (3): remoteproc: core: Clear table_sz when rproc_shutdown dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister dmaengine: fsl-edma: free irq correctly in remove path Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Zijlstra (1): lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Peter Zijlstra (Intel) (1): perf/x86/intel: Apply static call for drain_pebs Ping-Ke Shih (2): wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() wifi: rtw89: pci: correct ISR RDU bit for 8922AE Piotr Kwapulinski (1): ixgbe: fix media type detection for E610 device Pranjal Shrivastava (1): net: Fix the devmem sock opts and msgs for parisc Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Przemek Kitszel (1): ice: health.c: fix compilation on gcc 7.5 Pu Lehui (2): riscv: fgraph: Select HAVE_FUNCTION_GRAPH_TRACER depends on HAVE_DYNAMIC_FTRACE_WITH_ARGS riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (5): EDAC/igen6: Fix the flood of invalid error reports EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Rameshkumar Sundaram (1): wifi: ath12k: Fix pdev lookup in WBM error processing Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Remi Pommarel (1): leds: Fix LED_OFF brightness race Richard Fitzgerald (1): firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Ritu Chaudhary (1): ASoC: tegra: Use non-atomic timeout for ADX status register Rob Clark (1): drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Robin Murphy (2): iommu: Handle race with default domain setup media: omap3isp: Handle ARM dma_iommu_mapping Robin van der Gracht (1): can: rockchip_canfd: rkcanfd_chip_fifo_setup(): remove duplicated setup of RX FIFO Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Saket Kumar Bhaskar (1): selftests/bpf: Select NUMA_NO_NODE to create map Saleemkhan Jamadar (1): drm/amdgpu/umsch: remove vpe test from umsch Sankararaman Jayaraman (1): vmxnet3: unregister xdp rxq info in the reset path Sathishkumar Muruganandam (1): wifi: ath12k: encode max Tx power in scan channel list command Sean Christopherson (1): KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Sebastian Andrzej Siewior (1): lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Shay Drory (1): PCI: Fix NULL dereference in SR-IOV VF creation error path Sherry Sun (4): tty: serial: fsl_lpuart: Use u32 and u8 for register variables tty: serial: fsl_lpuart: use port struct directly to simply code tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Shuai Xue (1): x86/mce: use is_copy_from_user() to determine copy-from-user context Sicelo A. Mhlongo (1): power: supply: bq27xxx_battery: do not update cached flags prematurely Song Yoong Siang (3): xsk: Add launch time hardware offload support to XDP Tx metadata igc: Refactor empty frame insertion for launch time support igc: Add launch time support to XDP ZC Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Srinivasan Shanmugam (2): drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Stanislav Spassov (1): x86/fpu: Fix guest FPU state buffer allocation size Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefan Eichenberger (1): arm64: dts: ti: k3-am62-verdin-dahlia: add Microphone Jack to sound card Stefan Wahren (3): staging: vchiq_arm: Register debugfs after cdev staging: vchiq_arm: Fix possible NPR of keep-alive thread staging: vchiq_arm: Stop kthreads if vchiq cdev register fails Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Stephen Brennan (1): perf dso: fix dso__is_kallsyms() check Steven Price (1): drm/panthor: Clean up FW version information display Steven Rostedt (2): tracing: Verify event formats that have "%*p.." tracing: Do not use PERF enums when perf is not defined Su Yue (1): md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb Sudeep Holla (4): firmware: arm_ffa: Unregister the FF-A devices when cleaning up the partitions firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison firmware: arm_ffa: Explicitly cast return value from NOTIFICATION_INFO_GET firmware: arm_ffa: Skip the first/partition ID when parsing vCPU list Sungjong Seo (2): exfat: fix random stack corruption after get_block exfat: fix potential wrong error return from get_block Suzuki K Poulose (3): dma: Fix encryption bit clearing for dma_to_phys dma: Introduce generic dma_addr_*crypted helpers arm64: realm: Use aliased addresses for device DMA to shared buffers Sven Schnelle (1): s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Taehee Yoo (1): eth: bnxt: fix out-of-range access of vnic_info array Takashi Iwai (5): ALSA: hda/realtek: Always honor no_shutup_pins ALSA: timer: Don't take register_mutex with copy_from/to_user() ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Tang Yizhou (2): writeback: let trace_balance_dirty_pages() take struct dtc as parameter writeback: fix calculations in trace_balance_dirty_pages() for cgwb Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tengda Wu (2): selftests/bpf: Fix freplace_link segfault in tailcalls prog test tracing: Fix use-after-free in print_graph_function_flags during tracer switching Thadeu Lima de Souza Cascardo (2): dlm: prevent NPD when writing a positive value to event_done drm/amd/display: avoid NPD when ASIC does not support DMUB Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Thomas Richter (3): perf test: Fix Hwmon PMU test endianess issue perf bench: Fix perf bench syscall loop count perf pmu: Handle memory failure in tool_pmu__new() Thomas Weißschuh (2): x86/vdso: Fix latent bug in vclock_pages calculation leds: st1202: Check for error code from devm_mutex_init() call Thorsten Blum (1): m68k: sun3: Use str_read_write() helper in mmu_emu_handle_fault() Tianchen Ding (1): sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks Tianyu Lan (1): x86/hyperv: Fix check of return value from snp_set_vmsa() Tiezhu Yang (3): objtool: Handle various symbol types of rodata objtool: Handle different entry size of rodata objtool: Handle PC relative relocation type Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tingbo Liao (1): riscv: Fix the __riscv_copy_vec_words_unaligned implementation Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tom Rini (1): ARM: dts: omap4-panda-a4: Add missing model and compatible properties Tomas Glozar (1): tools/rv: Keep user LDFLAGS in build Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Tony Ambardar (2): selftests/bpf: Fix runqslower cross-endian build libbpf: Fix accessing BTF.ext core_relo header Trond Myklebust (5): NFSv4: Don't trigger uneccessary scans for return-on-close delegations NFSv4: Avoid unnecessary scans of filesystems for returning delegations NFSv4: Avoid unnecessary scans of filesystems for expired delegations NFSv4: Avoid unnecessary scans of filesystems for delayed delegations NFS: Shut down the nfs_client only after all the superblocks Tushar Dave (1): PCI/ACS: Fix 'pci=config_acs=' parameter Ulf Hansson (1): mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Uwe Kleine-König (8): iio: adc: ad7124: Micro-optimize channel disabling iio: adc: ad7124: Really disable all channels at probe time iio: adc: ad7173: Grab direct mode for calibration iio: adc: ad7192: Grab direct mode for calibration iio: adc: ad_sigma_delta: Disable channel after calibration iio: adc: ad4130: Fix comparison of channel setups iio: adc: ad7124: Fix comparison of channel configs iio: adc: ad7173: Fix comparison of channel configs Vaibhav Jain (1): powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Vasant Hegde (1): iommu/amd: Fix header file Vasiliy Kovalev (3): jfs: add check read-only before txBeginAnon() call jfs: add check read-only before truncation in jfs_truncate_nolock() ocfs2: validate l_tree_depth to avoid out-of-bounds access Venkata Prasad Potturu (1): ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Veronika Molnarova (1): perf test stat_all_pmu.sh: Correctly check 'perf stat' result Viktor Malik (1): selftests/bpf: Fix string read in strncmp benchmark Viresh Kumar (1): firmware: arm_ffa: Refactor addition of partition information into XArray Vishal Annapurve (1): x86/tdx: Fix arch_safe_halt() execution for TDX VMs Vitalii Mordan (1): gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines Vitaliy Shevtsov (2): ASoC: cs35l41: check the return value from spi_setup() drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vitaly Kuznetsov (1): x86/entry: Add __init to ia32_emulation_override_cmdline() Vitaly Lifshits (1): e1000e: change k1 configuration on MTP and later platforms Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladimir Oltean (3): net: dsa: sja1105: fix displaced ethtool statistics counters net: dsa: sja1105: reject other RX filters than HWTSTAMP_FILTER_PTP_V2_L2_EVENT net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() WANG Rui (1): rust: Fix enabling Rust and building with GCC for LoongArch Wang Liang (4): bonding: check xdp prog when set bond mode net: fix NULL pointer dereference in l3mdev_l3_rcv RDMA/core: Fix use-after-free when rename device name xsk: Fix __xsk_generic_xmit() error code when cq is full Wang Zhaolong (1): smb: client: Fix netns refcount imbalance causing leaks and use-after-free WangYuli (2): netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE mlxsw: spectrum_acl_bloom_filter: Workaround for some LLVM versions Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wen Gong (1): wifi: ath11k: update channel list in reg notifier instead reg worker Wenkai Lin (3): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for sec spec check crypto: hisilicon/sec2 - fix for aead auth key length Wentao Guan (1): Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel Wentao Liang (1): greybus: gb-beagleplay: Add error handling for gb_greybus_init Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() Xiao Ni (1): md/raid10: wait barrier before returning discard request with REQ_NOWAIT Xingui Yang (1): scsi: hisi_sas: Fixed failure to issue vendor specific commands Xueqi Zhang (1): memory: mtk-smi: Add ostd setting for mt8192 Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Yang Wang (1): drm/amdgpu: refine smu send msg debug log format Yao Zi (2): arm64: dts: rockchip: Fix PWM pinctrl names riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Ye Bin (5): ext4: introduce ITAIL helper ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() fs/ntfs3: Factor out ntfs_{create/remove}_procdir() fs/ntfs3: Factor out ntfs_{create/remove}_proc_root() fs/ntfs3: Fix 'proc_info_root' leak when init ntfs failed Yeoreum Yun (1): perf/core: Fix child_total_time_enabled accounting bug at task exit Yi Lai (1): selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS Ying Lu (1): usbnet:fix NPE during rx_complete Yosry Ahmed (1): mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Yu Kuai (3): md: fix mddev uaf while iterating all_mddevs list md/raid1,raid10: don't ignore IO flags blk-throttle: fix lower bps rate by throtl_trim_slice() Yu Zhang(Yuriy) (1): wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability Yuanfang Zhang (1): coresight-etm4x: add isb() before reading the TRCSTATR Yue Haibing (2): pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() drm/xe: Fix unmet direct dependencies warning Yuezhang Mo (2): exfat: fix the infinite loop in exfat_find_last_cluster() exfat: fix missing shutdown check Yuli Wang (1): LoongArch: Rework the arch_kgdb_breakpoint() implementation Yunhui Cui (1): iommu/vt-d: Fix system hang on reboot -f Zdenek Bouska (1): igc: Fix TX drops in XDP ZC Zhang Rui (2): tools/power turbostat: Allow Zero return value for some RAPL registers tools/power turbostat: Restore GFX sysfs fflush() call Zhang Yi (2): jbd2: fix off-by-one while erasing journal jbd2: add a missing data flush during file and fs synchronization Zheng Qixing (4): md/raid1: fix memory leak in raid1_run() if no active rdev badblocks: fix missing bad blocks on retry in _badblocks_check() badblocks: return boolean from badblocks_set() and badblocks_clear() badblocks: use sector_t instead of int to avoid truncation of badblocks length Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS xueqin Luo (1): thermal: core: Remove duplicate struct declaration zihan zhou (1): sched: Cancel the slice protection of the idle entity zuoqian (1): cpufreq: scpi: compare kHz instead of Hz 谢致邦 (XIE Zhibang) (2): staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig

6 months, 2 weeks

1
1
0 0

Linux 6.13.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.11 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/Kconfig | 2 arch/arm/include/asm/vmlinux.lds.h | 12 arch/arm64/include/asm/mem_encrypt.h | 11 arch/arm64/kernel/compat_alignment.c | 2 arch/loongarch/Kconfig | 4 arch/loongarch/include/asm/cache.h | 2 arch/loongarch/include/asm/irq.h | 2 arch/loongarch/include/asm/stacktrace.h | 3 arch/loongarch/include/asm/unwind_hints.h | 10 arch/loongarch/kernel/env.c | 2 arch/loongarch/kernel/kgdb.c | 5 arch/loongarch/net/bpf_jit.c | 12 arch/loongarch/net/bpf_jit.h | 5 arch/powerpc/configs/mpc885_ads_defconfig | 2 arch/powerpc/crypto/Makefile | 1 arch/powerpc/kexec/relocate_32.S | 7 arch/powerpc/perf/vpa-pmu.c | 1 arch/powerpc/platforms/cell/spufs/gang.c | 1 arch/powerpc/platforms/cell/spufs/inode.c | 63 - arch/powerpc/platforms/cell/spufs/spufs.h | 2 arch/riscv/errata/Makefile | 6 arch/riscv/include/asm/cpufeature.h | 4 arch/riscv/include/asm/ftrace.h | 4 arch/riscv/kernel/elf_kexec.c | 3 arch/riscv/kernel/traps_misaligned.c | 14 arch/riscv/kernel/unaligned_access_speed.c | 36 arch/riscv/kernel/vec-copy-unaligned.S | 2 arch/riscv/kvm/main.c | 4 arch/riscv/kvm/vcpu_pmu.c | 1 arch/riscv/mm/hugetlbpage.c | 76 - arch/riscv/purgatory/entry.S | 1 arch/s390/include/asm/io.h | 2 arch/s390/include/asm/pgtable.h | 3 arch/s390/kernel/entry.S | 2 arch/s390/mm/pgtable.c | 10 arch/um/include/shared/os.h | 1 arch/um/kernel/Makefile | 2 arch/um/kernel/maccess.c | 19 arch/um/os-Linux/process.c | 51 arch/x86/Kconfig | 3 arch/x86/Kconfig.cpu | 2 arch/x86/Makefile.um | 7 arch/x86/coco/tdx/tdx.c | 26 arch/x86/entry/calling.h | 2 arch/x86/entry/common.c | 2 arch/x86/entry/vdso/vdso-layout.lds.S | 2 arch/x86/entry/vdso/vma.c | 2 arch/x86/events/intel/core.c | 43 arch/x86/events/intel/ds.c | 13 arch/x86/events/perf_event.h | 3 arch/x86/hyperv/hv_vtl.c | 1 arch/x86/hyperv/ivm.c | 5 arch/x86/include/asm/tdx.h | 4 arch/x86/include/asm/tlbflush.h | 2 arch/x86/include/asm/vdso/vsyscall.h | 1 arch/x86/kernel/cpu/bus_lock.c | 20 arch/x86/kernel/cpu/mce/severity.c | 11 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 arch/x86/kernel/cpu/sgx/driver.c | 10 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/fpu/core.c | 6 arch/x86/kernel/process.c | 9 arch/x86/kernel/traps.c | 18 arch/x86/kernel/tsc.c | 4 arch/x86/kernel/uprobes.c | 14 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/x86.c | 15 arch/x86/lib/copy_user_64.S | 18 arch/x86/mm/mem_encrypt_identity.c | 4 arch/x86/mm/pat/cpa-test.c | 2 arch/x86/mm/pat/memtype.c | 52 crypto/api.c | 17 crypto/bpf_crypto_skcipher.c | 1 drivers/acpi/acpi_video.c | 9 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 7 drivers/acpi/x86/utils.c | 3 drivers/auxdisplay/Kconfig | 1 drivers/auxdisplay/panel.c | 4 drivers/base/power/main.c | 21 drivers/base/power/runtime.c | 2 drivers/block/ublk_drv.c | 39 drivers/clk/imx/clk-imx8mp-audiomix.c | 6 drivers/clk/meson/g12a.c | 38 drivers/clk/meson/gxbb.c | 14 drivers/clk/mmp/clk-pxa1908-apmu.c | 4 drivers/clk/qcom/gcc-ipq5424.c | 24 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/gcc-sm8650.c | 4 drivers/clk/qcom/gcc-x1e80100.c | 30 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/renesas/r9a08g045-cpg.c | 5 drivers/clk/renesas/rzg2l-cpg.c | 13 drivers/clk/renesas/rzg2l-cpg.h | 10 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/cpufreq/Kconfig.arm | 2 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cpufreq-dt.c | 2 drivers/cpufreq/cpufreq_governor.c | 45 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/cpufreq/mediatek-cpufreq.c | 2 drivers/cpufreq/mvebu-cpufreq.c | 2 drivers/cpufreq/qcom-cpufreq-hw.c | 2 drivers/cpufreq/qcom-cpufreq-nvmem.c | 8 drivers/cpufreq/scmi-cpufreq.c | 2 drivers/cpufreq/scpi-cpufreq.c | 7 drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6 drivers/cpufreq/virtual-cpufreq.c | 2 drivers/cpuidle/cpuidle-arm.c | 8 drivers/cpuidle/cpuidle-big_little.c | 2 drivers/cpuidle/cpuidle-psci.c | 4 drivers/cpuidle/cpuidle-qcom-spm.c | 2 drivers/cpuidle/cpuidle-riscv-sbi.c | 4 drivers/crypto/hisilicon/sec2/sec.h | 1 drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 -- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 - drivers/crypto/nx/nx-common-pseries.c | 37 drivers/crypto/tegra/tegra-se-aes.c | 401 ++++--- drivers/crypto/tegra/tegra-se-hash.c | 287 +++-- drivers/crypto/tegra/tegra-se-key.c | 29 drivers/crypto/tegra/tegra-se-main.c | 16 drivers/crypto/tegra/tegra-se.h | 39 drivers/dma/fsl-edma-main.c | 14 drivers/edac/i10nm_base.c | 2 drivers/edac/ie31200_edac.c | 19 drivers/edac/igen6_edac.c | 21 drivers/edac/skx_common.c | 33 drivers/edac/skx_common.h | 11 drivers/firmware/cirrus/cs_dsp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 drivers/gpu/drm/amd/display/dmub/src/dmub_srv.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 drivers/gpu/drm/bridge/ite-it6505.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/mediatek/mtk_dp.c | 6 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 8 drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 drivers/gpu/drm/msm/msm_dsc_helper.h | 11 drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 drivers/gpu/drm/panthor/panthor_fw.c | 9 drivers/gpu/drm/panthor/panthor_fw.h | 6 drivers/gpu/drm/panthor/panthor_sched.c | 2 drivers/gpu/drm/solomon/ssd130x-spi.c | 7 drivers/gpu/drm/solomon/ssd130x.c | 6 drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xe/Kconfig | 2 drivers/gpu/drm/xe/xe_guc_pc.c | 53 drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/greybus/gb-beagleplay.c | 4 drivers/hid/Makefile | 1 drivers/hid/i2c-hid/i2c-hid-core.c | 2 drivers/hwmon/nct6775-core.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/hwtracing/coresight/coresight-core.c | 20 drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/accel/msa311.c | 26 drivers/iio/adc/ad4130.c | 41 drivers/iio/adc/ad7124.c | 35 drivers/iio/adc/ad7173.c | 25 drivers/iio/adc/ad7768-1.c | 15 drivers/iio/dac/adi-axi-dac.c | 8 drivers/iio/industrialio-backend.c | 4 drivers/iio/light/veml6075.c | 8 drivers/infiniband/core/device.c | 18 drivers/infiniband/core/mad.c | 38 drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/erdma/erdma_cm.c | 1 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/infiniband/hw/mlx5/mr.c | 41 drivers/infiniband/hw/mlx5/odp.c | 10 drivers/leds/led-core.c | 22 drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/media/platform/ti/omap3isp/isp.c | 7 drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1 drivers/media/rc/streamzap.c | 2 drivers/media/test-drivers/vimc/vimc-streamer.c | 6 drivers/memory/omap-gpmc.c | 20 drivers/mfd/sm501.c | 6 drivers/mmc/host/omap.c | 19 drivers/mmc/host/sdhci-omap.c | 4 drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/dsa/mv88e6xxx/chip.c | 11 drivers/net/dsa/mv88e6xxx/phy.c | 3 drivers/net/dsa/realtek/Kconfig | 2 drivers/net/ethernet/ibm/ibmveth.c | 39 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 + drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 drivers/net/ethernet/intel/idpf/idpf_main.c | 6 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8 drivers/net/phy/broadcom.c | 6 drivers/net/usb/rndis_host.c | 16 drivers/net/usb/usbnet.c | 6 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pci.c | 37 drivers/nvme/host/tcp.c | 5 drivers/nvme/target/debugfs.c | 2 drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-histb.c | 12 drivers/pci/controller/pcie-brcmstb.c | 16 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/iov.c | 48 drivers/pci/pci-sysfs.c | 4 drivers/pci/pci.c | 22 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/bwctrl.c | 6 drivers/pci/pcie/portdrv.c | 8 drivers/pci/probe.c | 5 drivers/pci/setup-bus.c | 4 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 drivers/pinctrl/intel/pinctrl-intel.c | 1 drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/surface/surface_aggregator_registry.c | 5 drivers/platform/x86/amd/pmf/pmf.h | 5 drivers/platform/x86/amd/pmf/tee-if.c | 82 + drivers/platform/x86/dell/dell-uart-backlight.c | 2 drivers/platform/x86/dell/dell-wmi-ddv.c | 6 drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/platform/x86/intel/vsec.c | 7 drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 drivers/platform/x86/thinkpad_acpi.c | 11 drivers/power/supply/bq27xxx_battery.c | 1 drivers/power/supply/max77693_charger.c | 2 drivers/regulator/pca9450-regulator.c | 6 drivers/remoteproc/qcom_q6v5_mss.c | 21 drivers/remoteproc/qcom_q6v5_pas.c | 13 drivers/remoteproc/remoteproc_core.c | 1 drivers/rtc/rtc-renesas-rtca3.c | 15 drivers/soundwire/slave.c | 1 drivers/spi/spi-bcm2835.c | 18 drivers/spi/spi-cadence-xspi.c | 2 drivers/staging/gpib/agilent_82357a/agilent_82357a.c | 513 ++++----- drivers/staging/gpib/cb7210/cb7210.c | 2 drivers/staging/gpib/common/gpib_os.c | 7 drivers/staging/gpib/hp_82341/hp_82341.c | 2 drivers/staging/gpib/include/gpibP.h | 2 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 545 +++++----- drivers/staging/gpib/ni_usb/ni_usb_gpib.h | 2 drivers/staging/rtl8723bs/Kconfig | 1 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 28 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/n_tty.c | 13 drivers/tty/serial/fsl_lpuart.c | 312 ++--- drivers/usb/host/xhci-mem.c | 6 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/vhost/scsi.c | 25 drivers/video/console/Kconfig | 6 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/sm501fb.c | 7 drivers/w1/masters/w1-uart.c | 4 fs/9p/vfs_inode_dotl.c | 2 fs/affs/file.c | 9 fs/autofs/autofs_i.h | 2 fs/exec.c | 15 fs/exfat/fatent.c | 2 fs/exfat/file.c | 29 fs/exfat/inode.c | 41 fs/exfat/namei.c | 5 fs/ext4/dir.c | 3 fs/ext4/super.c | 27 fs/fsopen.c | 2 fs/fuse/dax.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 4 fs/hostfs/hostfs.h | 2 fs/hostfs/hostfs_kern.c | 7 fs/hostfs/hostfs_user.c | 59 - fs/isofs/dir.c | 3 fs/jfs/jfs_dtree.c | 3 fs/jfs/xattr.c | 15 fs/netfs/direct_read.c | 6 fs/nfs/delegation.c | 63 - fs/nfs/nfs4xdr.c | 18 fs/nfs/sysfs.c | 22 fs/nfs/write.c | 4 fs/nfsd/nfs4state.c | 37 fs/nfsd/nfsctl.c | 44 fs/nfsd/vfs.c | 28 fs/ntfs3/attrib.c | 3 fs/ntfs3/file.c | 22 fs/ntfs3/frecord.c | 6 fs/ntfs3/index.c | 4 fs/ntfs3/ntfs.h | 2 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/smb/client/cifsacl.c | 34 fs/smb/client/cifssmb.c | 46 fs/smb/client/connect.c | 16 fs/smb/client/smb2pdu.c | 96 - fs/smb/common/smbacl.h | 3 fs/smb/server/auth.c | 6 fs/smb/server/connection.h | 11 fs/smb/server/mgmt/user_session.c | 37 fs/smb/server/mgmt/user_session.h | 2 fs/smb/server/oplock.c | 12 fs/smb/server/smb2pdu.c | 54 fs/smb/server/smbacl.c | 50 fs/smb/server/smbacl.h | 2 include/drm/display/drm_dp_mst_helper.h | 7 include/linux/context_tracking_irq.h | 8 include/linux/coresight.h | 4 include/linux/dma-direct.h | 13 include/linux/fwnode.h | 2 include/linux/interrupt.h | 8 include/linux/mem_encrypt.h | 23 include/linux/nfs_fs_sb.h | 4 include/linux/nmi.h | 4 include/linux/pgtable.h | 28 include/linux/pm_runtime.h | 2 include/linux/rcupdate.h | 2 include/linux/sched/smt.h | 2 include/linux/seccomp.h | 8 include/linux/thermal.h | 2 include/linux/trace_events.h | 14 include/linux/uprobes.h | 2 include/rdma/ib_verbs.h | 1 init/Kconfig | 5 io_uring/net.c | 23 kernel/bpf/core.c | 19 kernel/bpf/verifier.c | 7 kernel/cpu.c | 5 kernel/events/core.c | 46 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 15 kernel/fork.c | 4 kernel/kexec_elf.c | 2 kernel/locking/semaphore.c | 13 kernel/sched/deadline.c | 2 kernel/sched/fair.c | 50 kernel/seccomp.c | 14 kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace_events.c | 21 kernel/trace/trace_events_hist.c | 133 ++ kernel/trace/trace_events_synth.c | 36 kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 kernel/watchdog.c | 25 kernel/watchdog_perf.c | 28 lib/842/842_compress.c | 2 lib/stackinit_kunit.c | 30 lib/vsprintf.c | 2 mm/gup.c | 3 mm/memory.c | 13 mm/zswap.c | 30 net/can/af_can.c | 12 net/can/af_can.h | 12 net/can/proc.c | 46 net/core/devmem.c | 4 net/core/dst.c | 8 net/core/rtnetlink.c | 3 net/core/rtnl_net_debug.c | 2 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/udp.c | 42 net/ipv6/addrconf.c | 37 net/ipv6/calipso.c | 21 net/ipv6/route.c | 42 net/mac80211/driver-ops.c | 10 net/mac80211/iface.c | 11 net/mac80211/rx.c | 10 net/mac80211/sta_info.c | 20 net/mac80211/util.c | 5 net/netfilter/nf_tables_api.c | 4 net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_skbprio.c | 3 net/sctp/sysctl.c | 4 net/vmw_vsock/af_vsock.c | 6 net/xdp/xsk.c | 5 rust/Makefile | 4 rust/kernel/print.rs | 7 samples/bpf/Makefile | 2 samples/trace_events/trace-events-sample.h | 8 scripts/package/debian/rules | 6 scripts/selinux/install_policy.sh | 15 security/smack/smack.h | 6 security/smack/smack_lsm.c | 34 sound/core/timer.c | 147 +- sound/pci/hda/patch_realtek.c | 50 sound/soc/amd/acp/acp-legacy-common.c | 10 sound/soc/codecs/cs35l41-spi.c | 5 sound/soc/codecs/cs42l43-jack.c | 13 sound/soc/codecs/cs42l43.c | 15 sound/soc/codecs/cs42l43.h | 3 sound/soc/codecs/rt1320-sdw.c | 3 sound/soc/codecs/rt5665.c | 24 sound/soc/codecs/wsa884x.c | 4 sound/soc/fsl/imx-card.c | 4 sound/soc/tegra/tegra210_adx.c | 6 sound/soc/ti/j721e-evm.c | 2 sound/usb/mixer_quirks.c | 7 tools/arch/x86/lib/insn.c | 2 tools/bpf/runqslower/Makefile | 3 tools/lib/bpf/btf.c | 4 tools/lib/bpf/linker.c | 2 tools/lib/bpf/str_error.c | 2 tools/lib/bpf/str_error.h | 7 tools/objtool/check.c | 35 tools/perf/Makefile.config | 10 tools/perf/Makefile.perf | 2 tools/perf/arch/powerpc/util/header.c | 4 tools/perf/arch/x86/util/topdown.c | 2 tools/perf/bench/syscall.c | 22 tools/perf/builtin-report.c | 2 tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10 tools/perf/pmu-events/empty-pmu-events.c | 8 tools/perf/pmu-events/jevents.py | 8 tools/perf/tests/hwmon_pmu.c | 16 tools/perf/tests/pmu.c | 85 - tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 tools/perf/tests/shell/record_bpf_filter.sh | 4 tools/perf/tests/shell/stat_all_pmu.sh | 48 tools/perf/tests/tool_pmu.c | 4 tools/perf/util/arm-spe.c | 8 tools/perf/util/bpf-filter.l | 2 tools/perf/util/comm.c | 2 tools/perf/util/debug.c | 2 tools/perf/util/dso.h | 4 tools/perf/util/evlist.c | 13 tools/perf/util/expr.c | 2 tools/perf/util/hwmon_pmu.c | 14 tools/perf/util/hwmon_pmu.h | 16 tools/perf/util/intel-tpebs.c | 2 tools/perf/util/parse-events.c | 2 tools/perf/util/pmu.c | 263 +++- tools/perf/util/pmu.h | 10 tools/perf/util/pmus.c | 20 tools/perf/util/python.c | 17 tools/perf/util/stat-shadow.c | 3 tools/perf/util/stat.c | 13 tools/perf/util/tool_pmu.c | 3 tools/perf/util/units.c | 2 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 3 tools/testing/selftests/bpf/Makefile | 1 tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5 tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 tools/testing/selftests/mm/cow.c | 2 tools/testing/selftests/net/netfilter/br_netfilter.sh | 7 tools/testing/selftests/net/netfilter/br_netfilter_queue.sh | 7 tools/testing/selftests/net/netfilter/nft_queue.sh | 1 tools/testing/selftests/pcie_bwctrl/Makefile | 2 505 files changed, 5294 insertions(+), 3183 deletions(-) Aaron Kling (1): cpufreq: tegra194: Allow building for Tegra234 Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Adrián Larumbe (1): drm/panthor: Fix race condition when gathering fdinfo group samples Akhil R (10): crypto: tegra - Use separate buffer for setkey crypto: tegra - Do not use fixed size buffers crypto: tegra - check return value for hash do_one_req crypto: tegra - Transfer HASH init function to crypto engine crypto: tegra - Fix HASH intermediate result handling crypto: tegra - Use HMAC fallback when keyslots are full crypto: tegra - Fix CMAC intermediate result handling crypto: tegra - Set IV to NULL explicitly for AES ECB crypto: tegra - finalize crypto req on error crypto: tegra - Reserve keyslots to allocate dynamically Al Viro (3): spufs: fix a leak on spufs_new_file() failure spufs: fix gang directory lifetimes spufs: fix a leak in spufs_create_context() Alex Deucher (3): drm/amdgpu/umsch: fix ucode check drm/amdgpu/gfx11: fix num_mec drm/amdgpu/gfx12: fix num_mec Alexander Wetzel (3): wifi: mac80211: Cleanup sta TXQs on flush wifi: mac80211: remove debugfs dir for virtual monitor wifi: mac80211: Fix sparse warning for monitor_sdata Alexandre Ghiti (2): riscv: Fix missing __free_pages() in check_vector_unaligned_access() riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Alexandru Gagniuc (1): kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Alexey Klimov (1): ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius Alice Ryhl (1): rust: fix signature of rust_fmt_argument Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andrew Jones (3): riscv: Annotate unaligned access init functions riscv: Fix riscv_online_cpu_vec riscv: Fix check_unaligned_access_all_cpus Andrii Nakryiko (1): libbpf: Fix hypothetical STT_SECTION extern NULL deref case Andy Shevchenko (3): auxdisplay: panel: Fix an API misuse in panel.c pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() Angelo Dureghello (1): iio: dac: adi-axi-dac: modify stream enable AngeloGioacchino Del Regno (2): drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Angelos Oikonomopoulos (1): arm64: Don't call NULL in do_compat_alignment_fixup() Anshuman Khandual (1): arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Antheas Kapenekakis (1): ALSA: hda/realtek: Fix Asus Z13 2025 audio Antoine Tenart (1): net: decrease cached dst counters in dst_release Armin Wolf (1): platform/x86: dell-ddv: Fix temperature calculation Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (6): x86/platform: Only allow CONFIG_EISA for 32-bit dummycon: fix default rows/cols mdacon: rework dependency list crypto: bpf - Add MODULE_DESCRIPTION for skcipher x86/Kconfig: Add cmpxchg8b support back to Geode CPUs ASoC: cs42l43: convert to SYSTEM_SLEEP_PM_OPS Artur Weber (1): power: supply: max77693: Fix wrong conversion of charge input threshold value Ashley Smith (1): drm/panthor: Update CS_STATUS_ defines to correct values Atish Patra (2): RISC-V: KVM: Disable the kernel perf counter during configure RISC-V: KVM: Teardown riscv specific bits after kvm_exit Aurabindo Pillai (1): drm/amd/display: fix an indent issue in DML21 Bairavi Alagappan (2): crypto: qat - set parity error mask for qat_420xx crypto: qat - remove access to parity register for QAT GEN4 Bard Liao (1): ASoC: rt1320: set wake_capable = 0 explicitly Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (2): drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() fs/procfs: fix the comment above proc_pid_wchan() Benjamin Berg (3): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() um: remove copy_from_kernel_nofault_allowed um: hostfs: avoid issues on inode number reuse by host Benjamin Gaignard (1): media: verisilicon: HEVC: Initialize start_bit field Björn Töpel (1): riscv/purgatory: 4B align purgatory_start Boris Ostrovsky (1): x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Caleb Sander Mateos (2): io_uring/net: only import send_zc buffer once nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Candice Li (1): Remove unnecessary firmware version check for gc v9_4_2 Chao Gao (1): x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Charles Han (1): clk: mmp: Fix NULL vs IS_ERR() check Cheng Xu (1): RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chenyuan Yang (2): thermal: int340x: Add NULL check for adev w1: fix NULL pointer dereference in probe Chiara Meiohas (1): RDMA/mlx5: Fix calculation of total invalidated pages Christian Brauner (1): fs: support O_PATH fds with FSCONFIG_SET_FD Christian Eggers (1): ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Christian Schoenebeck (1): fs/9p: fix NULL pointer dereference on mkdir Christophe JAILLET (2): PCI: histb: Fix an error handling path in histb_pcie_probe() ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Christophe Leroy (2): crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD powerpc/kexec: fix physical address calculation in clear_utlb_entry() Chuck Lever (3): NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Claudiu Beznea (3): pinctrl: renesas: rzg2l: Suppress binding attributes clk: renesas: r8a08g045: Check the source of the CPU PLL settings rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled Cong Wang (1): net_sched: skbprio: Remove overly strict queue assertions Cyan Yang (1): selftests/mm/cow: fix the incorrect error handling Dan Carpenter (7): PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() PCI: dwc: ep: Return -ENOMEM for allocation failures fs/ntfs3: Fix a couple integer overflows on 32bit systems fs/ntfs3: Prevent integer overflow in hdr_first_de() nfs: Add missing release on error in nfs_lock_and_join_requests() platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc() Daniel Bárta (1): ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. Dapeng Mi (1): perf x86/topdown: Fix topdown leader sampling test error on hybrid Dave Marquardt (1): net: ibmveth: make veth_pool_store stop hanging Dave Penkler (9): staging: gpib: Fix pr_err format warning staging: gpib: Fix cb7210 pcmcia Oops staging: gpib: ni_usb console messaging cleanup staging: gpib: Fix Oops after disconnect in ni_usb staging: gpib: Add missing mutex unlock in agilent usb driver staging: gpib: Fix NULL pointer dereference in detach staging: gpib: Agilent usb code cleanup staging: gpib: agilent usb console messaging cleanup staging: gpib: Fix Oops after disconnect in agilent usb David E. Box (1): platform/x86/intel/vsec: Add Diamond Rapids support David Gow (1): um: Pass the correct Rust target and options with gcc David Hildenbrand (3): x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs David Howells (1): netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int David Laight (1): objtool: Fix verbose disassembly if CROSS_COMPILE isn't set David Oberhollenzer (1): net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dmitry Baryshkov (1): drm/msm/dpu: don't use active in atomic_check() Dmitry Panchenko (1): platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Douglas Anderson (1): drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Eduard Christian Dumitrescu (1): platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Emil Tantilov (1): idpf: fix adapter NULL pointer dereference on reboot Emmanuel Grumbach (2): wifi: iwlwifi: mvm: use the right version of the rate API wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Fabrizio Castro (3): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call pinctrl: renesas: rzv2m: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Florian Fainelli (2): spi: bcm2835: Do not call gpiod_put() on invalid descriptor spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Florian Westphal (2): selftests: netfilter: skip br_netfilter queue tests if kernel is tainted netfilter: nf_tables: don't unregister hook when table is dormant Frieder Schrempf (1): regulator: pca9450: Fix enable register for LDO5 Geert Uytterhoeven (2): auxdisplay: MAX6959 should select BITREVERSE drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Gergo Koteles (1): ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 6.13.11 Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (1): tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Hans de Goede (1): ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Heiko Stuebner (1): phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Hengqi Chen (3): LoongArch: BPF: Fix off-by-one error in build_prologue() LoongArch: BPF: Don't override subprog's return value LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (3): crypto: iaa - Test the correct request flag crypto: api - Fix larval relookup type and mask crypto: nx - Fix uninitialised hv_nxc on error Hermes Wu (1): drm/bridge: it6505: fix HDCP V match check is not performed correctly Herton R. Krzesinski (1): x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Huacai Chen (2): LoongArch: Increase ARCH_DMA_MINALIGN up to 16 LoongArch: Increase MAX_IO_PICS up to 8 Ian Rogers (7): libbpf: Add namespace for errstr making it libbpf_errstr perf stat: Fix find_stat for mixed legacy/non-legacy events perf stat: Don't merge counters purely on name perf pmu: Rename name matching for no suffix or wildcard variants tools/x86: Fix linux/unaligned.h include path in lib/insn.c perf debug: Avoid stack overflow in recursive error message perf evlist: Add success path to evlist__create_syswide_maps Icenowy Zheng (2): nvme-pci: clean up CMBMSC when registering CMB fails nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Ido Schimmel (2): ipv6: Start path selection from the first nexthop ipv6: Do not consider link down nexthops in path selection Ilkka Koskinen (2): coresight: catu: Fix number of pages while using 64k pages perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Ilpo Järvinen (6): platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static PCI: Remove add_align overwrite unrelated to size0 PCI: Fix BAR resizing when VF BARs are assigned PCI: pciehp: Don't enable HPIE when resuming in poll mode PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type Jacky Bai (2): cpuidle: Init cpuidle only for present CPUs cpufreq: Init cpufreq only for present CPUs Jakub Kicinski (1): net: dsa: rtl8366rb: don't prompt users for LED control James Clark (4): perf: Always feature test reallocarray perf tests: Fix Tool PMU test segfault perf pmu: Don't double count common sysfs and json events perf: intel-tpebs: Fix incorrect usage of zfree() James Morse (1): x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Jann Horn (3): x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jason-JH Lin (1): drm/mediatek: Fix config_updating flag never false when no mbox channel Javier Martinez Canillas (1): drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jeff Layton (1): nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Jens Axboe (1): io_uring/net: improve recv bundles Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jiayuan Chen (1): bpf: Fix array bounds error with may_goto Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Liu (1): net: phy: broadcom: Correct BCM5221 PHY model detection Jim Quinlan (4): PCI: brcmstb: Set generation limit before PCIe link up PCI: brcmstb: Use internal register to change link capability PCI: brcmstb: Fix error path after a call to regulator_bulk_get() PCI: brcmstb: Fix potential premature regulator disabling Jinghao Jia (1): samples/bpf: Fix broken vmlinux path for VMLINUX_BTF Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Jiri Olsa (1): uprobes/x86: Harden uretprobe syscall trampoline check Jiri Slaby (SUSE) (1): tty: n_tty: use uint for space returned by tty_write_room() Joe Hattori (2): media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johannes Berg (2): wifi: iwlwifi: fw: allocate chained SG tables for dump wifi: mac80211: fix SA Query processing in MLO John Keeping (3): drm/ssd130x: fix ssd132x encoding drm/ssd130x: ensure ssd132x pitch is correct drm/panel: ilitek-ili9882t: fix GPIO name in error message Jonathan Cameron (2): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Santos (1): iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Josh Poimboeuf (9): x86/traps: Make exc_double_fault() consistently noreturn objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() objtool: Fix segfault in ignore_unreachable_insn() sched/smt: Always inline sched_smt_active() context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() rcu-tasks: Always inline rcu_irq_work_resched() objtool/loongarch: Add unwind hints in prepare_frametrace() spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Kai-Heng Feng (1): PCI: Use downstream bridges for distributing resources Kan Liang (2): perf tools: Add skip check in tool_pmu__event_to_str() perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Karan Sanghavi (1): iio: light: Add check for array bounds in veml6075_read_int_time_ms Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Kees Bakker (1): RDMA/mana_ib: Ensure variable err is initialized Kees Cook (1): kunit/stackinit: Use fill byte different from Clang i386 pattern Keith Busch (1): nvme-pci: fix stuck reset on concurrent DPC and HP Kevin Loughlin (1): x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Konrad Dybcio (1): clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Konstantin Andreev (2): smack: dont compile ipv6 code unless ipv6 is configured smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Komarov (1): fs/ntfs3: Update inode->i_mapping->a_ops on compression state Krzysztof Kozlowski (1): drm/msm/dsi/phy: Program clock inverters in correct register Kuniyuki Iwashima (3): rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init(). udp: Fix multiple wraparounds of sk->sk_rmem_alloc. udp: Fix memory accounting leak. Lama Kayal (1): net/mlx5e: SHAMPO, Make reserved size independent of page size Laurentiu Mihalcea (1): clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Len Brown (1): tools/power turbostat: report CoreThr per measurement interval Leo Yan (1): perf arm-spe: Fix load-store operation checking Li Huafei (1): watchdog/hardlockup/perf: Fix perf_event memory leak Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Likhitha Korrapati (1): perf tools: Fix is_compat_mode build break in ppc64 Lin Ma (2): netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Lo-an Chen (1): drm/amd/display: Fix incorrect fw_state address in dmub_srv Lubomir Rintel (1): rndis_host: Flag RNDIS modems as WWAN devices Luca Ceresoli (1): perf build: Fix in-tree build due to symbolic link Luca Weiss (4): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom: pas: add minidump_id to SC7280 WPSS remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Lukas Hetzenecker (1): platform/surface: aggregator_registry: Add Support for Surface Pro 11 Lukas Wunner (1): PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion Maciej Strozek (1): ASoC: cs42l43: Add jack delay debounce after suspend Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Maksim Davydov (1): x86/split_lock: Fix the delayed detection logic Manikanta Mylavarapu (2): drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock clk: qcom: ipq5424: fix software and hardware flow control error of UART Marcus Meissner (1): perf tools: annotate asm_pure_loop.S Marijn Suijten (2): drm/msm/dsi: Use existing per-interface slice count in DSC timing drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Mario Limonciello (2): ucsi_ccg: Don't show failed to get FW build information error drm/amd: Keep display off while going into S4 Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Masami Hiramatsu (Google) (2): tracing/hist: Add poll(POLLIN) support on hist file tracing/hist: Support POLLPRI event for poll on histogram Matthias Proske (1): wifi: brcmfmac: keep power during suspend if board requires it Maud Spierings (1): dt-bindings: vendor-prefixes: add GOcontroll Maurizio Lombardi (1): nvme-pci: skip nvme_write_sq_db on empty rqlist Miaoqian Lin (3): ksmbd: use aead_request_free to match aead_request_alloc LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() mmc: omap: Fix memory leak in mmc_omap_new_slot Michael Guralnik (2): RDMA/mlx5: Fix page_size variable overflow RDMA/mlx5: Fix MR cache initialization error flow Michael Kelley (1): x86/hyperv: Fix output argument to hypercall that changes page visibility Mike Christie (1): vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Ming Lei (1): ublk: make sure ubq->canceling is set when queue is frozen Ming Yen Hsieh (2): wifi: mt76: mt7925: remove unused acpi function for clc wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Murad Masimov (2): acpi: nfit: fix narrowing conversion in acpi_nfit_ctl media: streamzap: fix race between device disconnection and urb callback Naman Jain (1): x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Namhyung Kim (2): perf report: Switch data file correctly in TUI perf bpf-filter: Fix a parsing error with comma Namjae Jeon (8): ksmbd: fix multichannel connection failure ksmbd: fix r_count dec/increment mismatch smb: common: change the data type of num_aces to le16 cifs: fix incorrect validation for num_aces field of smb_acl ksmbd: add bounds check for durable handle context ksmbd: fix use-after-free in ksmbd_sessions_deregister() ksmbd: fix session use-after-free in multichannel connection ksmbd: fix null pointer dereference in alloc_preauth_hash() Nathan Chancellor (2): crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Navon John Lukose (1): ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Neil Armstrong (1): clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() NeilBrown (1): NFS: fix open_owner_id_maxsz and related fields. Nihar Chaithanya (3): staging: gpib: Modify gpib_register_driver() to return error if it fails staging: gpib: ni_usb: Handle gpib_register_driver() errors staging: gpib: agilent_82357a: Handle gpib_register_driver() errors Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (2): mfd: sm501: Switch to BIT() to mitigate integer overflows media: vimc: skip .s_stream() for stopped entities Niklas Neronin (1): usb: xhci: correct debug message page size calculation Niklas Schnelle (1): s390: Remove ioremap_wt() and pgprot_writethrough() Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Norbert Szetei (3): ksmbd: add bounds check for create lease context ksmbd: fix overflow in dacloffset bounds check ksmbd: validate zero num_subauth before sub_auth is accessed Nuno Sá (1): iio: backend: make sure to NULL terminate stack buffer Oleg Nesterov (2): seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER exec: fix the racy usage of fs_struct->in_exec Olga Kornievskaia (1): nfsd: fix management of listener transports Oliver Hartkopp (1): can: statistics: use atomic access in hot path Olivia Mackintosh (1): ALSA: usb-audio: separate DJM-A9 cap lvl options Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Palmer Dabbelt (1): RISC-V: errata: Use medany for relocatable builds Paolo Bonzini (1): KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Paulo Alcantara (1): smb: client: don't retry IO on failed negprotos with soft mounts Peng Fan (3): remoteproc: core: Clear table_sz when rproc_shutdown dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister dmaengine: fsl-edma: free irq correctly in remove path Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Zijlstra (2): lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock perf/core: Fix perf_pmu_register() vs. perf_init_event() Peter Zijlstra (Intel) (1): perf/x86/intel: Apply static call for drain_pebs Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (5): EDAC/igen6: Fix the flood of invalid error reports EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Remi Pommarel (1): leds: Fix LED_OFF brightness race Richard Fitzgerald (1): firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Ritu Chaudhary (1): ASoC: tegra: Use non-atomic timeout for ADX status register Rob Clark (1): drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Robin Murphy (1): media: omap3isp: Handle ARM dma_iommu_mapping Rodrigo Vivi (1): drm/xe/guc_pc: Retry and wait longer for GuC PC start Roger Quadros (1): memory: omap-gpmc: drop no compatible check Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Sagi Grimberg (1): nvme-tcp: fix possible UAF in nvme_tcp_poll Saket Kumar Bhaskar (1): selftests/bpf: Select NUMA_NO_NODE to create map Santosh Mahto (1): staging: gpib: Replace semaphore with completion for one-time signaling Sean Christopherson (1): KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Sebastian Andrzej Siewior (1): lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Shay Drory (1): PCI: Fix NULL dereference in SR-IOV VF creation error path Sherry Sun (4): tty: serial: fsl_lpuart: Use u32 and u8 for register variables tty: serial: fsl_lpuart: use port struct directly to simply code tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Shrikanth Hegde (1): sched/deadline: Use online cpus for validating runtime Shuai Xue (1): x86/mce: use is_copy_from_user() to determine copy-from-user context Shyam Sundar S K (2): platform/x86/amd/pmf: Propagate PMF-TA return codes platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA Sicelo A. Mhlongo (1): power: supply: bq27xxx_battery: do not update cached flags prematurely Simon Tatham (2): affs: generate OFS sequence numbers starting at 1 affs: don't write overlarge OFS data block size fields Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Srinivasan Shanmugam (2): drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Stanislav Spassov (1): x86/fpu: Fix guest FPU state buffer allocation size Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefan Binding (7): ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Wahren (3): staging: vchiq_arm: Register debugfs after cdev staging: vchiq_arm: Fix possible NPR of keep-alive thread staging: vchiq_arm: Stop kthreads if vchiq cdev register fails Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Stephen Brennan (1): perf dso: fix dso__is_kallsyms() check Steven Price (1): drm/panthor: Clean up FW version information display Steven Rostedt (3): tracing: Switch trace_events_hist.c code over to use guard() tracing: Verify event formats that have "%*p.." tracing: Do not use PERF enums when perf is not defined Sungjong Seo (2): exfat: fix random stack corruption after get_block exfat: fix potential wrong error return from get_block Suzuki K Poulose (3): dma: Fix encryption bit clearing for dma_to_phys dma: Introduce generic dma_addr_*crypted helpers arm64: realm: Use aliased addresses for device DMA to shared buffers Sven Schnelle (1): s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Taehee Yoo (1): net: devmem: do not WARN conditionally after netdev_rx_queue_restart() Takashi Iwai (4): ALSA: hda/realtek: Always honor no_shutup_pins ALSA: timer: Don't take register_mutex with copy_from/to_user() ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tasos Sahanidis (1): hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Tengda Wu (3): selftests/bpf: Fix freplace_link segfault in tailcalls prog test tracing: Correct the refcount if the hist/hist_debug file fails to open tracing: Fix use-after-free in print_graph_function_flags during tracer switching Thadeu Lima de Souza Cascardo (1): drm/amd/display: avoid NPD when ASIC does not support DMUB Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Thomas Richter (2): perf test: Fix Hwmon PMU test endianess issue perf bench: Fix perf bench syscall loop count Thomas Weißschuh (1): x86/vdso: Fix latent bug in vclock_pages calculation Tianchen Ding (1): sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks Tianyu Lan (1): x86/hyperv: Fix check of return value from snp_set_vmsa() Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tingbo Liao (1): riscv: Fix the __riscv_copy_vec_words_unaligned implementation Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Tony Ambardar (2): selftests/bpf: Fix runqslower cross-endian build libbpf: Fix accessing BTF.ext core_relo header Trond Myklebust (5): NFSv4: Don't trigger uneccessary scans for return-on-close delegations NFSv4: Avoid unnecessary scans of filesystems for returning delegations NFSv4: Avoid unnecessary scans of filesystems for expired delegations NFSv4: Avoid unnecessary scans of filesystems for delayed delegations NFS: Shut down the nfs_client only after all the superblocks Tushar Dave (1): PCI/ACS: Fix 'pci=config_acs=' parameter Ulf Hansson (1): mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Uwe Kleine-König (3): iio: adc: ad4130: Fix comparison of channel setups iio: adc: ad7124: Fix comparison of channel configs iio: adc: ad7173: Fix comparison of channel configs Vaibhav Jain (1): powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Vasiliy Kovalev (1): ocfs2: validate l_tree_depth to avoid out-of-bounds access Venkata Prasad Potturu (1): ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Veronika Molnarova (1): perf test stat_all_pmu.sh: Correctly check 'perf stat' result Viktor Malik (1): selftests/bpf: Fix string read in strncmp benchmark Vishal Annapurve (1): x86/tdx: Fix arch_safe_halt() execution for TDX VMs Vitalii Mordan (1): gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines Vitaliy Shevtsov (2): ASoC: cs35l41: check the return value from spi_setup() drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vitaly Kuznetsov (1): x86/entry: Add __init to ia32_emulation_override_cmdline() Vitaly Lifshits (1): e1000e: change k1 configuration on MTP and later platforms Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladis Dronov (1): x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled WANG Rui (1): rust: Fix enabling Rust and building with GCC for LoongArch Waiman Long (1): locking/semaphore: Use wake_q to wake up processes outside lock critical section Wang Liang (2): RDMA/core: Fix use-after-free when rename device name xsk: Fix __xsk_generic_xmit() error code when cq is full Wang Zhaolong (1): smb: client: Fix netns refcount imbalance causing leaks and use-after-free Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wenkai Lin (3): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for sec spec check crypto: hisilicon/sec2 - fix for aead auth key length Wentao Guan (1): HID: i2c-hid: improve i2c_hid_get_report error message Wentao Liang (1): greybus: gb-beagleplay: Add error handling for gb_greybus_init Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Yang Wang (1): drm/amdgpu: refine smu send msg debug log format Yao Zi (1): riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Yeoreum Yun (1): perf/core: Fix child_total_time_enabled accounting bug at task exit Yi Lai (1): selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS Ying Lu (1): usbnet:fix NPE during rx_complete Yosry Ahmed (1): mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Yuanfang Zhang (1): coresight-etm4x: add isb() before reading the TRCSTATR Yue Haibing (2): pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() drm/xe: Fix unmet direct dependencies warning Yuezhang Mo (3): exfat: fix the infinite loop in exfat_find_last_cluster() exfat: fix missing shutdown check exfat: add a check for invalid data size Yuli Wang (1): LoongArch: Rework the arch_kgdb_breakpoint() implementation Zhang Rui (1): tools/power turbostat: Restore GFX sysfs fflush() call Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS xueqin Luo (1): thermal: core: Remove duplicate struct declaration zihan zhou (1): sched: Cancel the slice protection of the idle entity zuoqian (1): cpufreq: scpi: compare kHz instead of Hz 谢致邦 (XIE Zhibang) (2): staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig

6 months, 2 weeks

1
1
0 0

Linux 6.12.23

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.23 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/Kconfig | 2 arch/arm/include/asm/vmlinux.lds.h | 12 arch/arm64/kernel/compat_alignment.c | 2 arch/loongarch/Kconfig | 4 arch/loongarch/include/asm/cache.h | 2 arch/loongarch/include/asm/irq.h | 2 arch/loongarch/include/asm/stacktrace.h | 3 arch/loongarch/include/asm/unwind_hints.h | 10 arch/loongarch/kernel/env.c | 2 arch/loongarch/kernel/kgdb.c | 5 arch/loongarch/net/bpf_jit.c | 12 arch/loongarch/net/bpf_jit.h | 5 arch/powerpc/configs/mpc885_ads_defconfig | 2 arch/powerpc/crypto/Makefile | 1 arch/powerpc/kexec/relocate_32.S | 7 arch/powerpc/platforms/cell/spufs/gang.c | 1 arch/powerpc/platforms/cell/spufs/inode.c | 63 +- arch/powerpc/platforms/cell/spufs/spufs.h | 2 arch/riscv/errata/Makefile | 6 arch/riscv/include/asm/ftrace.h | 4 arch/riscv/kernel/elf_kexec.c | 3 arch/riscv/kvm/vcpu_pmu.c | 1 arch/riscv/mm/hugetlbpage.c | 76 +- arch/riscv/purgatory/entry.S | 1 arch/s390/include/asm/io.h | 2 arch/s390/include/asm/pgtable.h | 3 arch/s390/kernel/entry.S | 2 arch/s390/mm/pgtable.c | 10 arch/um/include/shared/os.h | 1 arch/um/kernel/Makefile | 2 arch/um/kernel/maccess.c | 19 arch/um/os-Linux/process.c | 51 - arch/x86/Kconfig | 3 arch/x86/Kconfig.cpu | 2 arch/x86/Makefile.um | 7 arch/x86/coco/tdx/tdx.c | 26 arch/x86/entry/calling.h | 2 arch/x86/entry/common.c | 2 arch/x86/events/intel/core.c | 43 - arch/x86/events/intel/ds.c | 13 arch/x86/events/perf_event.h | 3 arch/x86/hyperv/hv_vtl.c | 1 arch/x86/hyperv/ivm.c | 5 arch/x86/include/asm/tdx.h | 4 arch/x86/include/asm/tlbflush.h | 2 arch/x86/kernel/cpu/mce/severity.c | 11 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 arch/x86/kernel/cpu/sgx/driver.c | 10 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/fpu/core.c | 6 arch/x86/kernel/process.c | 9 arch/x86/kernel/traps.c | 18 arch/x86/kernel/tsc.c | 4 arch/x86/kernel/uprobes.c | 14 arch/x86/kvm/svm/sev.c | 13 arch/x86/kvm/x86.c | 15 arch/x86/lib/copy_user_64.S | 18 arch/x86/mm/mem_encrypt_identity.c | 4 arch/x86/mm/pat/cpa-test.c | 2 arch/x86/mm/pat/memtype.c | 52 - crypto/api.c | 17 crypto/bpf_crypto_skcipher.c | 1 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 7 drivers/acpi/x86/utils.c | 3 drivers/auxdisplay/Kconfig | 1 drivers/auxdisplay/panel.c | 4 drivers/base/power/main.c | 21 drivers/base/power/runtime.c | 2 drivers/block/ublk_drv.c | 39 - drivers/clk/imx/clk-imx8mp-audiomix.c | 6 drivers/clk/meson/g12a.c | 38 - drivers/clk/meson/gxbb.c | 14 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/gcc-sm8650.c | 4 drivers/clk/qcom/gcc-x1e80100.c | 30 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/renesas/r9a08g045-cpg.c | 5 drivers/clk/renesas/rzg2l-cpg.c | 13 drivers/clk/renesas/rzg2l-cpg.h | 10 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/cpufreq/Kconfig.arm | 2 drivers/cpufreq/cpufreq_governor.c | 45 - drivers/cpufreq/scpi-cpufreq.c | 5 drivers/crypto/hisilicon/sec2/sec.h | 1 drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +--- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 - drivers/crypto/nx/nx-common-pseries.c | 37 - drivers/crypto/tegra/tegra-se-aes.c | 47 - drivers/crypto/tegra/tegra-se-hash.c | 27 drivers/crypto/tegra/tegra-se-key.c | 10 drivers/crypto/tegra/tegra-se-main.c | 16 drivers/crypto/tegra/tegra-se.h | 3 drivers/dma/fsl-edma-main.c | 14 drivers/edac/i10nm_base.c | 2 drivers/edac/ie31200_edac.c | 19 drivers/edac/skx_common.c | 33 + drivers/edac/skx_common.h | 11 drivers/firmware/cirrus/cs_dsp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 drivers/gpu/drm/bridge/ite-it6505.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/mediatek/mtk_dp.c | 6 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 - drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 8 drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 - drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 drivers/gpu/drm/msm/msm_dsc_helper.h | 11 drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 drivers/gpu/drm/panthor/panthor_fw.h | 6 drivers/gpu/drm/solomon/ssd130x-spi.c | 7 drivers/gpu/drm/solomon/ssd130x.c | 6 drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/greybus/gb-beagleplay.c | 4 drivers/hid/Makefile | 1 drivers/hid/i2c-hid/i2c-hid-core.c | 2 drivers/hwmon/nct6775-core.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/hwtracing/coresight/coresight-core.c | 20 drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 + drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/accel/msa311.c | 26 drivers/iio/adc/ad4130.c | 41 + drivers/iio/adc/ad7124.c | 35 - drivers/iio/adc/ad7173.c | 25 drivers/iio/adc/ad7768-1.c | 15 drivers/iio/industrialio-backend.c | 4 drivers/iio/light/veml6075.c | 8 drivers/infiniband/core/device.c | 18 drivers/infiniband/core/mad.c | 38 - drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/erdma/erdma_cm.c | 1 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/infiniband/hw/mlx5/mr.c | 41 - drivers/infiniband/hw/mlx5/odp.c | 10 drivers/leds/led-core.c | 22 drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/media/platform/ti/omap3isp/isp.c | 7 drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1 drivers/media/rc/streamzap.c | 2 drivers/media/test-drivers/vimc/vimc-streamer.c | 6 drivers/memory/omap-gpmc.c | 20 drivers/mfd/sm501.c | 6 drivers/mmc/host/omap.c | 19 drivers/mmc/host/sdhci-omap.c | 4 drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/dsa/mv88e6xxx/chip.c | 11 drivers/net/dsa/mv88e6xxx/phy.c | 3 drivers/net/dsa/realtek/Kconfig | 2 drivers/net/ethernet/ibm/ibmveth.c | 39 - drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 ++ drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 drivers/net/ethernet/intel/idpf/idpf_main.c | 6 drivers/net/ethernet/intel/idpf/idpf_txrx.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++-- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8 drivers/net/phy/broadcom.c | 6 drivers/net/usb/rndis_host.c | 16 drivers/net/usb/usbnet.c | 6 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pci.c | 34 - drivers/nvme/host/tcp.c | 5 drivers/nvme/target/debugfs.c | 2 drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-histb.c | 12 drivers/pci/controller/pcie-brcmstb.c | 16 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/pci-sysfs.c | 4 drivers/pci/pci.c | 22 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/portdrv.c | 8 drivers/pci/probe.c | 5 drivers/pci/setup-bus.c | 4 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 + drivers/pinctrl/intel/pinctrl-intel.c | 1 drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/x86/amd/pmf/pmf.h | 5 drivers/platform/x86/amd/pmf/tee-if.c | 82 +- drivers/platform/x86/dell/dell-uart-backlight.c | 2 drivers/platform/x86/dell/dell-wmi-ddv.c | 6 drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/platform/x86/intel/vsec.c | 7 drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 drivers/platform/x86/thinkpad_acpi.c | 11 drivers/power/supply/bq27xxx_battery.c | 1 drivers/power/supply/max77693_charger.c | 2 drivers/regulator/pca9450-regulator.c | 6 drivers/remoteproc/qcom_q6v5_mss.c | 21 drivers/remoteproc/qcom_q6v5_pas.c | 13 drivers/remoteproc/remoteproc_core.c | 1 drivers/soundwire/slave.c | 1 drivers/spi/spi-bcm2835.c | 18 drivers/spi/spi-cadence-xspi.c | 2 drivers/staging/rtl8723bs/Kconfig | 1 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/n_tty.c | 13 drivers/tty/serial/fsl_lpuart.c | 312 ++++------ drivers/usb/host/xhci-mem.c | 6 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/vhost/scsi.c | 25 drivers/video/console/Kconfig | 6 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/sm501fb.c | 7 drivers/w1/masters/w1-uart.c | 4 fs/9p/vfs_inode_dotl.c | 2 fs/affs/file.c | 9 fs/exec.c | 15 fs/exfat/fatent.c | 2 fs/exfat/file.c | 29 fs/exfat/inode.c | 41 + fs/exfat/namei.c | 5 fs/ext4/dir.c | 3 fs/ext4/super.c | 27 fs/fuse/dax.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 4 fs/hostfs/hostfs.h | 2 fs/hostfs/hostfs_kern.c | 7 fs/hostfs/hostfs_user.c | 59 + fs/isofs/dir.c | 3 fs/jfs/jfs_dtree.c | 3 fs/jfs/xattr.c | 15 fs/netfs/direct_read.c | 6 fs/nfs/delegation.c | 63 +- fs/nfs/nfs4xdr.c | 18 fs/nfs/sysfs.c | 22 fs/nfs/write.c | 4 fs/nfsd/nfs4state.c | 37 - fs/nfsd/nfsctl.c | 44 - fs/nfsd/vfs.c | 28 fs/ntfs3/attrib.c | 3 fs/ntfs3/file.c | 22 fs/ntfs3/frecord.c | 6 fs/ntfs3/index.c | 4 fs/ntfs3/ntfs.h | 2 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/smb/client/cifsacl.c | 34 - fs/smb/client/connect.c | 16 fs/smb/common/smbacl.h | 3 fs/smb/server/auth.c | 6 fs/smb/server/connection.h | 11 fs/smb/server/mgmt/user_session.c | 37 - fs/smb/server/mgmt/user_session.h | 2 fs/smb/server/oplock.c | 12 fs/smb/server/smb2pdu.c | 54 + fs/smb/server/smbacl.c | 50 + fs/smb/server/smbacl.h | 2 include/drm/display/drm_dp_mst_helper.h | 7 include/linux/cgroup-defs.h | 1 include/linux/context_tracking_irq.h | 8 include/linux/coresight.h | 4 include/linux/fwnode.h | 2 include/linux/interrupt.h | 8 include/linux/nfs_fs_sb.h | 4 include/linux/nmi.h | 4 include/linux/pgtable.h | 28 include/linux/pm_runtime.h | 2 include/linux/rcupdate.h | 2 include/linux/sched/smt.h | 2 include/linux/thermal.h | 2 include/linux/trace_events.h | 14 include/linux/uprobes.h | 2 include/rdma/ib_verbs.h | 1 init/Kconfig | 5 kernel/bpf/core.c | 19 kernel/bpf/verifier.c | 7 kernel/cgroup/rstat.c | 40 - kernel/cpu.c | 5 kernel/events/core.c | 46 + kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 15 kernel/fork.c | 4 kernel/kexec_elf.c | 2 kernel/locking/semaphore.c | 13 kernel/sched/deadline.c | 2 kernel/sched/fair.c | 50 + kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace_events.c | 14 kernel/trace/trace_events_hist.c | 133 +++- kernel/trace/trace_events_synth.c | 36 + kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 kernel/watchdog.c | 25 kernel/watchdog_perf.c | 28 lib/842/842_compress.c | 2 lib/stackinit_kunit.c | 30 lib/vsprintf.c | 2 mm/gup.c | 3 mm/memory.c | 13 mm/zswap.c | 30 net/can/af_can.c | 12 net/can/af_can.h | 12 net/can/proc.c | 46 - net/core/devmem.c | 4 net/core/dst.c | 8 net/core/rtnetlink.c | 3 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/udp.c | 42 - net/ipv6/addrconf.c | 37 - net/ipv6/calipso.c | 21 net/ipv6/route.c | 42 + net/mac80211/driver-ops.c | 10 net/mac80211/iface.c | 11 net/mac80211/rx.c | 10 net/mac80211/sta_info.c | 20 net/mac80211/util.c | 5 net/netfilter/nf_tables_api.c | 4 net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_skbprio.c | 3 net/sctp/sysctl.c | 4 net/vmw_vsock/af_vsock.c | 6 rust/Makefile | 4 rust/kernel/print.rs | 7 scripts/package/debian/rules | 6 scripts/selinux/install_policy.sh | 15 security/smack/smack.h | 6 security/smack/smack_lsm.c | 34 - sound/core/timer.c | 147 ++-- sound/pci/hda/patch_realtek.c | 50 + sound/soc/amd/acp/acp-legacy-common.c | 10 sound/soc/codecs/cs35l41-spi.c | 5 sound/soc/codecs/rt1320-sdw.c | 3 sound/soc/codecs/rt5665.c | 24 sound/soc/codecs/wsa884x.c | 4 sound/soc/fsl/imx-card.c | 4 sound/soc/ti/j721e-evm.c | 2 tools/arch/x86/lib/insn.c | 2 tools/lib/bpf/linker.c | 2 tools/objtool/check.c | 35 - tools/perf/Makefile.config | 10 tools/perf/Makefile.perf | 2 tools/perf/bench/syscall.c | 22 tools/perf/builtin-report.c | 2 tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10 tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 tools/perf/tests/shell/record_bpf_filter.sh | 4 tools/perf/util/arm-spe.c | 8 tools/perf/util/bpf-filter.l | 2 tools/perf/util/comm.c | 2 tools/perf/util/debug.c | 2 tools/perf/util/dso.h | 4 tools/perf/util/evlist.c | 13 tools/perf/util/intel-tpebs.c | 2 tools/perf/util/pmu.c | 7 tools/perf/util/pmu.h | 5 tools/perf/util/pmus.c | 20 tools/perf/util/python.c | 17 tools/perf/util/stat-shadow.c | 3 tools/perf/util/units.c | 2 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 2 tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5 tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 tools/testing/selftests/mm/cow.c | 2 tools/testing/selftests/net/netfilter/br_netfilter.sh | 7 tools/testing/selftests/net/netfilter/br_netfilter_queue.sh | 7 tools/testing/selftests/net/netfilter/nft_queue.sh | 1 419 files changed, 3558 insertions(+), 2027 deletions(-) Aaron Kling (1): cpufreq: tegra194: Allow building for Tegra234 Abel Wu (1): cgroup/rstat: Fix forceidle time in cpu.stat Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Akhil R (5): crypto: tegra - Use separate buffer for setkey crypto: tegra - check return value for hash do_one_req crypto: tegra - Use HMAC fallback when keyslots are full crypto: tegra - Fix CMAC intermediate result handling crypto: tegra - Set IV to NULL explicitly for AES ECB Al Viro (3): spufs: fix a leak on spufs_new_file() failure spufs: fix gang directory lifetimes spufs: fix a leak in spufs_create_context() Alex Deucher (3): drm/amdgpu/umsch: fix ucode check drm/amdgpu/gfx11: fix num_mec drm/amdgpu/gfx12: fix num_mec Alexander Wetzel (3): wifi: mac80211: Cleanup sta TXQs on flush wifi: mac80211: remove debugfs dir for virtual monitor wifi: mac80211: Fix sparse warning for monitor_sdata Alexandre Ghiti (1): riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Alexandru Gagniuc (1): kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally Alexey Klimov (1): ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius Alice Ryhl (1): rust: fix signature of rust_fmt_argument Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andrii Nakryiko (1): libbpf: Fix hypothetical STT_SECTION extern NULL deref case Andy Shevchenko (3): auxdisplay: panel: Fix an API misuse in panel.c pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() AngeloGioacchino Del Regno (2): drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Angelos Oikonomopoulos (1): arm64: Don't call NULL in do_compat_alignment_fixup() Anshuman Khandual (1): arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Antheas Kapenekakis (1): ALSA: hda/realtek: Fix Asus Z13 2025 audio Antoine Tenart (1): net: decrease cached dst counters in dst_release Armin Wolf (1): platform/x86: dell-ddv: Fix temperature calculation Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (5): x86/platform: Only allow CONFIG_EISA for 32-bit dummycon: fix default rows/cols mdacon: rework dependency list crypto: bpf - Add MODULE_DESCRIPTION for skcipher x86/Kconfig: Add cmpxchg8b support back to Geode CPUs Artur Weber (1): power: supply: max77693: Fix wrong conversion of charge input threshold value Ashley Smith (1): drm/panthor: Update CS_STATUS_ defines to correct values Atish Patra (1): RISC-V: KVM: Disable the kernel perf counter during configure Aurabindo Pillai (1): drm/amd/display: fix an indent issue in DML21 Bairavi Alagappan (2): crypto: qat - set parity error mask for qat_420xx crypto: qat - remove access to parity register for QAT GEN4 Bard Liao (1): ASoC: rt1320: set wake_capable = 0 explicitly Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (1): fs/procfs: fix the comment above proc_pid_wchan() Benjamin Berg (3): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() um: remove copy_from_kernel_nofault_allowed um: hostfs: avoid issues on inode number reuse by host Benjamin Gaignard (1): media: verisilicon: HEVC: Initialize start_bit field Björn Töpel (1): riscv/purgatory: 4B align purgatory_start Boris Ostrovsky (1): x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Caleb Sander Mateos (1): nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer Candice Li (1): Remove unnecessary firmware version check for gc v9_4_2 Chao Gao (1): x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Cheng Xu (1): RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chenyuan Yang (2): thermal: int340x: Add NULL check for adev w1: fix NULL pointer dereference in probe Chiara Meiohas (1): RDMA/mlx5: Fix calculation of total invalidated pages Christian Eggers (1): ARM: 9444/1: add KEEP() keyword to ARM_VECTORS Christian Schoenebeck (1): fs/9p: fix NULL pointer dereference on mkdir Christophe JAILLET (2): PCI: histb: Fix an error handling path in histb_pcie_probe() ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Christophe Leroy (2): crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD powerpc/kexec: fix physical address calculation in clear_utlb_entry() Chuck Lever (3): NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Claudiu Beznea (2): pinctrl: renesas: rzg2l: Suppress binding attributes clk: renesas: r8a08g045: Check the source of the CPU PLL settings Cong Wang (1): net_sched: skbprio: Remove overly strict queue assertions Cyan Yang (1): selftests/mm/cow: fix the incorrect error handling Dan Carpenter (7): PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() PCI: dwc: ep: Return -ENOMEM for allocation failures fs/ntfs3: Fix a couple integer overflows on 32bit systems fs/ntfs3: Prevent integer overflow in hdr_first_de() nfs: Add missing release on error in nfs_lock_and_join_requests() platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc() Daniel Bárta (1): ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. Dave Marquardt (1): net: ibmveth: make veth_pool_store stop hanging David E. Box (1): platform/x86/intel/vsec: Add Diamond Rapids support David Gow (1): um: Pass the correct Rust target and options with gcc David Hildenbrand (3): x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs David Howells (1): netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int David Laight (1): objtool: Fix verbose disassembly if CROSS_COMPILE isn't set David Oberhollenzer (1): net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dmitry Baryshkov (1): drm/msm/dpu: don't use active in atomic_check() Dmitry Panchenko (1): platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Douglas Anderson (1): drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Eduard Christian Dumitrescu (1): platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560 Emil Tantilov (1): idpf: fix adapter NULL pointer dereference on reboot Emmanuel Grumbach (2): wifi: iwlwifi: mvm: use the right version of the rate API wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Fabrizio Castro (3): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call pinctrl: renesas: rzv2m: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Florian Fainelli (2): spi: bcm2835: Do not call gpiod_put() on invalid descriptor spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent Florian Westphal (2): selftests: netfilter: skip br_netfilter queue tests if kernel is tainted netfilter: nf_tables: don't unregister hook when table is dormant Frieder Schrempf (1): regulator: pca9450: Fix enable register for LDO5 Geert Uytterhoeven (2): auxdisplay: MAX6959 should select BITREVERSE drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 6.12.23 Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (1): tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Hans de Goede (1): ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Heiko Stuebner (1): phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id Hengqi Chen (3): LoongArch: BPF: Fix off-by-one error in build_prologue() LoongArch: BPF: Don't override subprog's return value LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (3): crypto: iaa - Test the correct request flag crypto: api - Fix larval relookup type and mask crypto: nx - Fix uninitialised hv_nxc on error Hermes Wu (1): drm/bridge: it6505: fix HDCP V match check is not performed correctly Herton R. Krzesinski (1): x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Huacai Chen (2): LoongArch: Increase ARCH_DMA_MINALIGN up to 16 LoongArch: Increase MAX_IO_PICS up to 8 Ian Rogers (4): perf stat: Fix find_stat for mixed legacy/non-legacy events tools/x86: Fix linux/unaligned.h include path in lib/insn.c perf debug: Avoid stack overflow in recursive error message perf evlist: Add success path to evlist__create_syswide_maps Icenowy Zheng (2): nvme-pci: clean up CMBMSC when registering CMB fails nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Ido Schimmel (2): ipv6: Start path selection from the first nexthop ipv6: Do not consider link down nexthops in path selection Ilkka Koskinen (2): coresight: catu: Fix number of pages while using 64k pages perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation Ilpo Järvinen (5): platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static PCI: Remove add_align overwrite unrelated to size0 PCI: Fix BAR resizing when VF BARs are assigned PCI: pciehp: Don't enable HPIE when resuming in poll mode Jakub Kicinski (1): net: dsa: rtl8366rb: don't prompt users for LED control James Clark (3): perf: Always feature test reallocarray perf pmu: Don't double count common sysfs and json events perf: intel-tpebs: Fix incorrect usage of zfree() James Morse (1): x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Jann Horn (3): x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jason-JH Lin (1): drm/mediatek: Fix config_updating flag never false when no mbox channel Javier Martinez Canillas (1): drm/ssd130x: Set SPI .id_table to prevent an SPI core warning Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jeff Layton (1): nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jiayuan Chen (1): bpf: Fix array bounds error with may_goto Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Liu (1): net: phy: broadcom: Correct BCM5221 PHY model detection Jim Quinlan (4): PCI: brcmstb: Set generation limit before PCIe link up PCI: brcmstb: Use internal register to change link capability PCI: brcmstb: Fix error path after a call to regulator_bulk_get() PCI: brcmstb: Fix potential premature regulator disabling Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Jiri Olsa (1): uprobes/x86: Harden uretprobe syscall trampoline check Jiri Slaby (SUSE) (1): tty: n_tty: use uint for space returned by tty_write_room() Joe Damato (1): idpf: Don't hard code napi_struct size Joe Hattori (2): media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johannes Berg (2): wifi: iwlwifi: fw: allocate chained SG tables for dump wifi: mac80211: fix SA Query processing in MLO John Keeping (3): drm/ssd130x: fix ssd132x encoding drm/ssd130x: ensure ssd132x pitch is correct drm/panel: ilitek-ili9882t: fix GPIO name in error message Jonathan Cameron (2): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Jonathan Santos (1): iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset Josh Poimboeuf (9): x86/traps: Make exc_double_fault() consistently noreturn objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() objtool: Fix segfault in ignore_unreachable_insn() sched/smt: Always inline sched_smt_active() context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() rcu-tasks: Always inline rcu_irq_work_resched() objtool/loongarch: Add unwind hints in prepare_frametrace() spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() Joshua Hahn (1): cgroup/rstat: Tracking cgroup-level niced CPU time José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Kai-Heng Feng (1): PCI: Use downstream bridges for distributing resources Kan Liang (1): perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Karan Sanghavi (1): iio: light: Add check for array bounds in veml6075_read_int_time_ms Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Kees Bakker (1): RDMA/mana_ib: Ensure variable err is initialized Kees Cook (1): kunit/stackinit: Use fill byte different from Clang i386 pattern Keith Busch (1): nvme-pci: fix stuck reset on concurrent DPC and HP Kevin Loughlin (1): x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Konrad Dybcio (1): clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK Konstantin Andreev (2): smack: dont compile ipv6 code unless ipv6 is configured smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label Konstantin Komarov (1): fs/ntfs3: Update inode->i_mapping->a_ops on compression state Krzysztof Kozlowski (1): drm/msm/dsi/phy: Program clock inverters in correct register Kuniyuki Iwashima (2): udp: Fix multiple wraparounds of sk->sk_rmem_alloc. udp: Fix memory accounting leak. Lama Kayal (1): net/mlx5e: SHAMPO, Make reserved size independent of page size Laurentiu Mihalcea (1): clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Len Brown (1): tools/power turbostat: report CoreThr per measurement interval Leo Yan (1): perf arm-spe: Fix load-store operation checking Li Huafei (1): watchdog/hardlockup/perf: Fix perf_event memory leak Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Lin Ma (2): netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Lubomir Rintel (1): rndis_host: Flag RNDIS modems as WWAN devices Luca Ceresoli (1): perf build: Fix in-tree build due to symbolic link Luca Weiss (4): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom: pas: add minidump_id to SC7280 WPSS remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Marcus Meissner (1): perf tools: annotate asm_pure_loop.S Marijn Suijten (2): drm/msm/dsi: Use existing per-interface slice count in DSC timing drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Mario Limonciello (2): ucsi_ccg: Don't show failed to get FW build information error drm/amd: Keep display off while going into S4 Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Masami Hiramatsu (Google) (2): tracing/hist: Add poll(POLLIN) support on hist file tracing/hist: Support POLLPRI event for poll on histogram Matthias Proske (1): wifi: brcmfmac: keep power during suspend if board requires it Maud Spierings (1): dt-bindings: vendor-prefixes: add GOcontroll Miaoqian Lin (3): ksmbd: use aead_request_free to match aead_request_alloc LoongArch: Fix device node refcount leak in fdt_cpu_clk_init() mmc: omap: Fix memory leak in mmc_omap_new_slot Michael Guralnik (2): RDMA/mlx5: Fix page_size variable overflow RDMA/mlx5: Fix MR cache initialization error flow Michael Kelley (1): x86/hyperv: Fix output argument to hypercall that changes page visibility Mike Christie (1): vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Ming Lei (1): ublk: make sure ubq->canceling is set when queue is frozen Ming Yen Hsieh (2): wifi: mt76: mt7925: remove unused acpi function for clc wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Murad Masimov (2): acpi: nfit: fix narrowing conversion in acpi_nfit_ctl media: streamzap: fix race between device disconnection and urb callback Naman Jain (1): x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Namhyung Kim (2): perf report: Switch data file correctly in TUI perf bpf-filter: Fix a parsing error with comma Namjae Jeon (8): ksmbd: fix multichannel connection failure ksmbd: fix r_count dec/increment mismatch smb: common: change the data type of num_aces to le16 cifs: fix incorrect validation for num_aces field of smb_acl ksmbd: add bounds check for durable handle context ksmbd: fix use-after-free in ksmbd_sessions_deregister() ksmbd: fix session use-after-free in multichannel connection ksmbd: fix null pointer dereference in alloc_preauth_hash() Nathan Chancellor (1): ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE Navon John Lukose (1): ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Neil Armstrong (1): clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable() NeilBrown (1): NFS: fix open_owner_id_maxsz and related fields. Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (2): mfd: sm501: Switch to BIT() to mitigate integer overflows media: vimc: skip .s_stream() for stopped entities Niklas Neronin (1): usb: xhci: correct debug message page size calculation Niklas Schnelle (1): s390: Remove ioremap_wt() and pgprot_writethrough() Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Norbert Szetei (3): ksmbd: add bounds check for create lease context ksmbd: fix overflow in dacloffset bounds check ksmbd: validate zero num_subauth before sub_auth is accessed Nuno Sá (1): iio: backend: make sure to NULL terminate stack buffer Oleg Nesterov (1): exec: fix the racy usage of fs_struct->in_exec Olga Kornievskaia (1): nfsd: fix management of listener transports Oliver Hartkopp (1): can: statistics: use atomic access in hot path Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Palmer Dabbelt (1): RISC-V: errata: Use medany for relocatable builds Paolo Bonzini (1): KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Peng Fan (3): remoteproc: core: Clear table_sz when rproc_shutdown dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister dmaengine: fsl-edma: free irq correctly in remove path Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Zijlstra (2): lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock perf/core: Fix perf_pmu_register() vs. perf_init_event() Peter Zijlstra (Intel) (1): perf/x86/intel: Apply static call for drain_pebs Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (4): EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Remi Pommarel (1): leds: Fix LED_OFF brightness race Richard Fitzgerald (1): firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Rob Clark (1): drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump Robin Murphy (1): media: omap3isp: Handle ARM dma_iommu_mapping Roger Quadros (1): memory: omap-gpmc: drop no compatible check Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Sagi Grimberg (1): nvme-tcp: fix possible UAF in nvme_tcp_poll Saket Kumar Bhaskar (1): selftests/bpf: Select NUMA_NO_NODE to create map Sean Christopherson (1): KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Sebastian Andrzej Siewior (1): lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Sherry Sun (4): tty: serial: fsl_lpuart: Use u32 and u8 for register variables tty: serial: fsl_lpuart: use port struct directly to simply code tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register Shrikanth Hegde (1): sched/deadline: Use online cpus for validating runtime Shuai Xue (1): x86/mce: use is_copy_from_user() to determine copy-from-user context Shyam Sundar S K (2): platform/x86/amd/pmf: Propagate PMF-TA return codes platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA Sicelo A. Mhlongo (1): power: supply: bq27xxx_battery: do not update cached flags prematurely Simon Tatham (2): affs: generate OFS sequence numbers starting at 1 affs: don't write overlarge OFS data block size fields Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Srinivasan Shanmugam (1): drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Stanislav Spassov (1): x86/fpu: Fix guest FPU state buffer allocation size Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefan Binding (7): ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefan Wahren (2): staging: vchiq_arm: Register debugfs after cdev staging: vchiq_arm: Fix possible NPR of keep-alive thread Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Stephen Brennan (1): perf dso: fix dso__is_kallsyms() check Steven Rostedt (2): tracing: Switch trace_events_hist.c code over to use guard() tracing: Do not use PERF enums when perf is not defined Sungjong Seo (2): exfat: fix random stack corruption after get_block exfat: fix potential wrong error return from get_block Sven Schnelle (1): s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation Taehee Yoo (1): net: devmem: do not WARN conditionally after netdev_rx_queue_restart() Takashi Iwai (4): ALSA: hda/realtek: Always honor no_shutup_pins ALSA: timer: Don't take register_mutex with copy_from/to_user() ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tasos Sahanidis (1): hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Tengda Wu (3): selftests/bpf: Fix freplace_link segfault in tailcalls prog test tracing: Correct the refcount if the hist/hist_debug file fails to open tracing: Fix use-after-free in print_graph_function_flags during tracer switching Thadeu Lima de Souza Cascardo (1): drm/amd/display: avoid NPD when ASIC does not support DMUB Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Thomas Richter (1): perf bench: Fix perf bench syscall loop count Tianchen Ding (1): sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks Tianyu Lan (1): x86/hyperv: Fix check of return value from snp_set_vmsa() Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Trond Myklebust (5): NFSv4: Don't trigger uneccessary scans for return-on-close delegations NFSv4: Avoid unnecessary scans of filesystems for returning delegations NFSv4: Avoid unnecessary scans of filesystems for expired delegations NFSv4: Avoid unnecessary scans of filesystems for delayed delegations NFS: Shut down the nfs_client only after all the superblocks Tushar Dave (1): PCI/ACS: Fix 'pci=config_acs=' parameter Ulf Hansson (1): mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Uwe Kleine-König (3): iio: adc: ad4130: Fix comparison of channel setups iio: adc: ad7124: Fix comparison of channel configs iio: adc: ad7173: Fix comparison of channel configs Vasiliy Kovalev (1): ocfs2: validate l_tree_depth to avoid out-of-bounds access Venkata Prasad Potturu (1): ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry Viktor Malik (1): selftests/bpf: Fix string read in strncmp benchmark Vishal Annapurve (1): x86/tdx: Fix arch_safe_halt() execution for TDX VMs Vitalii Mordan (1): gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines Vitaliy Shevtsov (2): ASoC: cs35l41: check the return value from spi_setup() drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vitaly Kuznetsov (1): x86/entry: Add __init to ia32_emulation_override_cmdline() Vitaly Lifshits (1): e1000e: change k1 configuration on MTP and later platforms Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladis Dronov (1): x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled WANG Rui (1): rust: Fix enabling Rust and building with GCC for LoongArch Waiman Long (1): locking/semaphore: Use wake_q to wake up processes outside lock critical section Wang Liang (1): RDMA/core: Fix use-after-free when rename device name Wang Zhaolong (1): smb: client: Fix netns refcount imbalance causing leaks and use-after-free Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wenkai Lin (3): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for sec spec check crypto: hisilicon/sec2 - fix for aead auth key length Wentao Guan (1): HID: i2c-hid: improve i2c_hid_get_report error message Wentao Liang (1): greybus: gb-beagleplay: Add error handling for gb_greybus_init Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Yang Wang (1): drm/amdgpu: refine smu send msg debug log format Yao Zi (1): riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator Yeoreum Yun (1): perf/core: Fix child_total_time_enabled accounting bug at task exit Ying Lu (1): usbnet:fix NPE during rx_complete Yosry Ahmed (1): mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Yuanfang Zhang (1): coresight-etm4x: add isb() before reading the TRCSTATR Yue Haibing (1): pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw() Yuezhang Mo (3): exfat: fix the infinite loop in exfat_find_last_cluster() exfat: fix missing shutdown check exfat: add a check for invalid data size Yuli Wang (1): LoongArch: Rework the arch_kgdb_breakpoint() implementation Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS xueqin Luo (1): thermal: core: Remove duplicate struct declaration zihan zhou (1): sched: Cancel the slice protection of the idle entity zuoqian (1): cpufreq: scpi: compare kHz instead of Hz 谢致邦 (XIE Zhibang) (2): staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig

6 months, 2 weeks

1
1
0 0

Linux 6.6.87

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.87 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm64/kernel/compat_alignment.c | 2 arch/loongarch/Kconfig | 4 arch/loongarch/include/asm/cache.h | 2 arch/loongarch/kernel/kgdb.c | 5 arch/loongarch/net/bpf_jit.c | 12 arch/loongarch/net/bpf_jit.h | 5 arch/powerpc/configs/mpc885_ads_defconfig | 2 arch/powerpc/platforms/cell/spufs/gang.c | 1 arch/powerpc/platforms/cell/spufs/inode.c | 63 ++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 arch/riscv/errata/Makefile | 6 arch/riscv/include/asm/ftrace.h | 4 arch/riscv/kvm/vcpu_pmu.c | 1 arch/riscv/mm/hugetlbpage.c | 76 ++- arch/um/include/shared/os.h | 1 arch/um/kernel/Makefile | 2 arch/um/kernel/maccess.c | 19 arch/um/os-Linux/process.c | 51 -- arch/x86/Kconfig | 2 arch/x86/entry/calling.h | 2 arch/x86/events/intel/core.c | 43 +- arch/x86/events/intel/ds.c | 13 arch/x86/events/perf_event.h | 3 arch/x86/hyperv/hv_vtl.c | 1 arch/x86/hyperv/ivm.c | 5 arch/x86/include/asm/tlbflush.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/sgx/driver.c | 10 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/fpu/core.c | 6 arch/x86/kernel/process.c | 7 arch/x86/kernel/traps.c | 18 arch/x86/kernel/tsc.c | 4 arch/x86/lib/copy_user_64.S | 18 arch/x86/mm/mem_encrypt_identity.c | 4 arch/x86/mm/pat/cpa-test.c | 2 arch/x86/mm/pat/memtype.c | 52 +- drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 7 drivers/acpi/x86/utils.c | 3 drivers/base/power/main.c | 21 - drivers/base/power/runtime.c | 2 drivers/clk/imx/clk-imx8mp-audiomix.c | 6 drivers/clk/meson/g12a.c | 38 + drivers/clk/meson/gxbb.c | 14 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/scpi-cpufreq.c | 5 drivers/crypto/hisilicon/sec2/sec.h | 1 drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 ++---- drivers/crypto/nx/nx-common-pseries.c | 37 - drivers/dma/fsl-edma-main.c | 2 drivers/edac/i10nm_base.c | 2 drivers/edac/ie31200_edac.c | 19 drivers/edac/skx_common.c | 33 + drivers/edac/skx_common.h | 11 drivers/firmware/cirrus/cs_dsp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/bridge/ite-it6505.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 drivers/gpu/drm/mediatek/mtk_dp.c | 6 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 + drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 8 drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 + drivers/gpu/drm/msm/msm_dsc_helper.h | 11 drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/hid/Makefile | 1 drivers/hid/i2c-hid/i2c-hid-core.c | 2 drivers/hwmon/nct6775-core.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/hwtracing/coresight/coresight-core.c | 20 drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++ drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/accel/msa311.c | 26 - drivers/iio/adc/ad4130.c | 41 +- drivers/iio/adc/ad7124.c | 35 + drivers/infiniband/core/device.c | 9 drivers/infiniband/core/mad.c | 38 - drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/erdma/erdma_cm.c | 1 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/infiniband/hw/mlx5/odp.c | 10 drivers/leds/led-core.c | 22 - drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1 drivers/media/rc/streamzap.c | 2 drivers/memory/omap-gpmc.c | 20 drivers/mfd/sm501.c | 6 drivers/mmc/host/omap.c | 19 drivers/mmc/host/sdhci-omap.c | 4 drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/dsa/mv88e6xxx/chip.c | 11 drivers/net/dsa/mv88e6xxx/phy.c | 3 drivers/net/ethernet/ibm/ibmveth.c | 39 + drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++ drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++---- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8 drivers/net/usb/rndis_host.c | 16 drivers/net/usb/usbnet.c | 6 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++-- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvme/host/pci.c | 34 + drivers/nvme/host/tcp.c | 5 drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/dwc/pcie-histb.c | 12 drivers/pci/controller/pcie-brcmstb.c | 9 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/pci.c | 4 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/portdrv.c | 8 drivers/pci/probe.c | 5 drivers/pci/setup-bus.c | 3 drivers/pinctrl/intel/pinctrl-intel.c | 1 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/x86/dell/dell-wmi-ddv.c | 6 drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/platform/x86/intel/vsec.c | 7 drivers/power/supply/max77693_charger.c | 2 drivers/remoteproc/qcom_q6v5_mss.c | 21 - drivers/remoteproc/qcom_q6v5_pas.c | 12 drivers/remoteproc/remoteproc_core.c | 1 drivers/scsi/qla2xxx/qla_os.c | 2 drivers/soundwire/slave.c | 1 drivers/staging/rtl8723bs/Kconfig | 1 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/n_tty.c | 13 drivers/usb/host/xhci-mem.c | 6 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/vhost/scsi.c | 25 - drivers/video/console/Kconfig | 2 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/sm501fb.c | 7 fs/affs/file.c | 9 fs/btrfs/extent-tree.c | 5 fs/exec.c | 15 fs/exfat/fatent.c | 2 fs/ext4/dir.c | 3 fs/ext4/super.c | 27 - fs/fuse/dax.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 4 fs/hostfs/hostfs.h | 2 fs/hostfs/hostfs_kern.c | 7 fs/hostfs/hostfs_user.c | 59 +- fs/isofs/dir.c | 3 fs/jfs/jfs_dtree.c | 3 fs/jfs/xattr.c | 15 fs/nfs/delegation.c | 33 - fs/nfs/sysfs.c | 22 + fs/nfsd/nfs4state.c | 31 + fs/ntfs3/index.c | 4 fs/ntfs3/ntfs.h | 2 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/smb/client/cifsacl.c | 8 fs/smb/client/connect.c | 16 fs/smb/server/auth.c | 6 fs/smb/server/mgmt/user_session.c | 33 + fs/smb/server/mgmt/user_session.h | 2 fs/smb/server/oplock.c | 12 fs/smb/server/smb2pdu.c | 40 + fs/smb/server/smbacl.c | 5 include/drm/display/drm_dp_mst_helper.h | 7 include/linux/context_tracking_irq.h | 8 include/linux/coresight.h | 4 include/linux/fwnode.h | 2 include/linux/interrupt.h | 8 include/linux/pgtable.h | 28 + include/linux/pm_runtime.h | 2 include/linux/rcupdate.h | 2 include/linux/sched/smt.h | 2 include/linux/trace.h | 4 include/linux/trace_events.h | 14 include/rdma/ib_verbs.h | 1 kernel/events/core.c | 46 +- kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 13 kernel/fork.c | 4 kernel/kexec_elf.c | 2 kernel/locking/semaphore.c | 13 kernel/sched/deadline.c | 2 kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace.c | 23 - kernel/trace/trace.h | 1 kernel/trace/trace_boot.c | 2 kernel/trace/trace_events.c | 62 ++- kernel/trace/trace_events_hist.c | 133 +++++- kernel/trace/trace_events_synth.c | 36 + kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 lib/842/842_compress.c | 2 lib/overflow_kunit.c | 3 mm/memory.c | 13 net/can/af_can.c | 12 net/can/af_can.h | 12 net/can/proc.c | 46 +- net/core/dst.c | 8 net/core/rtnetlink.c | 3 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/udp.c | 16 net/ipv6/addrconf.c | 37 + net/ipv6/calipso.c | 21 - net/ipv6/route.c | 42 +- net/mac80211/sta_info.c | 20 net/netfilter/nf_tables_api.c | 4 net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_skbprio.c | 3 net/vmw_vsock/af_vsock.c | 6 samples/ftrace/sample-trace-array.c | 2 scripts/selinux/install_policy.sh | 15 security/smack/smack.h | 6 security/smack/smack_lsm.c | 10 sound/pci/hda/patch_realtek.c | 33 + sound/soc/codecs/cs35l41-spi.c | 4 sound/soc/codecs/rt5665.c | 24 - sound/soc/fsl/imx-card.c | 4 sound/soc/ti/j721e-evm.c | 2 tools/lib/bpf/linker.c | 2 tools/objtool/check.c | 35 - tools/perf/bench/syscall.c | 22 - tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 tools/perf/util/arm-spe.c | 8 tools/perf/util/evlist.c | 13 tools/perf/util/pmu.c | 7 tools/perf/util/pmu.h | 5 tools/perf/util/pmus.c | 20 tools/perf/util/python.c | 17 tools/perf/util/stat-shadow.c | 3 tools/perf/util/units.c | 2 tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5 tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 tools/testing/selftests/mm/cow.c | 2 278 files changed, 2329 insertions(+), 1175 deletions(-) Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Al Viro (3): spufs: fix a leak on spufs_new_file() failure spufs: fix gang directory lifetimes spufs: fix a leak in spufs_create_context() Alex Deucher (1): drm/amdgpu/gfx11: fix num_mec Alex Hung (1): drm/amd/display: Check link_index before accessing dc->links[] Alexandre Ghiti (1): riscv: Fix hugetlb retrieval of number of ptes in case of !present pte Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andrii Nakryiko (1): libbpf: Fix hypothetical STT_SECTION extern NULL deref case Andy Shevchenko (1): pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() AngeloGioacchino Del Regno (2): drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Angelos Oikonomopoulos (1): arm64: Don't call NULL in do_compat_alignment_fixup() Anshuman Khandual (1): arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Antheas Kapenekakis (1): ALSA: hda/realtek: Fix Asus Z13 2025 audio Antoine Tenart (1): net: decrease cached dst counters in dst_release Armin Wolf (1): platform/x86: dell-ddv: Fix temperature calculation Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (2): x86/platform: Only allow CONFIG_EISA for 32-bit mdacon: rework dependency list Artur Weber (1): power: supply: max77693: Fix wrong conversion of charge input threshold value Atish Patra (1): RISC-V: KVM: Disable the kernel perf counter during configure Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (1): fs/procfs: fix the comment above proc_pid_wchan() Benjamin Berg (3): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() um: remove copy_from_kernel_nofault_allowed um: hostfs: avoid issues on inode number reuse by host Benjamin Gaignard (1): media: verisilicon: HEVC: Initialize start_bit field Boris Ostrovsky (1): x86/microcode/AMD: Fix __apply_microcode_amd()'s return value Chao Gao (1): x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Cheng Xu (1): RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chenyuan Yang (1): thermal: int340x: Add NULL check for adev Chiara Meiohas (1): RDMA/mlx5: Fix calculation of total invalidated pages Christophe JAILLET (2): PCI: histb: Fix an error handling path in histb_pcie_probe() ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe() Chuck Lever (1): NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Cong Wang (1): net_sched: skbprio: Remove overly strict queue assertions Cyan Yang (1): selftests/mm/cow: fix the incorrect error handling Dan Carpenter (4): PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() fs/ntfs3: Fix a couple integer overflows on 32bit systems fs/ntfs3: Prevent integer overflow in hdr_first_de() Daniel Bárta (1): ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. Dave Marquardt (1): net: ibmveth: make veth_pool_store stop hanging David E. Box (1): platform/x86/intel/vsec: Add Diamond Rapids support David Hildenbrand (2): x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() David Laight (1): objtool: Fix verbose disassembly if CROSS_COMPILE isn't set David Oberhollenzer (1): net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dmitry Baryshkov (1): drm/msm/dpu: don't use active in atomic_check() Dmitry Panchenko (1): platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Douglas Anderson (1): drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Emmanuel Grumbach (2): wifi: iwlwifi: mvm: use the right version of the rate API wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Fabrizio Castro (3): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call pinctrl: renesas: rzv2m: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Florian Westphal (1): netfilter: nf_tables: don't unregister hook when table is dormant Geert Uytterhoeven (1): drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 6.6.87 Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (1): tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Hans de Goede (1): ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers Hengqi Chen (3): LoongArch: BPF: Fix off-by-one error in build_prologue() LoongArch: BPF: Don't override subprog's return value LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (1): crypto: nx - Fix uninitialised hv_nxc on error Hermes Wu (1): drm/bridge: it6505: fix HDCP V match check is not performed correctly Herton R. Krzesinski (1): x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Huacai Chen (1): LoongArch: Increase ARCH_DMA_MINALIGN up to 16 Ian Rogers (2): perf stat: Fix find_stat for mixed legacy/non-legacy events perf evlist: Add success path to evlist__create_syswide_maps Icenowy Zheng (2): nvme-pci: clean up CMBMSC when registering CMB fails nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Ido Schimmel (2): ipv6: Start path selection from the first nexthop ipv6: Do not consider link down nexthops in path selection Ilkka Koskinen (1): coresight: catu: Fix number of pages while using 64k pages Ilpo Järvinen (1): PCI: pciehp: Don't enable HPIE when resuming in poll mode Ivan Orlov (1): kunit/overflow: Fix UB in overflow_allocation_test James Clark (1): perf pmu: Don't double count common sysfs and json events Jann Horn (3): x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Quinlan (3): PCI: brcmstb: Use internal register to change link capability PCI: brcmstb: Fix error path after a call to regulator_bulk_get() PCI: brcmstb: Fix potential premature regulator disabling Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Jiri Slaby (SUSE) (1): tty: n_tty: use uint for space returned by tty_write_room() Joe Hattori (2): media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johannes Berg (1): wifi: iwlwifi: fw: allocate chained SG tables for dump Jonathan Cameron (2): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Josef Bacik (1): btrfs: handle errors from btrfs_dec_ref() properly Josh Poimboeuf (6): x86/traps: Make exc_double_fault() consistently noreturn objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() objtool: Fix segfault in ignore_unreachable_insn() sched/smt: Always inline sched_smt_active() context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() rcu-tasks: Always inline rcu_irq_work_resched() José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Kai-Heng Feng (1): PCI: Use downstream bridges for distributing resources Kan Liang (1): perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Kees Bakker (1): RDMA/mana_ib: Ensure variable err is initialized Keith Busch (1): nvme-pci: fix stuck reset on concurrent DPC and HP Kevin Loughlin (1): x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Konstantin Andreev (1): smack: dont compile ipv6 code unless ipv6 is configured Kuniyuki Iwashima (1): udp: Fix memory accounting leak. Lama Kayal (1): net/mlx5e: SHAMPO, Make reserved size independent of page size Laurentiu Mihalcea (1): clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents Leo Yan (1): perf arm-spe: Fix load-store operation checking Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Lin Ma (2): netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Lubomir Rintel (1): rndis_host: Flag RNDIS modems as WWAN devices Luca Weiss (3): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226 remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Marcus Meissner (1): perf tools: annotate asm_pure_loop.S Marijn Suijten (2): drm/msm/dsi: Use existing per-interface slice count in DSC timing drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Mario Limonciello (2): ucsi_ccg: Don't show failed to get FW build information error drm/amd: Keep display off while going into S4 Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Masami Hiramatsu (Google) (2): tracing/hist: Add poll(POLLIN) support on hist file tracing/hist: Support POLLPRI event for poll on histogram Matthias Proske (1): wifi: brcmfmac: keep power during suspend if board requires it Maud Spierings (1): dt-bindings: vendor-prefixes: add GOcontroll Miaoqian Lin (2): ksmbd: use aead_request_free to match aead_request_alloc mmc: omap: Fix memory leak in mmc_omap_new_slot Michael Kelley (1): x86/hyperv: Fix output argument to hypercall that changes page visibility Mike Christie (1): vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Murad Masimov (2): acpi: nfit: fix narrowing conversion in acpi_nfit_ctl media: streamzap: fix race between device disconnection and urb callback Naman Jain (1): x86/hyperv/vtl: Stop kernel from probing VTL0 low memory Namjae Jeon (6): ksmbd: fix multichannel connection failure ksmbd: fix r_count dec/increment mismatch cifs: fix incorrect validation for num_aces field of smb_acl ksmbd: add bounds check for durable handle context ksmbd: fix use-after-free in ksmbd_sessions_deregister() ksmbd: fix session use-after-free in multichannel connection Navon John Lukose (1): ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (1): mfd: sm501: Switch to BIT() to mitigate integer overflows Niklas Neronin (1): usb: xhci: correct debug message page size calculation Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Norbert Szetei (2): ksmbd: add bounds check for create lease context ksmbd: validate zero num_subauth before sub_auth is accessed Oleg Nesterov (1): exec: fix the racy usage of fs_struct->in_exec Oliver Hartkopp (1): can: statistics: use atomic access in hot path Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Palmer Dabbelt (1): RISC-V: errata: Use medany for relocatable builds Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Peng Fan (2): remoteproc: core: Clear table_sz when rproc_shutdown dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Zijlstra (2): lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock perf/core: Fix perf_pmu_register() vs. perf_init_event() Peter Zijlstra (Intel) (1): perf/x86/intel: Apply static call for drain_pebs Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (4): EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Remi Pommarel (1): leds: Fix LED_OFF brightness race Richard Fitzgerald (1): firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success Roger Quadros (1): memory: omap-gpmc: drop no compatible check Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Sagi Grimberg (1): nvme-tcp: fix possible UAF in nvme_tcp_poll Saket Kumar Bhaskar (1): selftests/bpf: Select NUMA_NO_NODE to create map Sebastian Andrzej Siewior (1): lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Shrikanth Hegde (1): sched/deadline: Use online cpus for validating runtime Simon Tatham (2): affs: generate OFS sequence numbers starting at 1 affs: don't write overlarge OFS data block size fields Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Srinivasan Shanmugam (1): drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' Stanislav Spassov (1): x86/fpu: Fix guest FPU state buffer allocation size Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefan Binding (2): ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Steven Rostedt (2): tracing: Switch trace_events_hist.c code over to use guard() tracing: Do not use PERF enums when perf is not defined Steven Rostedt (Google) (1): tracing: Allow creating instances with specified system events Takashi Iwai (2): ALSA: hda/realtek: Always honor no_shutup_pins ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tasos Sahanidis (1): hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Tengda Wu (2): tracing: Correct the refcount if the hist/hist_debug file fails to open tracing: Fix use-after-free in print_graph_function_flags during tracer switching Thadeu Lima de Souza Cascardo (1): drm/amd/display: avoid NPD when ASIC does not support DMUB Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Thomas Richter (1): perf bench: Fix perf bench syscall loop count Tianyu Lan (1): x86/hyperv: Fix check of return value from snp_set_vmsa() Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Trond Myklebust (2): NFSv4: Don't trigger uneccessary scans for return-on-close delegations NFS: Shut down the nfs_client only after all the superblocks Ulf Hansson (1): mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Uwe Kleine-König (2): iio: adc: ad4130: Fix comparison of channel setups iio: adc: ad7124: Fix comparison of channel configs Vasiliy Kovalev (1): ocfs2: validate l_tree_depth to avoid out-of-bounds access Viktor Malik (1): selftests/bpf: Fix string read in strncmp benchmark Vitaliy Shevtsov (2): ASoC: cs35l41: check the return value from spi_setup() drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vitaly Lifshits (1): e1000e: change k1 configuration on MTP and later platforms Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladis Dronov (1): x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long (1): locking/semaphore: Use wake_q to wake up processes outside lock critical section Wang Zhaolong (1): smb: client: Fix netns refcount imbalance causing leaks and use-after-free Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wenkai Lin (3): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for sec spec check crypto: hisilicon/sec2 - fix for aead auth key length Wentao Guan (1): HID: i2c-hid: improve i2c_hid_get_report error message Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Yeoreum Yun (1): perf/core: Fix child_total_time_enabled accounting bug at task exit Ying Lu (1): usbnet:fix NPE during rx_complete Yuanfang Zhang (1): coresight-etm4x: add isb() before reading the TRCSTATR Yuezhang Mo (1): exfat: fix the infinite loop in exfat_find_last_cluster() Yuli Wang (1): LoongArch: Rework the arch_kgdb_breakpoint() implementation Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS zuoqian (1): cpufreq: scpi: compare kHz instead of Hz 谢致邦 (XIE Zhibang) (2): staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig

6 months, 2 weeks

1
1
0 0

Linux 6.1.134

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.134 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/compat_alignment.c | 2 arch/loongarch/Kconfig | 4 arch/loongarch/include/asm/cache.h | 2 arch/loongarch/net/bpf_jit.c | 7 arch/loongarch/net/bpf_jit.h | 5 arch/powerpc/configs/mpc885_ads_defconfig | 2 arch/powerpc/platforms/cell/spufs/gang.c | 1 arch/powerpc/platforms/cell/spufs/inode.c | 63 ++- arch/powerpc/platforms/cell/spufs/spufs.h | 2 arch/riscv/include/asm/ftrace.h | 4 arch/um/include/shared/os.h | 1 arch/um/kernel/Makefile | 2 arch/um/kernel/maccess.c | 19 arch/um/os-Linux/process.c | 51 -- arch/x86/Kconfig | 2 arch/x86/entry/calling.h | 2 arch/x86/events/intel/core.c | 43 +- arch/x86/events/intel/ds.c | 13 arch/x86/events/perf_event.h | 3 arch/x86/include/asm/tlbflush.h | 2 arch/x86/kernel/cpu/sgx/driver.c | 10 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/fpu/core.c | 6 arch/x86/kernel/process.c | 7 arch/x86/kernel/tsc.c | 4 arch/x86/mm/mem_encrypt_identity.c | 4 arch/x86/mm/pat/cpa-test.c | 2 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 7 drivers/base/power/main.c | 21 - drivers/base/power/runtime.c | 2 drivers/clk/meson/g12a.c | 38 + drivers/clk/meson/gxbb.c | 14 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/scpi-cpufreq.c | 5 drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 - drivers/crypto/nx/nx-common-pseries.c | 37 - drivers/edac/ie31200_edac.c | 19 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/bridge/ite-it6505.c | 7 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 + drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 + drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/hid/Makefile | 1 drivers/hid/i2c-hid/i2c-hid-core.c | 2 drivers/hwmon/nct6775-core.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/hwtracing/coresight/coresight-core.c | 20 drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++ drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/accel/msa311.c | 26 - drivers/iio/adc/ad7124.c | 35 + drivers/infiniband/core/device.c | 9 drivers/infiniband/core/mad.c | 38 - drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/erdma/erdma_cm.c | 1 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/infiniband/hw/mlx5/odp.c | 10 drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1 drivers/media/rc/streamzap.c | 2 drivers/memory/omap-gpmc.c | 20 drivers/mfd/sm501.c | 6 drivers/mmc/host/sdhci-omap.c | 4 drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/dsa/mv88e6xxx/chip.c | 11 drivers/net/dsa/mv88e6xxx/phy.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++---- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8 drivers/net/usb/rndis_host.c | 16 drivers/net/usb/usbnet.c | 6 drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++-- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvme/host/pci.c | 21 - drivers/nvme/host/tcp.c | 5 drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/pcie-brcmstb.c | 9 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/pci.c | 4 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/portdrv_core.c | 8 drivers/pci/probe.c | 5 drivers/pci/setup-bus.c | 3 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/x86/intel/hid.c | 7 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/power/supply/max77693_charger.c | 2 drivers/remoteproc/qcom_q6v5_mss.c | 21 - drivers/remoteproc/qcom_q6v5_pas.c | 10 drivers/remoteproc/remoteproc_core.c | 1 drivers/soundwire/slave.c | 1 drivers/staging/rtl8723bs/Kconfig | 1 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/serial/fsl_lpuart.c | 25 + drivers/usb/host/xhci-mem.c | 6 drivers/video/console/Kconfig | 2 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/sm501fb.c | 7 fs/affs/file.c | 9 fs/btrfs/extent-tree.c | 5 fs/exfat/fatent.c | 2 fs/ext4/dir.c | 3 fs/ext4/super.c | 27 - fs/fuse/dax.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 4 fs/isofs/dir.c | 3 fs/jfs/jfs_dtree.c | 3 fs/jfs/xattr.c | 15 fs/nfs/delegation.c | 33 - fs/nfsd/nfs4state.c | 31 + fs/ntfs3/index.c | 4 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/smb/server/auth.c | 6 fs/smb/server/mgmt/user_session.c | 33 + fs/smb/server/mgmt/user_session.h | 2 fs/smb/server/oplock.c | 8 fs/smb/server/smb2pdu.c | 19 fs/smb/server/smbacl.c | 5 include/drm/display/drm_dp_mst_helper.h | 7 include/linux/context_tracking_irq.h | 8 include/linux/coresight.h | 4 include/linux/fwnode.h | 2 include/linux/interrupt.h | 8 include/linux/pm_runtime.h | 2 include/linux/rcupdate.h | 2 include/linux/sched/smt.h | 2 include/rdma/ib_verbs.h | 1 io_uring/filetable.c | 2 kernel/events/ring_buffer.c | 2 kernel/kexec_elf.c | 2 kernel/locking/semaphore.c | 13 kernel/sched/deadline.c | 2 kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace_events_synth.c | 36 + kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 lib/842/842_compress.c | 2 lib/overflow_kunit.c | 3 mm/memory.c | 2 net/can/af_can.c | 12 net/can/af_can.h | 12 net/can/proc.c | 46 +- net/core/rtnetlink.c | 3 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/udp.c | 16 net/ipv6/addrconf.c | 37 + net/ipv6/calipso.c | 21 - net/ipv6/route.c | 42 +- net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_skbprio.c | 3 net/vmw_vsock/af_vsock.c | 6 scripts/selinux/install_policy.sh | 15 security/smack/smack.h | 6 security/smack/smack_lsm.c | 10 sound/pci/hda/patch_realtek.c | 32 + sound/soc/codecs/cs35l41-spi.c | 4 sound/soc/fsl/imx-card.c | 4 sound/soc/ti/j721e-evm.c | 2 tools/lib/bpf/linker.c | 2 tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 tools/perf/util/evlist.c | 13 tools/perf/util/python.c | 17 tools/perf/util/units.c | 2 tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5 tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 205 files changed, 1394 insertions(+), 771 deletions(-) Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Al Viro (3): spufs: fix a leak on spufs_new_file() failure spufs: fix gang directory lifetimes spufs: fix a leak in spufs_create_context() Alex Deucher (1): drm/amdgpu/gfx11: fix num_mec Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andrii Nakryiko (1): libbpf: Fix hypothetical STT_SECTION extern NULL deref case AngeloGioacchino Del Regno (2): drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Angelos Oikonomopoulos (1): arm64: Don't call NULL in do_compat_alignment_fixup() Anshuman Khandual (1): arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig Antheas Kapenekakis (1): ALSA: hda/realtek: Fix Asus Z13 2025 audio Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (2): x86/platform: Only allow CONFIG_EISA for 32-bit mdacon: rework dependency list Artur Weber (1): power: supply: max77693: Fix wrong conversion of charge input threshold value Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (1): fs/procfs: fix the comment above proc_pid_wchan() Benjamin Berg (2): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() um: remove copy_from_kernel_nofault_allowed Benjamin Gaignard (1): media: verisilicon: HEVC: Initialize start_bit field Chao Gao (1): x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures Cheng Xu (1): RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() Chenyuan Yang (1): thermal: int340x: Add NULL check for adev Chiara Meiohas (1): RDMA/mlx5: Fix calculation of total invalidated pages Chuck Lever (1): NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Cong Wang (1): net_sched: skbprio: Remove overly strict queue assertions Dan Carpenter (3): PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() fs/ntfs3: Fix a couple integer overflows on 32bit systems Daniel Bárta (1): ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. David Oberhollenzer (1): net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dmitry Panchenko (1): platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Emmanuel Grumbach (1): wifi: iwlwifi: mvm: use the right version of the rate API Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Fabrizio Castro (3): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call pinctrl: renesas: rzv2m: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Geert Uytterhoeven (1): drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 6.1.134 Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (1): tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Hengqi Chen (2): LoongArch: BPF: Fix off-by-one error in build_prologue() LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (1): crypto: nx - Fix uninitialised hv_nxc on error Hermes Wu (1): drm/bridge: it6505: fix HDCP V match check is not performed correctly Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Huacai Chen (1): LoongArch: Increase ARCH_DMA_MINALIGN up to 16 Ian Rogers (1): perf evlist: Add success path to evlist__create_syswide_maps Icenowy Zheng (2): nvme-pci: clean up CMBMSC when registering CMB fails nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Ido Schimmel (2): ipv6: Start path selection from the first nexthop ipv6: Do not consider link down nexthops in path selection Ilkka Koskinen (1): coresight: catu: Fix number of pages while using 64k pages Ilpo Järvinen (1): PCI: pciehp: Don't enable HPIE when resuming in poll mode Ivan Orlov (1): kunit/overflow: Fix UB in overflow_allocation_test Jann Horn (3): x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jens Axboe (1): io_uring/filetable: ensure node switch is always done, if needed Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Quinlan (3): PCI: brcmstb: Use internal register to change link capability PCI: brcmstb: Fix error path after a call to regulator_bulk_get() PCI: brcmstb: Fix potential premature regulator disabling Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Joe Hattori (2): media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johannes Berg (1): wifi: iwlwifi: fw: allocate chained SG tables for dump Jonathan Cameron (2): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails. Josef Bacik (1): btrfs: handle errors from btrfs_dec_ref() properly Josh Poimboeuf (4): objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() sched/smt: Always inline sched_smt_active() context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() rcu-tasks: Always inline rcu_irq_work_resched() José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Kai-Heng Feng (1): PCI: Use downstream bridges for distributing resources Kan Liang (1): perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Kevin Loughlin (1): x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() Konstantin Andreev (1): smack: dont compile ipv6 code unless ipv6 is configured Kuniyuki Iwashima (1): udp: Fix memory accounting leak. Lama Kayal (1): net/mlx5e: SHAMPO, Make reserved size independent of page size Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Lin Ma (2): netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Lubomir Rintel (1): rndis_host: Flag RNDIS modems as WWAN devices Luca Weiss (2): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Marcus Meissner (1): perf tools: annotate asm_pure_loop.S Marijn Suijten (1): drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host Mario Limonciello (1): drm/amd: Keep display off while going into S4 Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Matthias Proske (1): wifi: brcmfmac: keep power during suspend if board requires it Miaoqian Lin (1): ksmbd: use aead_request_free to match aead_request_alloc Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Murad Masimov (2): acpi: nfit: fix narrowing conversion in acpi_nfit_ctl media: streamzap: fix race between device disconnection and urb callback Namjae Jeon (3): ksmbd: fix multichannel connection failure ksmbd: fix use-after-free in ksmbd_sessions_deregister() ksmbd: fix session use-after-free in multichannel connection Navon John Lukose (1): ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (1): mfd: sm501: Switch to BIT() to mitigate integer overflows Niklas Neronin (1): usb: xhci: correct debug message page size calculation Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Norbert Szetei (2): ksmbd: add bounds check for create lease context ksmbd: validate zero num_subauth before sub_auth is accessed Oliver Hartkopp (1): can: statistics: use atomic access in hot path Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Peng Fan (1): remoteproc: core: Clear table_sz when rproc_shutdown Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Zijlstra (1): lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock Peter Zijlstra (Intel) (1): perf/x86/intel: Apply static call for drain_pebs Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (3): EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Roger Quadros (1): memory: omap-gpmc: drop no compatible check Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Sagi Grimberg (1): nvme-tcp: fix possible UAF in nvme_tcp_poll Saket Kumar Bhaskar (1): selftests/bpf: Select NUMA_NO_NODE to create map Sebastian Andrzej Siewior (1): lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Sherry Sun (2): tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Shrikanth Hegde (1): sched/deadline: Use online cpus for validating runtime Simon Tatham (2): affs: generate OFS sequence numbers starting at 1 affs: don't write overlarge OFS data block size fields Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Stanislav Spassov (1): x86/fpu: Fix guest FPU state buffer allocation size Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefan Binding (2): ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Steven Rostedt (1): tracing: Do not use PERF enums when perf is not defined Takashi Iwai (1): ALSA: hda/realtek: Always honor no_shutup_pins Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tasos Sahanidis (1): hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Tengda Wu (1): tracing: Fix use-after-free in print_graph_function_flags during tracer switching Thadeu Lima de Souza Cascardo (1): drm/amd/display: avoid NPD when ASIC does not support DMUB Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Trond Myklebust (1): NFSv4: Don't trigger uneccessary scans for return-on-close delegations Ulf Hansson (1): mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD Uwe Kleine-König (1): iio: adc: ad7124: Fix comparison of channel configs Vasiliy Kovalev (1): ocfs2: validate l_tree_depth to avoid out-of-bounds access Viktor Malik (1): selftests/bpf: Fix string read in strncmp benchmark Vitaliy Shevtsov (2): ASoC: cs35l41: check the return value from spi_setup() drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladis Dronov (1): x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Waiman Long (1): locking/semaphore: Use wake_q to wake up processes outside lock critical section Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for aead auth key length Wentao Guan (1): HID: i2c-hid: improve i2c_hid_get_report error message Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Ying Lu (1): usbnet:fix NPE during rx_complete Yuanfang Zhang (1): coresight-etm4x: add isb() before reading the TRCSTATR Yuezhang Mo (1): exfat: fix the infinite loop in exfat_find_last_cluster() Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS zuoqian (1): cpufreq: scpi: compare kHz instead of Hz 谢致邦 (XIE Zhibang) (2): staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig

6 months, 2 weeks

1
1
0 0

Linux 5.15.180

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.180 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/timers/no_hz.rst | 7 Makefile | 2 arch/alpha/include/asm/elf.h | 6 arch/alpha/include/asm/pgtable.h | 2 arch/alpha/include/asm/processor.h | 8 arch/alpha/kernel/osf_sys.c | 11 arch/arm/boot/dts/bcm2711.dtsi | 11 arch/arm/mach-shmobile/headsmp.S | 1 arch/arm/mm/fault.c | 8 arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 arch/powerpc/platforms/cell/spufs/inode.c | 9 arch/riscv/include/asm/ftrace.h | 4 arch/x86/Kconfig | 2 arch/x86/entry/calling.h | 2 arch/x86/include/asm/tlbflush.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/mshyperv.c | 11 arch/x86/kernel/cpu/sgx/driver.c | 10 arch/x86/kernel/dumpstack.c | 5 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 7 arch/x86/kernel/tsc.c | 4 arch/x86/mm/pat/cpa-test.c | 2 block/bio.c | 2 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/resource.c | 13 drivers/base/power/main.c | 21 - drivers/base/power/runtime.c | 2 drivers/clk/meson/g12a.c | 38 + drivers/clk/meson/gxbb.c | 14 drivers/clk/qcom/gcc-msm8953.c | 2 drivers/clk/qcom/mmcc-sdm660.c | 2 drivers/clk/rockchip/clk-rk3328.c | 2 drivers/clk/samsung/clk.c | 2 drivers/clocksource/i8253.c | 36 + drivers/counter/microchip-tcb-capture.c | 19 drivers/counter/stm32-lptimer-cnt.c | 24 - drivers/cpufreq/cpufreq_governor.c | 45 +- drivers/cpufreq/scpi-cpufreq.c | 5 drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 - drivers/crypto/nx/nx-common-pseries.c | 37 - drivers/edac/ie31200_edac.c | 19 drivers/firmware/imx/imx-scu.c | 1 drivers/firmware/iscsi_ibft.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/nv.c | 2 drivers/gpu/drm/amd/amdgpu/soc15.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17 drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 + drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 - drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/drm_atomic_uapi.c | 4 drivers/gpu/drm/drm_connector.c | 4 drivers/gpu/drm/drm_dp_mst_topology.c | 8 drivers/gpu/drm/gma500/mid_bios.c | 5 drivers/gpu/drm/mediatek/mtk_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 + drivers/gpu/drm/nouveau/nouveau_connector.c | 1 drivers/gpu/drm/radeon/radeon_vce.c | 2 drivers/gpu/drm/v3d/v3d_sched.c | 9 drivers/gpu/drm/vkms/vkms_drv.c | 15 drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 drivers/hid/Makefile | 1 drivers/hid/hid-ids.h | 1 drivers/hid/hid-plantronics.c | 144 +++---- drivers/hid/hid-quirks.c | 1 drivers/hid/intel-ish-hid/ipc/ipc.c | 6 drivers/hv/vmbus_drv.c | 13 drivers/hwmon/nct6775.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 2 drivers/i2c/busses/i2c-ali1535.c | 12 drivers/i2c/busses/i2c-ali15x3.c | 12 drivers/i2c/busses/i2c-omap.c | 26 - drivers/i2c/busses/i2c-sis630.c | 12 drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/accel/mma8452.c | 10 drivers/iio/adc/ad7124.c | 35 + drivers/infiniband/core/device.c | 9 drivers/infiniband/core/mad.c | 38 - drivers/infiniband/core/sysfs.c | 1 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 drivers/infiniband/hw/hns/hns_roce_hem.c | 23 - drivers/infiniband/hw/hns/hns_roce_hem.h | 2 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/hns/hns_roce_mr.c | 4 drivers/infiniband/hw/hns/hns_roce_qp.c | 10 drivers/infiniband/hw/mlx5/cq.c | 2 drivers/media/dvb-frontends/dib8000.c | 5 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/media/platform/allegro-dvt/allegro-core.c | 1 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/mfd/sm501.c | 6 drivers/mmc/host/atmel-mci.c | 4 drivers/mmc/host/sdhci-brcmstb.c | 86 ++++ drivers/mmc/host/sdhci-pxav3.c | 1 drivers/net/arcnet/com20020-pci.c | 17 drivers/net/can/flexcan.c | 18 drivers/net/dsa/mv88e6xxx/chip.c | 59 ++ drivers/net/ethernet/intel/ice/ice_arfs.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++---- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 drivers/net/usb/qmi_wwan.c | 2 drivers/net/usb/usbnet.c | 27 - drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++-- drivers/net/wwan/mhi_wwan_mbim.c | 2 drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 drivers/ntb/test/ntb_perf.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/host/fc.c | 3 drivers/nvme/host/pci.c | 21 - drivers/nvme/host/tcp.c | 5 drivers/nvme/target/rdma.c | 33 + drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 drivers/pci/controller/cadence/pcie-cadence.h | 2 drivers/pci/controller/pcie-brcmstb.c | 4 drivers/pci/controller/pcie-xilinx-cpm.c | 10 drivers/pci/hotplug/pciehp_hpc.c | 4 drivers/pci/pci.c | 4 drivers/pci/pcie/aspm.c | 17 drivers/pci/pcie/portdrv_core.c | 8 drivers/pci/probe.c | 5 drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 drivers/pinctrl/renesas/pinctrl-rza2.c | 2 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/pinctrl/tegra/pinctrl-tegra.c | 3 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2 drivers/power/supply/max77693_charger.c | 2 drivers/powercap/powercap_sys.c | 3 drivers/regulator/core.c | 12 drivers/remoteproc/qcom_q6v5_mss.c | 21 - drivers/remoteproc/qcom_q6v5_pas.c | 10 drivers/remoteproc/remoteproc_core.c | 1 drivers/s390/cio/chp.c | 3 drivers/scsi/qla1280.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/soc/qcom/pdr_interface.c | 8 drivers/soundwire/slave.c | 1 drivers/thermal/cpufreq_cooling.c | 2 drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3 drivers/tty/serial/8250/8250_dma.c | 2 drivers/tty/serial/8250/8250_pci.c | 46 ++ drivers/tty/serial/fsl_lpuart.c | 25 + drivers/usb/serial/ftdi_sio.c | 14 drivers/usb/serial/ftdi_sio_ids.h | 13 drivers/usb/serial/option.c | 48 +- drivers/video/console/Kconfig | 2 drivers/video/fbdev/au1100fb.c | 4 drivers/video/fbdev/hyperv_fb.c | 2 drivers/video/fbdev/sm501fb.c | 7 fs/affs/file.c | 9 fs/btrfs/extent-tree.c | 5 fs/cifs/cifs_debug.c | 2 fs/cifs/cifsglob.h | 8 fs/cifs/connect.c | 15 fs/cifs/fs_context.c | 14 fs/exfat/fatent.c | 2 fs/ext4/dir.c | 3 fs/ext4/super.c | 27 - fs/fuse/dax.c | 1 fs/fuse/dir.c | 4 fs/fuse/file.c | 4 fs/isofs/dir.c | 3 fs/jfs/jfs_dtree.c | 3 fs/jfs/xattr.c | 15 fs/ksmbd/auth.c | 2 fs/ksmbd/mgmt/user_session.c | 16 fs/ksmbd/mgmt/user_session.h | 2 fs/ksmbd/smb2pdu.c | 12 fs/ksmbd/smbacl.c | 5 fs/namei.c | 24 - fs/nfs/delegation.c | 33 - fs/nfsd/nfs4state.c | 31 + fs/ntfs3/index.c | 4 fs/ocfs2/alloc.c | 8 fs/proc/base.c | 2 fs/proc/generic.c | 10 fs/proc/inode.c | 6 fs/proc/internal.h | 14 fs/vboxsf/super.c | 3 include/drm/drm_dp_mst_helper.h | 7 include/linux/fs.h | 2 include/linux/fwnode.h | 2 include/linux/i8253.h | 1 include/linux/interrupt.h | 8 include/linux/pm_runtime.h | 2 include/linux/proc_fs.h | 7 include/linux/sched/smt.h | 2 include/linux/slab.h | 99 +++- include/net/ipv6.h | 4 include/rdma/ib_verbs.h | 1 include/sound/soc.h | 5 kernel/events/ring_buffer.c | 2 kernel/kexec_elf.c | 2 kernel/locking/semaphore.c | 13 kernel/sched/core.c | 5 kernel/sched/deadline.c | 2 kernel/time/hrtimer.c | 22 - kernel/trace/bpf_trace.c | 2 kernel/trace/ring_buffer.c | 4 kernel/trace/trace_events_synth.c | 37 + kernel/trace/trace_functions_graph.c | 1 kernel/trace/trace_irqsoff.c | 2 kernel/trace/trace_osnoise.c | 1 kernel/trace/trace_sched_wakeup.c | 2 kernel/watch_queue.c | 9 lib/842/842_compress.c | 2 lib/buildid.c | 5 mm/slab.c | 9 mm/slab_common.c | 34 - mm/slob.c | 14 net/8021q/vlan_netlink.c | 10 net/atm/lec.c | 3 net/atm/mpc.c | 2 net/batman-adv/bat_iv_ogm.c | 3 net/batman-adv/bat_v_ogm.c | 3 net/bluetooth/6lowpan.c | 7 net/bluetooth/hci_event.c | 13 net/can/af_can.c | 12 net/can/af_can.h | 12 net/can/proc.c | 46 +- net/core/neighbour.c | 1 net/core/netpoll.c | 9 net/core/rtnetlink.c | 3 net/core/sock_map.c | 5 net/ipv4/ip_tunnel_core.c | 4 net/ipv4/tcp.c | 6 net/ipv6/addrconf.c | 37 + net/ipv6/calipso.c | 21 - net/ipv6/ip6_output.c | 6 net/ipv6/netfilter/nf_socket_ipv6.c | 23 + net/ipv6/route.c | 5 net/mptcp/options.c | 6 net/mptcp/protocol.h | 2 net/netfilter/ipvs/ip_vs_ctl.c | 8 net/netfilter/nf_conncount.c | 2 net/netfilter/nft_ct.c | 6 net/netfilter/nft_exthdr.c | 10 net/netfilter/nft_set_hash.c | 3 net/netfilter/nft_tunnel.c | 6 net/openvswitch/actions.c | 6 net/openvswitch/flow_netlink.c | 17 net/sched/act_tunnel_key.c | 2 net/sched/cls_flower.c | 2 net/sched/sch_api.c | 6 net/sched/sch_skbprio.c | 3 net/sctp/stream.c | 2 net/vmw_vsock/af_vsock.c | 6 net/xfrm/xfrm_output.c | 2 scripts/selinux/install_policy.sh | 15 sound/pci/hda/patch_realtek.c | 28 + sound/soc/codecs/arizona.c | 14 sound/soc/codecs/madera.c | 10 sound/soc/codecs/tas2764.c | 10 sound/soc/codecs/tas2764.h | 8 sound/soc/codecs/tas2770.c | 2 sound/soc/codecs/wm0010.c | 13 sound/soc/codecs/wm5110.c | 8 sound/soc/fsl/imx-card.c | 4 sound/soc/sh/rcar/core.c | 14 sound/soc/sh/rcar/rsnd.h | 1 sound/soc/sh/rcar/src.c | 18 sound/soc/soc-ops.c | 15 sound/soc/sof/intel/hda-codec.c | 1 sound/soc/ti/j721e-evm.c | 2 sound/usb/mixer_quirks.c | 51 ++ tools/lib/bpf/linker.c | 2 tools/perf/util/python.c | 17 tools/perf/util/units.c | 2 281 files changed, 2105 insertions(+), 1000 deletions(-) Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Al Viro (2): spufs: fix a leak on spufs_new_file() failure spufs: fix a leak in spufs_create_context() Alex Hung (1): drm/amd/display: Assign normalized_pix_clk when color depth = 14 Alexey Kashavkin (1): netfilter: nft_exthdr: fix offset with ipv4_find_option() Alistair Popple (1): fuse: fix dax truncate/punch_hole fault path Andreas Kemnade (1): i2c: omap: fix IRQ storms Andrii Nakryiko (2): lib/buildid: Handle memfd_secret() files in build_id_parse() libbpf: Fix hypothetical STT_SECTION extern NULL deref case Andy Shevchenko (1): hrtimers: Mark is_migration_base() with __always_inline AngeloGioacchino Del Regno (2): drm/mediatek: mtk_hdmi: Unregister audio platform device on failure drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member Arnaldo Carvalho de Melo (5): perf units: Fix insufficient array space perf python: Fixup description of sample.id event member perf python: Decrement the refcount of just created event on failure perf python: Don't keep a raw_data pointer to consumed ring buffer space perf python: Check if there is space to copy all the event Arnd Bergmann (3): x86/irq: Define trace events conditionally x86/platform: Only allow CONFIG_EISA for 32-bit mdacon: rework dependency list Arthur Mongodin (1): mptcp: Fix data stream corruption in the address announcement Artur Weber (2): pinctrl: bcm281xx: Fix incorrect regmap max_registers value power: supply: max77693: Fix wrong conversion of charge input threshold value Barnabás Czémán (1): clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock Bart Van Assche (1): fs/procfs: fix the comment above proc_pid_wchan() Benjamin Berg (1): x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() Boon Khai Ng (1): USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Brahmajit Das (1): vboxsf: fix building with GCC 15 Breno Leitao (1): netpoll: hold rcu read lock in __netpoll_send_skb() Cameron Williams (2): tty: serial: 8250: Add some more device IDs tty: serial: 8250: Add Brainboxes XC devices Carolina Jubran (1): net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Charles Keepax (1): ASoC: ops: Consistently treat platform_max as control value Chengchang Tang (1): RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() Chengen Du (1): iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Chenyuan Yang (1): thermal: int340x: Add NULL check for adev Chia-Lin Kao (AceLan) (1): HID: ignore non-functional sensor in HP 5MP Camera Christian Eggers (1): regulator: check that dummy regulator has been probed before using it Christophe JAILLET (4): ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() i2c: ali1535: Fix an error handling path in ali1535_probe() i2c: ali15x3: Fix an error handling path in ali15x3_probe() i2c: sis630: Fix an error handling path in sis630_probe() Chuck Lever (1): NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up Cong Wang (2): net_sched: Prevent creation of classes with TC_H_ROOT net_sched: skbprio: Remove overly strict queue assertions Cosmin Ratiu (1): xfrm_output: Force software GSO only in tunnel mode Dan Carpenter (6): ipvs: prevent integer overflow in do_ip_vs_get_ctl() Bluetooth: Fix error code in chan_alloc_skb_cb() net: atm: fix use after free in lec_send() PCI: Remove stray put_device() in pci_register_host_bridge() drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() fs/ntfs3: Fix a couple integer overflows on 32bit systems Daniel Lezcano (1): thermal/cpufreq_cooling: Remove structure member documentation Daniel Stodden (1): PCI/ASPM: Fix link state exit during switch upstream function removal Daniel Wagner (2): nvme-fc: go straight to connecting state when initializing nvme: only allow entering LIVE from CONNECTING state Danila Chernetsov (1): fbdev: sm501fb: Add some geometry checks. David Rosca (1): drm/amdgpu: Fix JPEG video caps max size for navi1x and raven David Woodhouse (1): clockevents/drivers/i8253: Fix stop sequence for timer 0 Debin Zhu (1): netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets Dhruv Deshpande (1): ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx Dominique Martinet (1): net: usb: usbnet: restore usb%d name exception for local mac addresses Douglas Raillard (2): tracing: Ensure module defining synth event cannot be unloaded while tracing tracing: Fix synth event printk format for str fields Eric Dumazet (2): vlan: fix memory leak in vlan_newlink() tcp: fix races in tcp_abort() Eric Sandeen (1): watch_queue: fix pipe accounting mismatch Eric W. Biederman (1): alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Fabio Porcedda (4): USB: serial: option: add Telit Cinterion FE990B compositions USB: serial: option: fix Telit Cinterion FE990A name net: usb: qmi_wwan: add Telit Cinterion FN990B composition net: usb: qmi_wwan: add Telit Cinterion FE990B composition Fabrice Gasnier (1): counter: stm32-lptimer-cnt: fix error handling when enabling Fabrizio Castro (2): pinctrl: renesas: rza2: Fix missing of_node_put() call pinctrl: renesas: rzg2l: Fix missing of_node_put() call Feng Tang (1): PCI/portdrv: Only disable pciehp interrupts early when needed Feng Yang (1): ring-buffer: Fix bytes_dropped calculation issue Fernando Fernandez Mancera (1): ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS Florent Revest (1): x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Gannon Kolding (1): ACPI: resource: IRQ override for Eluktronics MECH-17 Geert Uytterhoeven (2): ARM: shmobile: smp: Enforce shmobile_smp_* alignment drm/bridge: ti-sn65dsi86: Fix multiple instances Geetha sowjanya (2): octeontx2-af: Fix mbox INTR handler when num VFs > 64 octeontx2-af: Free NIX_AF_INT_VEC_GEN irq Giovanni Gherdovich (1): ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid Greg Kroah-Hartman (1): Linux 5.15.180 Grzegorz Nitka (1): ice: fix memory leak in aRFS after reset Gu Bowen (1): mmc: atmel-mci: Add missing clk_disable_unprepare() Guilherme G. Piccoli (1): x86/tsc: Always save/restore TSC sched_clock() on suspend/resume Guillaume Nault (3): gre: Fix IPv6 link-local address generation. Revert "gre: Fix IPv6 link-local address generation." tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). Haibo Chen (2): can: flexcan: only change CAN state when link up in system PM can: flexcan: disable transceiver during system PM Hans Zhang (1): PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload Haoxiang Li (1): qlcnic: fix memory leak issues in qlcnic_sriov_common.c Hector Martin (3): ASoC: tas2770: Fix volume scale ASoC: tas2764: Fix power control mask ASoC: tas2764: Set the SDOUT polarity correctly Henrique Carvalho (1): smb: client: Fix match_session bug preventing session reuse Henry Martin (2): ASoC: imx-card: Add NULL check in imx_card_probe() arcnet: Add NULL check in com20020pci_probe() Herbert Xu (1): crypto: nx - Fix uninitialised hv_nxc on error Hersen Wu (1): drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Hou Tao (1): bpf: Use preempt_count() directly in bpf_send_signal_common() Icenowy Zheng (2): nvme-pci: clean up CMBMSC when registering CMB fails nvme-pci: skip CMB blocks incompatible with PCI P2P DMA Ilkka Koskinen (1): coresight: catu: Fix number of pages while using 64k pages Ilpo Järvinen (1): PCI: pciehp: Don't enable HPIE when resuming in poll mode Ilya Maximets (1): net: openvswitch: remove misbehaving actions length check Ivan Abramov (1): drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Jann Horn (4): sched: Clarify wake_up_q()'s write to task->wake_q.next x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs Jayesh Choudhary (1): ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible Jerome Brunet (4): clk: amlogic: gxbb: drop incorrect flag on 32k clock clk: amlogic: g12b: fix cluster A parent data clk: amlogic: gxbb: drop non existing 32k clock parent clk: amlogic: g12a: fix mmc A peripheral clock Jesse Zhang (1): drm/amd/pm: Fix negative array index read Jianbo Liu (1): net/mlx5: Bridge, fix the crash caused by LAG state check Jie Zhan (1): cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() Jim Quinlan (1): PCI: brcmstb: Use internal register to change link capability Jiri Kosina (1): HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER Joe Hattori (4): powercap: call put_device() on an error path in powercap_register_control_type() firmware: imx-scu: fix OF node leak in .probe() media: platform: allgro-dvt: unregister v4l2_device on the error path soundwire: slave: fix an OF node reference leak in soundwire slave device Johan Hovold (1): USB: serial: option: match on interface class for Telit FN990B Johannes Berg (1): wifi: iwlwifi: fw: allocate chained SG tables for dump John Keeping (1): serial: 8250_dma: terminate correct DMA in tx_dma_flush() Jonathan Cameron (1): iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio Josef Bacik (1): btrfs: handle errors from btrfs_dec_ref() properly Joseph Huang (1): net: dsa: mv88e6xxx: Verify after ATU Load ops Josh Poimboeuf (2): objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() sched/smt: Always inline sched_smt_active() José Expósito (1): drm/vkms: Fix use after free and double free on init error Juhan Jin (1): riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra Junxian Huang (4): RDMA/hns: Fix soft lockup during bt pages loop RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() RDMA/hns: Fix wrong value of max_sge_rd Justin Klaassen (1): arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Kamal Dasu (3): mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume Karel Balej (1): mmc: sdhci-pxav3: set NEED_RSP_BUSY capability Kashyap Desai (1): RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Kees Cook (5): slab: clean up function prototypes slab: Introduce kmalloc_size_roundup() openvswitch: Use kmalloc_size_roundup() to match ksize() usage ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() ARM: 9351/1: fault: Add "cut here" line for prefetch aborts Kohei Enju (1): netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Kuninori Morimoto (1): ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Kuniyuki Iwashima (2): ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Li Lingfeng (1): nfsd: put dl_stid if fail to queue dl_recall Lin Ma (3): net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES netfilter: nft_tunnel: fix geneve_opt type confusion addition net: fix geneve_opt length integer overflow Luca Weiss (2): remoteproc: qcom_q6v5_pas: Make single-PD handling more robust remoteproc: qcom_q6v5_mss: Handle platforms with one power domain Luiz Augusto von Dentz (1): Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Luo Qiu (1): memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove Ma Ke (1): drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Magnus Lindholm (1): scsi: qla1280: Fix kernel oops when debug level > 2 Maher Sanalla (1): IB/mad: Check available slots before posting receive WRs Mario Limonciello (3): drm/amd/display: Restore correct backlight brightness after a GPU reset drm/amd/display: Fix slab-use-after-free on hdcp_work drm/amd: Keep display off while going into S4 Mark Zhang (1): rtnetlink: Allocate vfinfo size for VF GUIDs when supported Markus Elfring (2): fbdev: au1100fb: Move a variable assignment behind a null pointer check ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() Matthieu Baerts (NGI0) (1): mptcp: safety check before fallback Maxim Mikityanskiy (1): netfilter: socket: Lookup orig tuple for IPv6 SNAT Maíra Canal (1): drm/v3d: Don't run jobs that have errors flagged in its fence Miaoqian Lin (1): ksmbd: use aead_request_free to match aead_request_alloc Michael Kelley (2): fbdev: hyperv_fb: iounmap() the correct memory when removing a device Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Michael Strauss (1): drm/amd/display: Check for invalid input params when building scaling params Michal Luczaj (1): bpf, sockmap: Fix race between element replace and close() Mike Rapoport (Microsoft) (1): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Miklos Szeredi (1): fuse: don't truncate cached, mutated symlink Ming Lei (1): block: fix 'kmem_cache of name 'bio-108' already exists' Minjoong Kim (1): atm: Fix NULL pointer dereference Murad Masimov (5): cifs: Fix integer overflow while processing acregmax mount option cifs: Fix integer overflow while processing acdirmax mount option cifs: Fix integer overflow while processing actimeo mount option cifs: Fix integer overflow while processing closetimeo mount option acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Namjae Jeon (2): ksmbd: fix multichannel connection failure ksmbd: fix incorrect validation for num_aces field of smb_acl Nathan Chancellor (1): mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() Navon John Lukose (1): ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx Nikita Shubin (1): ntb: intel: Fix using link status DB's Nikita Zhandarovich (2): drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() mfd: sm501: Switch to BIT() to mitigate integer overflows Nishanth Aravamudan (1): PCI: Avoid reset when disabled via sysfs Oleg Nesterov (1): sched/isolation: Prevent boot crash when the boot CPU is nohz_full Oliver Hartkopp (1): can: statistics: use atomic access in hot path Pablo Neira Ayuso (1): netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only Patrisious Haddad (1): RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow Paul Menzel (1): ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP Paulo Alcantara (1): smb: client: fix potential UAF in cifs_debug_files_proc_show() Peng Fan (1): remoteproc: core: Clear table_sz when rproc_shutdown Peter Geis (1): clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent Peter Oberparleiter (1): s390/cio: Fix CHPID "configure" attribute caching Phil Elwell (2): ARM: dts: bcm2711: PL011 UARTs are actually r1p5 ARM: dts: bcm2711: Don't mark timer regs unconfigured Prathamesh Shete (1): pinctrl: tegra: Set SFIO mode to Mux Register Qasim Ijaz (2): isofs: fix KMSAN uninit-value bug in do_isofs_readdir() jfs: fix slab-out-of-bounds read in ea_get() Qiuxu Zhuo (3): EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer EDAC/ie31200: Fix the DIMM size mask for several SoCs EDAC/ie31200: Fix the error path order of ie31200_init() Rafael J. Wysocki (2): PM: sleep: Adjust check before setting power.must_resume PM: sleep: Fix handling devices with direct_complete set on errors Ran Xiaokai (1): tracing/osnoise: Fix possible recursive locking for cpus_read_lock() Rik van Riel (1): scsi: core: Use GFP_NOIO to avoid circular locking dependency Roman Gushchin (1): RDMA/core: Don't expose hw_counters outside of init net namespace Roman Smirnov (1): jfs: add index corruption check to DT_GETPAGE() Ruozhu Li (1): nvmet-rdma: recheck queue state is LIVE in state lock in recv done Sagi Grimberg (1): nvme-tcp: fix possible UAF in nvme_tcp_poll Saranya R (1): soc: qcom: pdr: Fix the potential deadlock Saravanan Vajravel (1): RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Sebastian Andrzej Siewior (2): netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() Sherry Sun (2): tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers Shrikanth Hegde (1): sched/deadline: Use online cpus for validating runtime Simon Tatham (2): affs: generate OFS sequence numbers starting at 1 affs: don't write overlarge OFS data block size fields Sourabh Jain (1): kexec: initialize ELF lowest address to ULONG_MAX Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Stanley Chu (1): i3c: master: svc: Fix missing the IBI rules Stefano Garzarella (1): vsock: avoid timeout during connect() if the socket is closing Stephan Gerhold (1): net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Steven Rostedt (1): tracing: Do not use PERF enums when perf is not defined Sven Eckelmann (1): batman-adv: Ignore own maximum aggregation size during RX Takashi Iwai (1): ALSA: hda/realtek: Always honor no_shutup_pins Tanya Agarwal (1): lib: 842: Improve error handling in sw842_compress() Tao Chen (1): perf/ring_buffer: Allow the EPOLLRDNORM flag for poll Tasos Sahanidis (1): hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} Tengda Wu (1): tracing: Fix use-after-free in print_graph_function_flags during tracer switching Terry Cheong (1): ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Terry Junge (2): ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names HID: hid-plantronics: Add mic mute mapping and generalize quirks Theodore Ts'o (1): ext4: don't over-report free space or inodes in statvfs Thippeswamy Havalige (1): PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe Thomas Zimmermann (1): drm/nouveau: Do not override forced connector status Tim Schumacher (1): selinux: Chain up tool resolving errors in install_policy.sh Tobias Waldekranz (1): net: mvpp2: Prevent parser TCAM memory corruption Tomi Valkeinen (1): drm: xlnx: zynqmp: Fix max dma segment size Trond Myklebust (1): NFSv4: Don't trigger uneccessary scans for return-on-close delegations Uwe Kleine-König (2): media: i2c: et8ek8: Don't strip remove function when driver is builtin iio: adc: ad7124: Fix comparison of channel configs Vasiliy Kovalev (1): ocfs2: validate l_tree_depth to avoid out-of-bounds access Ville Syrjälä (1): drm/atomic: Filter out redundant DPMS calls Vitaliy Shevtsov (1): drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() Vitaly Rodionov (1): ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Vladimir Lypak (1): clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock Vladis Dronov (1): x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled Vlastimil Babka (1): mm, slab: remove duplicate kernel-doc comment for ksize() Waiman Long (1): locking/semaphore: Use wake_q to wake up processes outside lock critical section Wang Yufen (1): ipv6: Fix signed integer overflow in __ip6_append_data Wayne Lin (1): drm/dp_mst: Fix drm RAD print Wenkai Lin (2): crypto: hisilicon/sec2 - fix for aead authsize alignment crypto: hisilicon/sec2 - fix for aead auth key length Wentao Liang (1): net/mlx5: handle errors in mlx5_chains_create_table() Will McVicker (1): clk: samsung: Fix UBSAN panic in samsung_clk_init() William Breathitt Gray (1): counter: microchip-tcb-capture: Fix undefined counter channel state on probe Yajun Deng (1): ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans Yanjun Yang (1): ARM: Remove address checking for MMUless devices Ye Bin (1): proc: fix UAF in proc_get_inode() Ying Lu (1): usbnet:fix NPE during rx_complete Yu-Chun Lin (1): sctp: Fix undefined behavior in left shift operation Yuezhang Mo (1): exfat: fix the infinite loop in exfat_find_last_cluster() Zhang Lixu (1): HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Zijun Hu (1): of: property: Increase NR_FWNODE_REFERENCE_ARGS zuoqian (1): cpufreq: scpi: compare kHz instead of Hz

6 months, 2 weeks

1
1
0 0