- Linux-stable-mirror - lists.linaro.org

[PATCH v2 00/23] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, This patch series adds initial support for the HEVC(H.265) and VP9 codecs in iris decoder. The objective of this work is to extend the decoder's capabilities to handle HEVC and VP9 codec streams, including necessary format handling and buffer management. In addition, the series also includes a set of fixes to address issues identified during testing of these additional codecs. These patches also address the comments and feedback received from the RFC patches previously sent. I have made the necessary improvements based on the community's suggestions. Changes in v2: - Added Changes to make sure all buffers are released in session close (bryna) - Added tracking for flush responses to fix a timing issue. - Added a handling to fix timing issue in reconfig - Splitted patch 06/20 in two patches (Bryan) - Added missing fixes tag (bryan) - Updated fluster report (Nicolas) - Link to v1: https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… Changes sinces RFC: - Added additional fixes to address issues identified during further testing. - Moved typo fix to a seperate patch [Neil] - Reordered the patches for better logical flow and clarity [Neil, Dmitry] - Added fixes tag wherever applicable [Neil, Dmitry] - Removed the default case in the switch statement for codecs [Bryan] - Replaced if-else statements with switch-case [Bryan] - Added comments for mbpf [Bryan] - RFC: https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… This patch series depends on [1] & [2] [1] https://lore.kernel.org/linux-media/20250417-topic-sm8x50-iris-v10-v7-0-f02… [2] https://lore.kernel.org/linux-media/20250424-qcs8300_iris-v5-0-f118f505c300… These patches are tested on SM8250 and SM8550 with v4l2-ctl and Gstreamer for HEVC and VP9 decoders, at the same time ensured that the existing H264 decoder functionality remains uneffected. Note: 1 of the fluster compliance test is fixed with firmware [3] [3]: https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… The result of fluster test on SM8550: 131/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 - 2 testcase failed due to CRC mismatch - RAP_A_docomo_6 - RAP_B_Bossen_2 - BUG reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 Analysis - First few frames in this discarded by firmware and are sent to driver with 0 filled length. Driver send such buffers to client with timestamp 0 and payload set to 0 and make buf state to VB2_BUF_STATE_ERROR. Such buffers should be dropped by GST. But instead, the first frame displayed as green frame and when a valid buffer is sent to client later with same 0 timestamp, its dropped, leading to CRC mismatch for first frame. 235/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 2 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - 1 testcase failed due to unsupported stream - vp90-2-16-intra-only.webm The result of fluster test on SM8250: 133/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 232/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug raised: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 5 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - vp90-2-21-resize_inter_320x240_5_1-2.webm - vp90-2-21-resize_inter_320x240_7_1-2.webm - vp90-2-18-resize.ivf - 1 testcase failed with CRC mismatch - vp90-2-16-intra-only.webm Analysis: First few frames are marked by firmware as NO_SHOW frame. Driver make buf state to VB2_BUF_STATE_ERROR for such frames. Such buffers should be dropped by GST. But instead, the first frame is being displayed and when a valid buffer is sent to client later with same timestamp, its dropped, leading to CRC mismatch for first frame. Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Dikshita Agarwal (23): media: iris: Skip destroying internal buffer if not dequeued media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Add handling for corrupt and drop frames media: iris: Avoid updating frame size to firmware during reconfig media: iris: Send V4L2_BUF_FLAG_ERROR for buffers with 0 filled length media: iris: Drop port check for session property response media: iris: Add handling for no show frames media: iris: Improve last flag handling media: iris: Skip flush on first sequence change media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove redundant buffer count check in stream off media: iris: Remove deprecated property setting to firmware media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Add a comment to explain usage of MBPS media: iris: Track flush responses to prevent premature completion media: iris: Fix buffer preparation failure during resolution change media: iris: Add HEVC and VP9 formats for decoder media: iris: Add platform capabilities for HEVC and VP9 decoders media: iris: Set mandatory properties for HEVC and VP9 decoders. media: iris: Add internal buffer calculation for HEVC and VP9 decoders media: iris: Add codec specific check for VP9 decoder drain handling drivers/media/platform/qcom/iris/iris_buffer.c | 52 ++- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 39 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + .../platform/qcom/iris/iris_hfi_gen2_response.c | 58 ++- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 8 + .../platform/qcom/iris/iris_platform_common.h | 28 +- .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- drivers/media/platform/qcom/iris/iris_vdec.c | 117 +++--- drivers/media/platform/qcom/iris/iris_vdec.h | 11 + drivers/media/platform/qcom/iris/iris_vidc.c | 9 +- drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- 22 files changed, 1154 insertions(+), 210 deletions(-) --- base-commit: 398a1b33f1479af35ca915c5efc9b00d6204f8fa change-id: 20250428-qcom-iris-hevc-vp9-eb31f30c3390 prerequisite-message-id: <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98(a)linaro.org> prerequisite-patch-id: 35f8dae1416977e88c2db7c767800c01822e266e prerequisite-patch-id: 2bba98151ca103aa62a513a0fbd0df7ae64d9868 prerequisite-patch-id: 0e43a6d758b5fa5ab921c6aa3c19859e312b47d0 prerequisite-patch-id: b7b50aa1657be59fd51c3e53d73382a1ee75a08e prerequisite-patch-id: 30960743105a36f20b3ec4a9ff19e7bca04d6add prerequisite-patch-id: b93c37dc7e09d1631b75387dc1ca90e3066dce17 prerequisite-patch-id: afffe7096c8e110a8da08c987983bc4441d39578 prerequisite-message-id: <20250424-qcs8300_iris-v5-0-f118f505c300(a)quicinc.com> prerequisite-patch-id: 2e72fe4d11d264db3d42fa450427d30171303c6f prerequisite-patch-id: 3398937a7fabb45934bb98a530eef73252231132 prerequisite-patch-id: feda620f147ca14a958c92afdc85a1dc507701ac prerequisite-patch-id: 07ba0745c7d72796567e0a57f5c8e5355a8d2046 prerequisite-patch-id: e35b05c527217206ae871aef0d7b0261af0319ea Best regards, -- Dikshita Agarwal <quic_dikshita(a)quicinc.com>

6 months, 3 weeks

6
34
0 0

[PATCH] accel/ivpu: Increase state dump msg timeout

by Jacek Lawrynowicz

Increase JMS message state dump command timeout to 100 ms. On some platforms, the FW may take a bit longer than 50 ms to dump its state to the log buffer and we don't want to miss any debug info during TDR. Fixes: 5e162f872d7a ("accel/ivpu: Add FW state dump on TDR") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_hw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/accel/ivpu/ivpu_hw.c b/drivers/accel/ivpu/ivpu_hw.c index ec9a3629da3a9..633160470c939 100644 --- a/drivers/accel/ivpu/ivpu_hw.c +++ b/drivers/accel/ivpu/ivpu_hw.c @@ -119,7 +119,7 @@ static void timeouts_init(struct ivpu_device *vdev) else vdev->timeout.autosuspend = 100; vdev->timeout.d0i3_entry_msg = 5; - vdev->timeout.state_dump_msg = 10; + vdev->timeout.state_dump_msg = 100; } } -- 2.45.1

6 months, 3 weeks

2
2
0 0

possible deadlock in blk_mq_freeze_queue in Linux6.1.25(longterm maintenance, last updated on April 25, 2025)

by Jianzhou Zhao

Hello, I found a potential bug titled " possible deadlock in blk_mq_freeze_queue" with modified syzkaller in the Linux6.12.25(longterm maintenance, last updated on April 25, 2025) If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : ef4999852d307d38cfdecd91ed6892cc03beb9b8 kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 Unfortunately, although my fuzz testing tool can trigger this bug relatively frequently, it still cannot generate a reproduction program. ------------[ cut here ]----------------------------------------- TITLE: possible deadlock in blk_mq_freeze_queue ------------[ cut here ]------------ loop6: detected capacity change from 1024 to 1023 ====================================================== WARNING: possible circular locking dependency detected 6.12.25 #1 Not tainted ------------------------------------------------------ syz.8.1968/32422 is trying to acquire lock: ffffffff8e34acc0 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:318 [inline] ffffffff8e34acc0 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:4068 [inline] ffffffff8e34acc0 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:4146 [inline] ffffffff8e34acc0 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x56/0x3e0 mm/slub.c:4322 but task is already holding lock: ffff8880435f1468 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:224 [inline] ffff8880435f1468 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:234 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: bio_queue_enter block/blk.h:76 [inline] blk_mq_submit_bio+0x22fd/0x2dd0 block/blk-mq.c:3088 __submit_bio+0x63b/0x10b0 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:716 [inline] submit_bio_noacct_nocheck block/blk-core.c:745 [inline] submit_bio_noacct_nocheck+0x6cc/0xd30 block/blk-core.c:722 submit_bio_noacct+0x6c9/0x1fc0 block/blk-core.c:868 xfs_buf_ioapply_map fs/xfs/xfs_buf.c:1585 [inline] _xfs_buf_ioapply+0xa65/0xed0 fs/xfs/xfs_buf.c:1673 __xfs_buf_submit+0x26c/0x700 fs/xfs/xfs_buf.c:1757 xfs_buf_submit fs/xfs/xfs_buf.c:61 [inline] _xfs_buf_read fs/xfs/xfs_buf.c:808 [inline] xfs_buf_read_map+0x672/0xde0 fs/xfs/xfs_buf.c:872 xfs_trans_read_buf_map+0x356/0xcf0 fs/xfs/xfs_trans_buf.c:289 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline] xfs_imap_to_bp+0x110/0x2a0 fs/xfs/libxfs/xfs_inode_buf.c:138 xfs_inode_item_precommit+0x5d9/0x980 fs/xfs/xfs_inode_item.c:174 xfs_trans_run_precommits fs/xfs/xfs_trans.c:802 [inline] __xfs_trans_commit+0x303/0xda0 fs/xfs/xfs_trans.c:845 xfs_trans_commit+0x117/0x1b0 fs/xfs/xfs_trans.c:930 xfs_qm_qino_alloc+0x4da/0x700 fs/xfs/xfs_qm.c:861 xfs_qm_init_quotainos+0x526/0x6e0 fs/xfs/xfs_qm.c:1664 xfs_qm_init_quotainfo+0xf8/0xb00 fs/xfs/xfs_qm.c:667 xfs_qm_mount_quotas+0x59/0x650 fs/xfs/xfs_qm.c:1514 xfs_mountfs+0x1c0e/0x20e0 fs/xfs/xfs_mount.c:984 xfs_fs_fill_super+0x148f/0x1f30 fs/xfs/xfs_super.c:1764 get_tree_bdev_flags+0x389/0x620 fs/super.c:1636 vfs_get_tree+0x90/0x340 fs/super.c:1814 do_new_mount fs/namespace.c:3512 [inline] path_mount+0x1290/0x1bc0 fs/namespace.c:3839 do_mount+0xf8/0x110 fs/namespace.c:3852 __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x193/0x230 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&xfs_nondir_ilock_class#3){++++}-{3:3}: down_write_nested+0x96/0x210 kernel/locking/rwsem.c:1693 xfs_ilock+0x35c/0x420 fs/xfs/xfs_inode.c:164 xfs_reclaim_inode fs/xfs/xfs_icache.c:981 [inline] xfs_icwalk_process_inode fs/xfs/xfs_icache.c:1675 [inline] xfs_icwalk_ag+0xa64/0x17c0 fs/xfs/xfs_icache.c:1757 xfs_icwalk+0x4b/0xa0 fs/xfs/xfs_icache.c:1805 xfs_reclaim_inodes_nr+0x1ad/0x2b0 fs/xfs/xfs_icache.c:1047 super_cache_scan+0x364/0x490 fs/super.c:227 do_shrink_slab+0x464/0x11d0 mm/shrinker.c:437 shrink_slab+0x336/0x12c0 mm/shrinker.c:664 shrink_one+0x4a8/0x7d0 mm/vmscan.c:4835 shrink_many mm/vmscan.c:4896 [inline] lru_gen_shrink_node mm/vmscan.c:4974 [inline] shrink_node+0x24da/0x3b50 mm/vmscan.c:5954 kswapd_shrink_node mm/vmscan.c:6782 [inline] balance_pgdat+0x9d0/0x1670 mm/vmscan.c:6974 kswapd+0x538/0xc70 mm/vmscan.c:7243 kthread+0x342/0x450 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2940/0x4810 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x1b4/0x590 kernel/locking/lockdep.c:5790 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4068 [inline] slab_alloc_node mm/slub.c:4146 [inline] __kmalloc_cache_noprof+0x56/0x3e0 mm/slub.c:4322 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] kobject_uevent_env+0x23a/0x16b0 lib/kobject_uevent.c:540 set_capacity_and_notify+0x1cb/0x250 block/genhd.c:95 loop_set_size.isra.0+0x2f/0xc0 drivers/block/loop.c:232 loop_set_status+0x486/0x740 drivers/block/loop.c:1210 loop_set_status_old+0x148/0x1c0 drivers/block/loop.c:1313 lo_ioctl+0xc5e/0x1830 drivers/block/loop.c:1466 blkdev_ioctl+0x27b/0x6d0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: fs_reclaim --> &xfs_nondir_ilock_class#3 --> &q->q_usage_counter(io)#23 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->q_usage_counter(io)#23); lock(&xfs_nondir_ilock_class#3); lock(&q->q_usage_counter(io)#23); lock(fs_reclaim); *** DEADLOCK *** 3 locks held by syz.8.1968/32422: #0: ffff888020454b70 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_set_status+0x2a/0x740 drivers/block/loop.c:1176 #1: ffff8880435f1468 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_freeze_queue block/blk-mq.c:224 [inline] #1: ffff8880435f1468 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:234 #2: ffff8880435f14a0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_freeze_queue block/blk-mq.c:224 [inline] #2: ffff8880435f14a0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 block/blk-mq.c:234 stack backtrace: CPU: 0 UID: 0 PID: 32422 Comm: syz.8.1968 Not tainted 6.12.25 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_circular_bug.isra.0+0x5e5/0x9f0 kernel/locking/lockdep.c:2074 check_noncircular+0x2f1/0x3d0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2940/0x4810 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x1b4/0x590 kernel/locking/lockdep.c:5790 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4068 [inline] slab_alloc_node mm/slub.c:4146 [inline] __kmalloc_cache_noprof+0x56/0x3e0 mm/slub.c:4322 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] kobject_uevent_env+0x23a/0x16b0 lib/kobject_uevent.c:540 set_capacity_and_notify+0x1cb/0x250 block/genhd.c:95 loop_set_size.isra.0+0x2f/0xc0 drivers/block/loop.c:232 loop_set_status+0x486/0x740 drivers/block/loop.c:1210 loop_set_status_old+0x148/0x1c0 drivers/block/loop.c:1313 lo_ioctl+0xc5e/0x1830 drivers/block/loop.c:1466 blkdev_ioctl+0x27b/0x6d0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f22897ac5ad Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f228a5f2f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f22899e5fa0 RCX: 00007f22897ac5ad RDX: 0000200000000080 RSI: 0000000000004c02 RDI: 0000000000000006 RBP: 00007f228984458e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f22899e5fa0 R15: 00007f228a5d3000 </TASK> =================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
0
0 0

KASAN: slab-use-after-free Read in perf_uprobe_destroy in linux6.12.25(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " KASAN: slab-use-after-free Read in perf_uprobe_destroy " with modified syzkaller in the Linux6.12.25(longterm maintenance, last updated on April 25, 2025) If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>, Penglei Jiang <superman.xpt(a)gmail.com> The commit of the kernel is : ef4999852d307d38cfdecd91ed6892cc03beb9b8 kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 I put the reproduction program of this bug at the end of the email. ------------[ cut here ]----------------------------------------- TITLE: KASAN: slab-use-after-free Read in perf_uprobe_destroy ------------[ cut here ]------------ ================================================================== BUG: KASAN: slab-use-after-free in perf_trace_event_close kernel/trace/trace_event_perf.c:190 [inline] BUG: KASAN: slab-use-after-free in perf_uprobe_destroy+0x1d6/0x200 kernel/trace/trace_event_perf.c:344 Read of size 8 at addr ffff888028f59060 by task syz.0.14/12239 CPU: 0 UID: 0 PID: 12239 Comm: syz.0.14 Not tainted 6.12.25 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc0/0x5e0 mm/kasan/report.c:488 kasan_report+0x93/0xc0 mm/kasan/report.c:601 perf_trace_event_close kernel/trace/trace_event_perf.c:190 [inline] perf_uprobe_destroy+0x1d6/0x200 kernel/trace/trace_event_perf.c:344 __free_event+0x1d9/0x870 kernel/events/core.c:5330 perf_event_alloc kernel/events/core.c:12437 [inline] perf_event_alloc+0x1246/0x37d0 kernel/events/core.c:12210 __do_sys_perf_event_open+0x44c/0x2aa0 kernel/events/core.c:12847 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb0d09ac5ad Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb0d18f5f98 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007fb0d0be5fa0 RCX: 00007fb0d09ac5ad RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 RBP: 00007fb0d0a4458e R08: 000000000000000a R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fb0d0be5fa0 R15: 00007fb0d18d6000 </TASK> Allocated by task 12239: kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x1a5/0x3e0 mm/slub.c:4327 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] trace_probe_init+0xbc/0x5f0 kernel/trace/trace_probe.c:2050 alloc_trace_uprobe+0xa5/0x310 kernel/trace/trace_uprobe.c:347 create_local_trace_uprobe+0x10d/0x4c0 kernel/trace/trace_uprobe.c:1643 perf_uprobe_init+0x13a/0x220 kernel/trace/trace_event_perf.c:319 perf_uprobe_event_init+0x103/0x1d0 kernel/events/core.c:10715 perf_try_init_event+0x137/0xd70 kernel/events/core.c:11976 perf_init_event kernel/events/core.c:12064 [inline] perf_event_alloc kernel/events/core.c:12345 [inline] perf_event_alloc+0x101a/0x37d0 kernel/events/core.c:12210 __do_sys_perf_event_open+0x44c/0x2aa0 kernel/events/core.c:12847 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 12239: kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3a/0x60 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x54/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2372 [inline] slab_free mm/slub.c:4611 [inline] kfree+0x14e/0x4a0 mm/slub.c:4759 trace_probe_unlink+0x185/0x200 kernel/trace/trace_probe.c:2016 trace_probe_cleanup+0x168/0x1d0 kernel/trace/trace_probe.c:2034 free_trace_uprobe.part.0+0x1b/0x80 kernel/trace/trace_uprobe.c:371 free_trace_uprobe kernel/trace/trace_uprobe.c:367 [inline] destroy_local_trace_uprobe+0x5d/0x80 kernel/trace/trace_uprobe.c:1682 perf_try_init_event+0x44b/0xd70 kernel/events/core.c:12007 perf_init_event kernel/events/core.c:12064 [inline] perf_event_alloc kernel/events/core.c:12345 [inline] perf_event_alloc+0x101a/0x37d0 kernel/events/core.c:12210 __do_sys_perf_event_open+0x44c/0x2aa0 kernel/events/core.c:12847 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff888028f59000 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 96 bytes inside of freed 512-byte region [ffff888028f59000, ffff888028f59200) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f58 head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88801b041c80 ffffea0000a70200 dead000000000002 raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 00fff00000000040 ffff88801b041c80 ffffea0000a70200 dead000000000002 head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 00fff00000000002 ffffea0000a3d601 ffffffffffffffff 0000000000000000 head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9461, tgid 9461 (syz-executor), ts 105252344888, free_ts 105090780548 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook mm/page_alloc.c:1558 [inline] prep_new_page+0x31b/0x3a0 mm/page_alloc.c:1566 get_page_from_freelist+0x19fb/0x33b0 mm/page_alloc.c:3476 __alloc_pages_noprof+0x324/0x6b0 mm/page_alloc.c:4754 alloc_pages_mpol_noprof+0x2ce/0x610 mm/mempolicy.c:2269 alloc_slab_page mm/slub.c:2442 [inline] allocate_slab mm/slub.c:2608 [inline] new_slab+0x253/0x430 mm/slub.c:2662 ___slab_alloc+0xe1c/0x1720 mm/slub.c:3850 __slab_alloc.isra.0+0x56/0xb0 mm/slub.c:3940 __slab_alloc_node mm/slub.c:3993 [inline] slab_alloc_node mm/slub.c:4154 [inline] __kmalloc_cache_noprof+0x37f/0x3e0 mm/slub.c:4322 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] fib6_info_alloc+0xc9/0x290 net/ipv6/ip6_fib.c:155 ip6_route_info_create+0x341/0x1610 net/ipv6/route.c:3802 ip6_route_add+0x26/0x160 net/ipv6/route.c:3896 addrconf_prefix_route.isra.0+0x302/0x510 net/ipv6/addrconf.c:2486 inet6_addr_add+0x73a/0xc10 net/ipv6/addrconf.c:3083 inet6_rtm_newaddr+0x116a/0x18b0 net/ipv6/addrconf.c:5068 rtnetlink_rcv_msg+0x3c9/0xfc0 net/core/rtnetlink.c:6678 netlink_rcv_skb+0x165/0x450 net/netlink/af_netlink.c:2537 page last free pid 9499 tgid 9499 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_page+0x799/0x1320 mm/page_alloc.c:2659 __put_partials+0x151/0x170 mm/slub.c:3177 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x50/0x130 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x165/0x1c0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x67/0x90 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4117 [inline] slab_alloc_node mm/slub.c:4166 [inline] __kmalloc_cache_noprof+0x12a/0x3e0 mm/slub.c:4322 kmalloc_noprof include/linux/slab.h:878 [inline] call_modprobe kernel/module/kmod.c:84 [inline] __request_module+0x2a2/0x6b0 kernel/module/kmod.c:173 dev_load+0x1ff/0x240 net/core/dev_ioctl.c:645 dev_ioctl+0x518/0x10b0 net/core/dev_ioctl.c:709 sock_do_ioctl+0x1ca/0x260 net/socket.c:1241 sock_ioctl+0x23a/0x6c0 net/socket.c:1346 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff888028f58f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888028f58f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888028f59000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888028f59080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888028f59100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include <dirent.h> #include <endian.h> #include <errno.h> #include <fcntl.h> #include <signal.h> #include <stdarg.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/prctl.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <time.h> #include <unistd.h> static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } memcpy((void*)0x200000000000, ".pending_reads\000", 15); syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000000ul, /*flags=O_SYNC|O_NOATIME|O_LARGEFILE|O_CREAT|O_APPEND*/ 0x149440, /*mode=*/0); *(uint32_t*)0x200000000040 = 8; *(uint32_t*)0x200000000044 = 0x80; *(uint8_t*)0x200000000048 = 2; *(uint8_t*)0x200000000049 = 0; *(uint8_t*)0x20000000004a = 0; *(uint8_t*)0x20000000004b = 0; *(uint32_t*)0x20000000004c = 0; *(uint64_t*)0x200000000050 = 0; *(uint64_t*)0x200000000058 = 0x6a484; *(uint64_t*)0x200000000060 = 4; STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 38, 26); *(uint32_t*)0x200000000070 = 7; *(uint32_t*)0x200000000074 = 0; *(uint64_t*)0x200000000078 = 0x200000000000; *(uint64_t*)0x200000000080 = 0; *(uint64_t*)0x200000000088 = 0; *(uint64_t*)0x200000000090 = 0; *(uint32_t*)0x200000000098 = 0; *(uint32_t*)0x20000000009c = 0; *(uint64_t*)0x2000000000a0 = 0x40000000000000; *(uint32_t*)0x2000000000a8 = 0; *(uint16_t*)0x2000000000ac = 0; *(uint16_t*)0x2000000000ae = 0; *(uint32_t*)0x2000000000b0 = 9; *(uint32_t*)0x2000000000b4 = 0; *(uint64_t*)0x2000000000b8 = 0; syscall(__NR_perf_event_open, /*attr=*/0x200000000040ul, /*pid=*/0, /*cpu=*/0ul, /*group=*/-1, /*flags=PERF_FLAG_FD_CLOEXEC|PERF_FLAG_FD_OUTPUT*/ 0xaul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; } =================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
0
0 0

sound/pci/hda: add quirk for HP Spectre x360 15-eb0xxx

by Ezra Khuzadi

sound/pci/hda: add quirk for HP Spectre x360 15-eb0xxx Add subsystem ID 0x86e5 for HP Spectre x360 15-eb0xxx so that ALC285_FIXUP_HP_SPECTRE_X360_EB1 (GPIO amp-enable, mic-mute LED and pinconfigs) is applied. Tested on HP Spectre x360 15-eb0043dx (Vendor 0x10ec0285, Subsys 0x103c86e5) with legacy HDA driver and hda-verb toggles: $ cat /proc/asound/card0/codec#0 \ | sed -n -e '1,5p;/Vendor Id:/p;/Subsystem Id:/p' Codec: Realtek ALC285 Vendor Id: 0x10ec0285 Subsystem Id: 0x103c86e5 $ dmesg | grep -i realtek [ 5.828728] snd_hda_codec_realtek ehdaudio0D0: ALC285: picked fixup for PCI SSID 103c:86e5 Signed-off-by: Ezra Khuzadi <ekhuzadi(a)uci.edu> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 877137cb09ac..82ad105e7fa9 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10563,6 +10563,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x86c7, "HP Envy AiO 32", ALC274_FIXUP_HP_ENVY_GPIO), + SND_PCI_QUIRK(0x103c, 0x86e5, "HP Spectre x360 15-eb0xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), SND_PCI_QUIRK(0x103c, 0x86e7, "HP Spectre x360 15-eb0xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), SND_PCI_QUIRK(0x103c, 0x86e8, "HP Spectre x360 15-eb0xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), SND_PCI_QUIRK(0x103c, 0x86f9, "HP Spectre x360 13-aw0xxx", ALC285_FIXUP_HP_SPECTRE_X360_MUTE_LED),

6 months, 3 weeks

2
2
0 0

[to-be-updated] kasan-avoid-sleepable-page-allocation-from-atomic-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: avoid sleepable page allocation from atomic context has been removed from the -mm tree. Its filename was kasan-avoid-sleepable-page-allocation-from-atomic-context.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: kasan: avoid sleepable page allocation from atomic context Date: Tue, 29 Apr 2025 18:08:41 +0200 apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 with the call sequences arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable(), such a crash occurs: [ 553.332108] preempt_count: 1, expected: 0 [ 553.332117] no locks held by multipathd/2116. [ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted: [ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR) [ 553.332146] Call Trace: [ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150 [ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8 [ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0 [ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88 [ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110 [ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8 [ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318 [ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768 [ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38 [ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98 [ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90 [ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260 [ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360 [ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378 [ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430 [ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80 [ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0 [ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8 [ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118 [ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328 [ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0 [ 553.332428] [<0000000015913260>] system_call+0x70/0x98 Instead of allocating single pages per-PTE, bulk-allocate the shadow memory prior to applying kasan_populate_vmalloc_pte() callback on a page range. Link: https://lkml.kernel.org/r/573a823565734e1eac3aa128fb9d3506ec918a72.17459408… Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Suggested-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 65 +++++++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 16 deletions(-) --- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context +++ a/mm/kasan/shadow.c @@ -292,30 +292,65 @@ void __init __weak kasan_populate_early_ { } +struct vmalloc_populate_data { + unsigned long start; + struct page **pages; +}; + static int kasan_populate_vmalloc_pte(pte_t *ptep, unsigned long addr, - void *unused) + void *_data) { - unsigned long page; + struct vmalloc_populate_data *data = _data; + struct page *page; + unsigned long pfn; pte_t pte; if (likely(!pte_none(ptep_get(ptep)))) return 0; - page = __get_free_page(GFP_KERNEL); - if (!page) - return -ENOMEM; - - __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); - pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); + page = data->pages[PFN_DOWN(addr - data->start)]; + pfn = page_to_pfn(page); + __memset(pfn_to_virt(pfn), KASAN_VMALLOC_INVALID, PAGE_SIZE); + pte = pfn_pte(pfn, PAGE_KERNEL); spin_lock(&init_mm.page_table_lock); - if (likely(pte_none(ptep_get(ptep)))) { + if (likely(pte_none(ptep_get(ptep)))) set_pte_at(&init_mm, addr, ptep, pte); - page = 0; - } spin_unlock(&init_mm.page_table_lock); - if (page) - free_page(page); + + return 0; +} + +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +{ + unsigned long nr_pages, nr_total = PFN_UP(end - start); + struct vmalloc_populate_data data; + int ret; + + data.pages = (struct page **)__get_free_page(GFP_KERNEL); + if (!data.pages) + return -ENOMEM; + + while (nr_total) { + nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); + __memset(data.pages, 0, nr_pages * sizeof(data.pages[0])); + if (nr_pages != alloc_pages_bulk(GFP_KERNEL, nr_pages, data.pages)) { + free_page((unsigned long)data.pages); + return -ENOMEM; + } + + data.start = start; + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, + kasan_populate_vmalloc_pte, &data); + if (ret) + return ret; + + start += nr_pages * PAGE_SIZE; + nr_total -= nr_pages; + } + + free_page((unsigned long)data.pages); + return 0; } @@ -348,9 +383,7 @@ int kasan_populate_vmalloc(unsigned long shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = apply_to_page_range(&init_mm, shadow_start, - shadow_end - shadow_start, - kasan_populate_vmalloc_pte, NULL); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end); if (ret) return ret; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

6 months, 3 weeks

1
0
0 0

[PATCH AUTOSEL 5.4 1/3] scsi: target: iscsi: Fix timeout on deleted connection

by Sasha Levin

From: Dmitry Bogdanov <d.bogdanov(a)yadro.com> [ Upstream commit 7f533cc5ee4c4436cee51dc58e81dfd9c3384418 ] NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started. Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Link: https://lore.kernel.org/r/20241224101757.32300-1-d.bogdanov@yadro.com Reviewed-by: Maurizio Lombardi <mlombard(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/target/iscsi/iscsi_target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index ab2f0ceb1e23b..b610c99c9c2dc 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -4168,8 +4168,8 @@ int iscsit_close_connection( spin_unlock(&iscsit_global->ts_bitmap_lock); iscsit_stop_timers_for_cmds(conn); - iscsit_stop_nopin_response_timer(conn); iscsit_stop_nopin_timer(conn); + iscsit_stop_nopin_response_timer(conn); if (conn->conn_transport->iscsit_wait_conn) conn->conn_transport->iscsit_wait_conn(conn); -- 2.39.5

6 months, 3 weeks

1
2
0 0

[PATCH AUTOSEL 5.10 1/3] scsi: target: iscsi: Fix timeout on deleted connection

by Sasha Levin

From: Dmitry Bogdanov <d.bogdanov(a)yadro.com> [ Upstream commit 7f533cc5ee4c4436cee51dc58e81dfd9c3384418 ] NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started. Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Link: https://lore.kernel.org/r/20241224101757.32300-1-d.bogdanov@yadro.com Reviewed-by: Maurizio Lombardi <mlombard(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/target/iscsi/iscsi_target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index 075e2a6fb474f..48fe53323f84c 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -4168,8 +4168,8 @@ int iscsit_close_connection( spin_unlock(&iscsit_global->ts_bitmap_lock); iscsit_stop_timers_for_cmds(conn); - iscsit_stop_nopin_response_timer(conn); iscsit_stop_nopin_timer(conn); + iscsit_stop_nopin_response_timer(conn); if (conn->conn_transport->iscsit_wait_conn) conn->conn_transport->iscsit_wait_conn(conn); -- 2.39.5

6 months, 3 weeks

1
2
0 0

[PATCH AUTOSEL 5.15 1/7] scsi: target: iscsi: Fix timeout on deleted connection

by Sasha Levin

From: Dmitry Bogdanov <d.bogdanov(a)yadro.com> [ Upstream commit 7f533cc5ee4c4436cee51dc58e81dfd9c3384418 ] NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started. Signed-off-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> Link: https://lore.kernel.org/r/20241224101757.32300-1-d.bogdanov@yadro.com Reviewed-by: Maurizio Lombardi <mlombard(a)redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/target/iscsi/iscsi_target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index 686a9e5918e21..b072718701329 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -4170,8 +4170,8 @@ int iscsit_close_connection( spin_unlock(&iscsit_global->ts_bitmap_lock); iscsit_stop_timers_for_cmds(conn); - iscsit_stop_nopin_response_timer(conn); iscsit_stop_nopin_timer(conn); + iscsit_stop_nopin_response_timer(conn); if (conn->conn_transport->iscsit_wait_conn) conn->conn_transport->iscsit_wait_conn(conn); -- 2.39.5

6 months, 3 weeks

1
6
0 0

+ kasan-avoid-sleepable-page-allocation-from-atomic-context.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: avoid sleepable page allocation from atomic context has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-avoid-sleepable-page-allocation-from-atomic-context.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: kasan: avoid sleepable page allocation from atomic context Date: Tue, 29 Apr 2025 18:08:41 +0200 apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 with the call sequences arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable(), such a crash occurs: [ 553.332108] preempt_count: 1, expected: 0 [ 553.332117] no locks held by multipathd/2116. [ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted: [ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR) [ 553.332146] Call Trace: [ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150 [ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8 [ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0 [ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88 [ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110 [ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8 [ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318 [ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768 [ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38 [ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98 [ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90 [ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260 [ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360 [ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378 [ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430 [ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80 [ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0 [ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8 [ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118 [ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328 [ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0 [ 553.332428] [<0000000015913260>] system_call+0x70/0x98 Instead of allocating single pages per-PTE, bulk-allocate the shadow memory prior to applying kasan_populate_vmalloc_pte() callback on a page range. Link: https://lkml.kernel.org/r/573a823565734e1eac3aa128fb9d3506ec918a72.17459408… Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Suggested-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 65 +++++++++++++++++++++++++++++++++----------- 1 file changed, 49 insertions(+), 16 deletions(-) --- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context +++ a/mm/kasan/shadow.c @@ -292,30 +292,65 @@ void __init __weak kasan_populate_early_ { } +struct vmalloc_populate_data { + unsigned long start; + struct page **pages; +}; + static int kasan_populate_vmalloc_pte(pte_t *ptep, unsigned long addr, - void *unused) + void *_data) { - unsigned long page; + struct vmalloc_populate_data *data = _data; + struct page *page; + unsigned long pfn; pte_t pte; if (likely(!pte_none(ptep_get(ptep)))) return 0; - page = __get_free_page(GFP_KERNEL); - if (!page) - return -ENOMEM; - - __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); - pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); + page = data->pages[PFN_DOWN(addr - data->start)]; + pfn = page_to_pfn(page); + __memset(pfn_to_virt(pfn), KASAN_VMALLOC_INVALID, PAGE_SIZE); + pte = pfn_pte(pfn, PAGE_KERNEL); spin_lock(&init_mm.page_table_lock); - if (likely(pte_none(ptep_get(ptep)))) { + if (likely(pte_none(ptep_get(ptep)))) set_pte_at(&init_mm, addr, ptep, pte); - page = 0; - } spin_unlock(&init_mm.page_table_lock); - if (page) - free_page(page); + + return 0; +} + +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +{ + unsigned long nr_pages, nr_total = PFN_UP(end - start); + struct vmalloc_populate_data data; + int ret; + + data.pages = (struct page **)__get_free_page(GFP_KERNEL); + if (!data.pages) + return -ENOMEM; + + while (nr_total) { + nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); + __memset(data.pages, 0, nr_pages * sizeof(data.pages[0])); + if (nr_pages != alloc_pages_bulk(GFP_KERNEL, nr_pages, data.pages)) { + free_page((unsigned long)data.pages); + return -ENOMEM; + } + + data.start = start; + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, + kasan_populate_vmalloc_pte, &data); + if (ret) + return ret; + + start += nr_pages * PAGE_SIZE; + nr_total -= nr_pages; + } + + free_page((unsigned long)data.pages); + return 0; } @@ -348,9 +383,7 @@ int kasan_populate_vmalloc(unsigned long shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = apply_to_page_range(&init_mm, shadow_start, - shadow_end - shadow_start, - kasan_populate_vmalloc_pte, NULL); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end); if (ret) return ret; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are kasan-avoid-sleepable-page-allocation-from-atomic-context.patch

6 months, 3 weeks

1
0
0 0

[PATCH v2] nvmem: zynqmp_nvmem: unbreak driver after cleanup

by Peter Korsgaard

Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter comes from nvmem_config.priv which is never set - Leading to null pointer exceptions when the device is accessed. Fixes: 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Korsgaard <peter(a)korsgaard.com> --- Changes since v1: - Cc stable drivers/nvmem/zynqmp_nvmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvmem/zynqmp_nvmem.c b/drivers/nvmem/zynqmp_nvmem.c index 8682adaacd692..7da717d6c7faf 100644 --- a/drivers/nvmem/zynqmp_nvmem.c +++ b/drivers/nvmem/zynqmp_nvmem.c @@ -213,6 +213,7 @@ static int zynqmp_nvmem_probe(struct platform_device *pdev) econfig.word_size = 1; econfig.size = ZYNQMP_NVMEM_SIZE; econfig.dev = dev; + econfig.priv = dev; econfig.add_legacy_fixed_of_cells = true; econfig.reg_read = zynqmp_nvmem_read; econfig.reg_write = zynqmp_nvmem_write; -- 2.39.5

6 months, 3 weeks

3
2
0 0

[PATCH v3] net: mdio: mux-meson-gxl: set reversed bit when using internal phy

by Da Xue

This bit is necessary to receive packets from the internal PHY. Without this bit set, no activity occurs on the interface. Normally u-boot sets this bit, but if u-boot is compiled without net support, the interface will be up but without any activity. The vendor SDK sets this bit along with the PHY_ID bits. Fixes: 9a24e1ff4326 ("net: mdio: add amlogic gxl mdio mux support"); Signed-off-by: Da Xue <da(a)libre.computer> --- Changes since v2: * Rename REG2_RESERVED_28 to REG2_REVERSED Link to v2: https://patchwork.kernel.org/project/linux-amlogic/patch/20250331074420.344… --- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/mdio/mdio-mux-meson-gxl.c b/drivers/net/mdio/mdio-mux-meson-gxl.c index 00c66240136b..3dd12a8c8b03 100644 --- a/drivers/net/mdio/mdio-mux-meson-gxl.c +++ b/drivers/net/mdio/mdio-mux-meson-gxl.c @@ -17,6 +17,7 @@ #define REG2_LEDACT GENMASK(23, 22) #define REG2_LEDLINK GENMASK(25, 24) #define REG2_DIV4SEL BIT(27) +#define REG2_REVERSED BIT(28) #define REG2_ADCBYPASS BIT(30) #define REG2_CLKINSEL BIT(31) #define ETH_REG3 0x4 @@ -65,7 +66,7 @@ static void gxl_enable_internal_mdio(struct gxl_mdio_mux *priv) * The only constraint is that it must match the one in * drivers/net/phy/meson-gxl.c to properly match the PHY. */ - writel(FIELD_PREP(REG2_PHYID, EPHY_GXL_ID), + writel(REG2_REVERSED | FIELD_PREP(REG2_PHYID, EPHY_GXL_ID), priv->regs + ETH_REG2); /* Enable the internal phy */ -- 2.39.5

6 months, 3 weeks

6
5
0 0

Feedback on New Kafka Project

by Xiaorui Wang

Greetings, I saw you were interested in many open source project, so I wanted to share a relevant open source project I'm working on. AutoMQ is a Kafka solution developed on object storage. This offers several distinct advantages: - 10x more cost-effective than Apache Kafka. - Partition reassignment 800x faster than Kafka. - 5x higher throughput in catch-up read. I'm pleased to announce that AutoMQ has successfully simplified the operation and maintenance of Apache Kafka for Grab.com, which has greatly lowered their cloud expenditures. Is this something that could be beneficial? I'd love to hear any feedback you might have! (If it's not relevant, no problem – I won't bother you again!) Sincerely, Xiaorui github.com/automq/automq

6 months, 3 weeks

1
0
0 0

[PATCH net v3 0/2] address EEE regressions on KSZ switches since v6.9 (v6.14+)

by Oleksij Rempel

This patch series addresses a regression in Energy Efficient Ethernet (EEE) handling for KSZ switches with integrated PHYs, introduced in kernel v6.9 by commit fe0d4fd9285e ("net: phy: Keep track of EEE configuration"). The first patch updates the DSA driver to allow phylink to properly manage PHY EEE configuration. Since integrated PHYs handle LPI internally and ports without integrated PHYs do not document MAC-level LPI support, dummy MAC LPI callbacks are provided. The second patch removes outdated EEE workarounds from the micrel PHY driver, as they are no longer needed with correct phylink handling. This series addresses the regression for mainline and kernels starting from v6.14. It is not easily possible to fully fix older kernels due to missing infrastructure changes. Tested on KSZ9893 hardware. Oleksij Rempel (2): net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink drivers/net/dsa/microchip/ksz_common.c | 134 +++++++++++++++++++------ drivers/net/phy/micrel.c | 7 -- include/linux/micrel_phy.h | 1 - 3 files changed, 106 insertions(+), 36 deletions(-) -- 2.39.5

6 months, 3 weeks

2
3
0 0

possible deadlock in perf_ctx_lock in linux6.12.25(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " possible deadlock in perf_ctx_lock " with modified syzkaller in the Linux6.12.25(longterm maintenance, last updated on April 25, 2025) If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : ef4999852d307d38cfdecd91ed6892cc03beb9b8 kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 Unfortunately, I am unable to reproduce this bug. ------------[ cut here ]----------------------------------------- TITLE: possible deadlock in perf_ctx_lock ------------[ cut here ]------------ ------------[ cut here ]------------ ====================================================== WARNING: possible circular locking dependency detected 6.12.25 #3 Not tainted ------------------------------------------------------ syz.9.499/15835 is trying to acquire lock: ffffffff8dec35a0 (console_owner){-.-.}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:2029 [inline] ffffffff8dec35a0 (console_owner){-.-.}-{0:0}, at: vprintk_emit kernel/printk/printk.c:2406 [inline] ffffffff8dec35a0 (console_owner){-.-.}-{0:0}, at: vprintk_emit+0x377/0x6d0 kernel/printk/printk.c:2353 but task is already holding lock: ffff88804ed2b818 (&ctx->lock){-...}-{2:2}, at: __perf_ctx_lock kernel/events/core.c:174 [inline] ffff88804ed2b818 (&ctx->lock){-...}-{2:2}, at: perf_ctx_lock+0x6a/0xe0 kernel/events/core.c:183 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 (&ctx->lock){-...}-{2:2}: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 perf_event_context_sched_out kernel/events/core.c:3668 [inline] __perf_event_task_sched_out+0x4b3/0x18a0 kernel/events/core.c:3772 perf_event_task_sched_out include/linux/perf_event.h:1547 [inline] prepare_task_switch kernel/sched/core.c:5136 [inline] context_switch kernel/sched/core.c:5279 [inline] __schedule+0x2250/0x5b20 kernel/sched/core.c:6710 __schedule_loop kernel/sched/core.c:6787 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6802 futex_wait_queue+0x101/0x1f0 kernel/futex/waitwake.c:370 __futex_wait+0x23d/0x3c0 kernel/futex/waitwake.c:669 futex_wait+0xdc/0x370 kernel/futex/waitwake.c:697 do_futex+0x250/0x360 kernel/futex/syscalls.c:102 __do_sys_futex kernel/futex/syscalls.c:179 [inline] __se_sys_futex kernel/futex/syscalls.c:160 [inline] __x64_sys_futex+0x1c6/0x4c0 kernel/futex/syscalls.c:160 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #4 (&rq->__lock){-.-.}-{2:2}: _raw_spin_lock_nested+0x34/0x40 kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0x2f/0x120 kernel/sched/core.c:598 raw_spin_rq_lock kernel/sched/sched.h:1515 [inline] task_rq_lock+0xd3/0x390 kernel/sched/core.c:700 cgroup_move_task+0x70/0x220 kernel/sched/psi.c:1161 css_set_move_task+0x280/0x570 kernel/cgroup/cgroup.c:898 cgroup_post_fork+0x20c/0x9d0 kernel/cgroup/cgroup.c:6705 copy_process+0x4bf6/0x8960 kernel/fork.c:2623 kernel_clone+0xeb/0x8f0 kernel/fork.c:2809 user_mode_thread+0xc9/0x110 kernel/fork.c:2887 rest_init+0x23/0x2b0 init/main.c:712 start_kernel+0x3dd/0x4c0 init/main.c:1105 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 -> #3 (&p->pi_lock){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xb1/0x14b0 kernel/sched/core.c:4168 autoremove_wake_function+0x16/0x150 kernel/sched/wait.c:384 __wake_up_common+0x135/0x1f0 kernel/sched/wait.c:89 __wake_up_common_lock kernel/sched/wait.c:106 [inline] __wake_up+0x31/0x60 kernel/sched/wait.c:127 tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69 serial8250_tx_chars+0x6a8/0x8a0 drivers/tty/serial/8250/8250_port.c:1821 serial8250_handle_irq+0x6a2/0xbb0 drivers/tty/serial/8250/8250_port.c:1929 serial8250_default_handle_irq+0x9a/0x210 drivers/tty/serial/8250/8250_port.c:1949 serial8250_interrupt+0x103/0x210 drivers/tty/serial/8250/8250_core.c:86 __handle_irq_event_percpu+0x22a/0x7b0 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x265/0xd10 kernel/irq/chip.c:831 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq arch/x86/kernel/irq.c:249 [inline] call_irq_handler arch/x86/kernel/irq.c:261 [inline] __common_interrupt+0xe0/0x250 arch/x86/kernel/irq.c:287 common_interrupt+0xf2/0x110 arch/x86/kernel/irq.c:280 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] pv_native_safe_halt+0x1e/0x30 arch/x86/kernel/paravirt.c:105 arch_safe_halt arch/x86/include/asm/paravirt.h:112 [inline] default_idle+0x1d/0x30 arch/x86/kernel/process.c:747 default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:185 [inline] do_idle+0x318/0x3c0 kernel/sched/idle.c:326 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:424 rest_init+0x16b/0x2b0 init/main.c:747 start_kernel+0x3dd/0x4c0 init/main.c:1105 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 -> #2 (&tty->write_wait){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:105 [inline] __wake_up+0x1c/0x60 kernel/sched/wait.c:127 tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69 serial8250_tx_chars+0x6a8/0x8a0 drivers/tty/serial/8250/8250_port.c:1821 serial8250_handle_irq+0x6a2/0xbb0 drivers/tty/serial/8250/8250_port.c:1929 serial8250_default_handle_irq+0x9a/0x210 drivers/tty/serial/8250/8250_port.c:1949 serial8250_interrupt+0x103/0x210 drivers/tty/serial/8250/8250_core.c:86 __handle_irq_event_percpu+0x22a/0x7b0 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x265/0xd10 kernel/irq/chip.c:831 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq arch/x86/kernel/irq.c:249 [inline] call_irq_handler arch/x86/kernel/irq.c:261 [inline] __common_interrupt+0xe0/0x250 arch/x86/kernel/irq.c:287 common_interrupt+0xf2/0x110 arch/x86/kernel/irq.c:280 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] pv_native_safe_halt+0x1e/0x30 arch/x86/kernel/paravirt.c:105 arch_safe_halt arch/x86/include/asm/paravirt.h:112 [inline] default_idle+0x1d/0x30 arch/x86/kernel/process.c:747 default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:185 [inline] do_idle+0x318/0x3c0 kernel/sched/idle.c:326 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:424 rest_init+0x16b/0x2b0 init/main.c:747 start_kernel+0x3dd/0x4c0 init/main.c:1105 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 -> #1 (&port_lock_key){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:711 [inline] serial8250_console_write+0xb3e/0x19b0 drivers/tty/serial/8250/8250_port.c:3381 console_emit_next_record kernel/printk/printk.c:3090 [inline] console_flush_all+0x767/0xc30 kernel/printk/printk.c:3178 __console_flush_and_unlock kernel/printk/printk.c:3237 [inline] console_unlock+0xc3/0x1f0 kernel/printk/printk.c:3277 vprintk_emit kernel/printk/printk.c:2407 [inline] vprintk_emit+0x4fb/0x6d0 kernel/printk/printk.c:2353 vprintk+0x93/0xb0 kernel/printk/printk_safe.c:73 _printk+0xbf/0x100 kernel/printk/printk.c:2432 register_console+0xc11/0x11b0 kernel/printk/printk.c:4067 univ8250_console_init+0x62/0x90 drivers/tty/serial/8250/8250_core.c:513 console_init+0xcc/0x680 kernel/printk/printk.c:4260 start_kernel+0x293/0x4c0 init/main.c:1040 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 -> #0 (console_owner){-.-.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 console_trylock_spinning kernel/printk/printk.c:2029 [inline] vprintk_emit kernel/printk/printk.c:2406 [inline] vprintk_emit+0x38c/0x6d0 kernel/printk/printk.c:2353 vprintk+0x93/0xb0 kernel/printk/printk_safe.c:73 _printk+0xbf/0x100 kernel/printk/printk.c:2432 __report_bug lib/bug.c:195 [inline] report_bug+0x27c/0x500 lib/bug.c:219 handle_bug+0xe5/0x180 arch/x86/kernel/traps.c:285 exc_invalid_op+0x35/0x80 arch/x86/kernel/traps.c:309 asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621 perf_trace_add+0x2da/0x390 kernel/trace/trace_event_perf.c:375 event_sched_in+0x434/0xac0 kernel/events/core.c:2629 group_sched_in kernel/events/core.c:2662 [inline] merge_sched_in+0x895/0x1570 kernel/events/core.c:3940 visit_groups_merge.constprop.0.isra.0+0x6d2/0x1250 kernel/events/core.c:3885 pmu_groups_sched_in kernel/events/core.c:3967 [inline] __pmu_ctx_sched_in kernel/events/core.c:3979 [inline] ctx_sched_in+0x5c1/0xa30 kernel/events/core.c:4030 perf_event_sched_in+0x5d/0x90 kernel/events/core.c:2760 perf_event_context_sched_in kernel/events/core.c:4077 [inline] __perf_event_task_sched_in+0x33a/0x6f0 kernel/events/core.c:4106 perf_event_task_sched_in include/linux/perf_event.h:1524 [inline] finish_task_switch.isra.0+0x5f9/0xcb0 kernel/sched/core.c:5201 context_switch kernel/sched/core.c:5335 [inline] __schedule+0x1156/0x5b20 kernel/sched/core.c:6710 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7032 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __sanitizer_cov_trace_pc+0x0/0x80 kernel/kcov.c:127 rcu_read_unlock include/linux/rcupdate.h:878 [inline] count_memcg_events_mm.constprop.0+0x12a/0x330 include/linux/memcontrol.h:1046 count_memcg_event_mm include/linux/memcontrol.h:1052 [inline] mm_account_fault mm/memory.c:5947 [inline] handle_mm_fault+0x5af/0xab0 mm/memory.c:6107 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 other info that might help us debug this: Chain exists of: console_owner --> &rq->__lock --> &ctx->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ctx->lock); lock(&rq->__lock); lock(&ctx->lock); lock(console_owner); *** DEADLOCK *** 5 locks held by syz.9.499/15835: #0: ffff88804a983b68 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ffff88804a983b68 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x141/0x9a0 mm/memory.c:6247 #1: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: count_memcg_events_mm.constprop.0+0x3a/0x330 include/linux/memcontrol.h:1042 #2: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #2: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #2: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: perf_event_context_sched_in kernel/events/core.c:4039 [inline] #2: ffffffff8dfb62a0 (rcu_read_lock){....}-{1:2}, at: __perf_event_task_sched_in+0xd3/0x6f0 kernel/events/core.c:4106 #3: ffff88802b837af8 (&cpuctx_lock){-.-.}-{2:2}, at: __perf_ctx_lock kernel/events/core.c:174 [inline] #3: ffff88802b837af8 (&cpuctx_lock){-.-.}-{2:2}, at: perf_ctx_lock+0x15/0xe0 kernel/events/core.c:181 #4: ffff88804ed2b818 (&ctx->lock){-...}-{2:2}, at: __perf_ctx_lock kernel/events/core.c:174 [inline] #4: ffff88804ed2b818 (&ctx->lock){-...}-{2:2}, at: perf_ctx_lock+0x6a/0xe0 kernel/events/core.c:183 stack backtrace: CPU: 0 UID: 0 PID: 15835 Comm: syz.9.499 Not tainted 6.12.25 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074 check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 console_trylock_spinning kernel/printk/printk.c:2029 [inline] vprintk_emit kernel/printk/printk.c:2406 [inline] vprintk_emit+0x38c/0x6d0 kernel/printk/printk.c:2353 vprintk+0x93/0xb0 kernel/printk/printk_safe.c:73 _printk+0xbf/0x100 kernel/printk/printk.c:2432 __report_bug lib/bug.c:195 [inline] report_bug+0x27c/0x500 lib/bug.c:219 handle_bug+0xe5/0x180 arch/x86/kernel/traps.c:285 exc_invalid_op+0x35/0x80 arch/x86/kernel/traps.c:309 asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621 RIP: 0010:perf_trace_add+0x2da/0x390 kernel/trace/trace_event_perf.c:375 Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 64 48 89 ab f8 01 00 00 48 89 df e8 b1 ab 26 00 e9 f3 fd ff ff e8 37 87 f6 ff 90 <0f> 0b 90 41 bc ea ff ff ff e9 77 ff ff ff e8 23 c5 56 00 e9 8a fd RSP: 0018:ffffc9000713f7f0 EFLAGS: 00010006 RAX: 0000000040000002 RBX: ffff88802a069880 RCX: ffffffff8195a68e RDX: ffff888045ec2500 RSI: ffffffff8195a839 RDI: ffffffff8deabf48 RBP: 0000000000000000 R08: 0000000000000001 R09: fffff52000e27eef R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff8deabee0 R14: ffff88802a069928 R15: ffff888051237200 event_sched_in+0x434/0xac0 kernel/events/core.c:2629 group_sched_in kernel/events/core.c:2662 [inline] merge_sched_in+0x895/0x1570 kernel/events/core.c:3940 visit_groups_merge.constprop.0.isra.0+0x6d2/0x1250 kernel/events/core.c:3885 pmu_groups_sched_in kernel/events/core.c:3967 [inline] __pmu_ctx_sched_in kernel/events/core.c:3979 [inline] ctx_sched_in+0x5c1/0xa30 kernel/events/core.c:4030 perf_event_sched_in+0x5d/0x90 kernel/events/core.c:2760 perf_event_context_sched_in kernel/events/core.c:4077 [inline] __perf_event_task_sched_in+0x33a/0x6f0 kernel/events/core.c:4106 perf_event_task_sched_in include/linux/perf_event.h:1524 [inline] finish_task_switch.isra.0+0x5f9/0xcb0 kernel/sched/core.c:5201 context_switch kernel/sched/core.c:5335 [inline] __schedule+0x1156/0x5b20 kernel/sched/core.c:6710 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7032 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x80 kernel/kcov.c:210 Code: 5d 41 5c 41 5d c3 cc cc cc cc 48 c7 c0 f4 ff ff ff eb 92 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 48 8b 15 04 ae 77 7e 65 8b 05 05 ae 77 7e a9 00 01 RSP: 0000:ffffc9000713fe20 EFLAGS: 00000212 RAX: 000000000000fe4d RBX: 0000000000000200 RCX: ffffc9002f801000 RDX: 0000000000080000 RSI: ffffffff81d2e884 RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff2d84fa6 R10: 0000000000000200 R11: 0000000000000000 R12: ffff888020dea000 R13: ffff88804a8558c8 R14: 0000000000000040 R15: ffff88804f13f200 rcu_read_unlock include/linux/rcupdate.h:878 [inline] count_memcg_events_mm.constprop.0+0x12a/0x330 include/linux/memcontrol.h:1046 count_memcg_event_mm include/linux/memcontrol.h:1052 [inline] mm_account_fault mm/memory.c:5947 [inline] handle_mm_fault+0x5af/0xab0 mm/memory.c:6107 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7fe4fdc4f757 Code: 70 48 63 d5 48 01 c2 49 3b 55 08 77 4e 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c6 77 1c 49 8b 7d 00 49 89 c1 49 29 f1 <46> 0f b6 0c 0f 45 84 c9 74 08 44 88 0c 07 49 8b 45 10 48 83 c0 01 RSP: 002b:00007fe4fec1b420 EFLAGS: 00010206 RAX: 0000000000067001 RBX: 00007fe4fec1b480 RCX: 0000000000000000 RDX: 000000000000004c RSI: 0000000000000001 RDI: 00007fe4f3600000 RBP: 0000000000000102 R08: 0000000000000001 R09: 0000000000067000 R10: 0000000000000000 R11: 00007fe4fec1b490 R12: 00007fe4fec1b490 R13: 00007fe4fec1b520 R14: 0000000000000001 R15: 0000000000000000 </TASK> WARNING: CPU: 0 PID: 15835 at kernel/trace/trace_event_perf.c:375 perf_trace_add+0x2da/0x390 kernel/trace/trace_event_perf.c:375 Modules linked in: CPU: 0 UID: 0 PID: 15835 Comm: syz.9.499 Not tainted 6.12.25 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:perf_trace_add+0x2da/0x390 kernel/trace/trace_event_perf.c:375 Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 64 48 89 ab f8 01 00 00 48 89 df e8 b1 ab 26 00 e9 f3 fd ff ff e8 37 87 f6 ff 90 <0f> 0b 90 41 bc ea ff ff ff e9 77 ff ff ff e8 23 c5 56 00 e9 8a fd RSP: 0018:ffffc9000713f7f0 EFLAGS: 00010006 RAX: 0000000040000002 RBX: ffff88802a069880 RCX: ffffffff8195a68e RDX: ffff888045ec2500 RSI: ffffffff8195a839 RDI: ffffffff8deabf48 RBP: 0000000000000000 R08: 0000000000000001 R09: fffff52000e27eef R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff8deabee0 R14: ffff88802a069928 R15: ffff888051237200 FS: 00007fe4fec1c640(0000) GS:ffff88802b800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f50219e7bac CR3: 00000000743bc000 CR4: 0000000000752ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 80000000 Call Trace: <TASK> event_sched_in+0x434/0xac0 kernel/events/core.c:2629 group_sched_in kernel/events/core.c:2662 [inline] merge_sched_in+0x895/0x1570 kernel/events/core.c:3940 visit_groups_merge.constprop.0.isra.0+0x6d2/0x1250 kernel/events/core.c:3885 pmu_groups_sched_in kernel/events/core.c:3967 [inline] __pmu_ctx_sched_in kernel/events/core.c:3979 [inline] ctx_sched_in+0x5c1/0xa30 kernel/events/core.c:4030 perf_event_sched_in+0x5d/0x90 kernel/events/core.c:2760 perf_event_context_sched_in kernel/events/core.c:4077 [inline] __perf_event_task_sched_in+0x33a/0x6f0 kernel/events/core.c:4106 perf_event_task_sched_in include/linux/perf_event.h:1524 [inline] finish_task_switch.isra.0+0x5f9/0xcb0 kernel/sched/core.c:5201 context_switch kernel/sched/core.c:5335 [inline] __schedule+0x1156/0x5b20 kernel/sched/core.c:6710 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7032 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x80 kernel/kcov.c:210 Code: 5d 41 5c 41 5d c3 cc cc cc cc 48 c7 c0 f4 ff ff ff eb 92 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 48 8b 15 04 ae 77 7e 65 8b 05 05 ae 77 7e a9 00 01 RSP: 0000:ffffc9000713fe20 EFLAGS: 00000212 RAX: 000000000000fe4d RBX: 0000000000000200 RCX: ffffc9002f801000 RDX: 0000000000080000 RSI: ffffffff81d2e884 RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff2d84fa6 R10: 0000000000000200 R11: 0000000000000000 R12: ffff888020dea000 R13: ffff88804a8558c8 R14: 0000000000000040 R15: ffff88804f13f200 rcu_read_unlock include/linux/rcupdate.h:878 [inline] count_memcg_events_mm.constprop.0+0x12a/0x330 include/linux/memcontrol.h:1046 count_memcg_event_mm include/linux/memcontrol.h:1052 [inline] mm_account_fault mm/memory.c:5947 [inline] handle_mm_fault+0x5af/0xab0 mm/memory.c:6107 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7fe4fdc4f757 Code: 70 48 63 d5 48 01 c2 49 3b 55 08 77 4e 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c6 77 1c 49 8b 7d 00 49 89 c1 49 29 f1 <46> 0f b6 0c 0f 45 84 c9 74 08 44 88 0c 07 49 8b 45 10 48 83 c0 01 RSP: 002b:00007fe4fec1b420 EFLAGS: 00010206 RAX: 0000000000067001 RBX: 00007fe4fec1b480 RCX: 0000000000000000 RDX: 000000000000004c RSI: 0000000000000001 RDI: 00007fe4f3600000 RBP: 0000000000000102 R08: 0000000000000001 R09: 0000000000067000 R10: 0000000000000000 R11: 00007fe4fec1b490 R12: 00007fe4fec1b490 R13: 00007fe4fec1b520 R14: 0000000000000001 R15: 0000000000000000 </TASK> ---------------- Code disassembly (best guess): 0: 5d pop %rbp 1: 41 5c pop %r12 3: 41 5d pop %r13 5: c3 ret 6: cc int3 7: cc int3 8: cc int3 9: cc int3 a: 48 c7 c0 f4 ff ff ff mov $0xfffffffffffffff4,%rax 11: eb 92 jmp 0xffffffa5 13: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: 90 nop 20: 90 nop 21: 90 nop 22: 90 nop 23: 90 nop 24: 90 nop 25: 90 nop 26: 90 nop 27: 90 nop 28: 90 nop 29: 90 nop * 2a: f3 0f 1e fa endbr64 <-- trapping instruction 2e: 65 48 8b 15 04 ae 77 mov %gs:0x7e77ae04(%rip),%rdx # 0x7e77ae3a 35: 7e 36: 65 8b 05 05 ae 77 7e mov %gs:0x7e77ae05(%rip),%eax # 0x7e77ae42 3d: a9 .byte 0xa9 3e: 00 01 add %al,(%rcx) =================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

2
2
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in decryption with multichannel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9502dd5c7029902f4a425bf959917a5a9e7c0e50 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042904-zap-drench-9729@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9502dd5c7029902f4a425bf959917a5a9e7c0e50 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Wed, 9 Apr 2025 11:14:21 -0300 Subject: [PATCH] smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the channels started reusing AEAD TFM from primary channel to perform synchronous decryption, but that can't done as there could be multiple cifsd threads (one per channel) simultaneously accessing it to perform decryption. This fixes the following KASAN splat when running fstest generic/249 with 'vers=3.1.1,multichannel,max_channels=4,seal' against Windows Server 2022: BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110 Read of size 8 at addr ffff8881046c18a0 by task cifsd/986 CPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 print_report+0x156/0x528 ? gf128mul_4k_lle+0xba/0x110 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? gf128mul_4k_lle+0xba/0x110 kasan_report+0xdf/0x1a0 ? gf128mul_4k_lle+0xba/0x110 gf128mul_4k_lle+0xba/0x110 ghash_update+0x189/0x210 shash_ahash_update+0x295/0x370 ? __pfx_shash_ahash_update+0x10/0x10 ? __pfx_shash_ahash_update+0x10/0x10 ? __pfx_extract_iter_to_sg+0x10/0x10 ? ___kmalloc_large_node+0x10e/0x180 ? __asan_memset+0x23/0x50 crypto_ahash_update+0x3c/0xc0 gcm_hash_assoc_remain_continue+0x93/0xc0 crypt_message+0xe09/0xec0 [cifs] ? __pfx_crypt_message+0x10/0x10 [cifs] ? _raw_spin_unlock+0x23/0x40 ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs] decrypt_raw_data+0x229/0x380 [cifs] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs] smb3_receive_transform+0x837/0xc80 [cifs] ? __pfx_smb3_receive_transform+0x10/0x10 [cifs] ? __pfx___might_resched+0x10/0x10 ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs] cifs_demultiplex_thread+0x692/0x1570 [cifs] ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] ? rcu_is_watching+0x20/0x50 ? rcu_lockdep_current_cpu_online+0x62/0xb0 ? find_held_lock+0x32/0x90 ? kvm_sched_clock_read+0x11/0x20 ? local_clock_noinstr+0xd/0xd0 ? trace_irq_enable.constprop.0+0xa8/0xe0 ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] kthread+0x1fe/0x380 ? kthread+0x10f/0x380 ? __pfx_kthread+0x10/0x10 ? local_clock_noinstr+0xd/0xd0 ? ret_from_fork+0x1b/0x60 ? local_clock+0x15/0x30 ? lock_release+0x29b/0x390 ? rcu_is_watching+0x20/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Tested-by: David Howells <dhowells(a)redhat.com> Reported-by: Steve French <stfrench(a)microsoft.com> Closes: https://lore.kernel.org/r/CAH2r5mu6Yc0-RJXM3kFyBYUB09XmXBrNodOiCVR4EDrmxq5S… Fixes: f7025d861694 ("smb: client: allocate crypto only for primary server") Fixes: b0abcd65ec54 ("smb: client: fix UAF in async decryption") Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifsencrypt.c b/fs/smb/client/cifsencrypt.c index e69968e88fe7..35892df7335c 100644 --- a/fs/smb/client/cifsencrypt.c +++ b/fs/smb/client/cifsencrypt.c @@ -704,18 +704,12 @@ cifs_crypto_secmech_release(struct TCP_Server_Info *server) cifs_free_hash(&server->secmech.md5); cifs_free_hash(&server->secmech.sha512); - if (!SERVER_IS_CHAN(server)) { - if (server->secmech.enc) { - crypto_free_aead(server->secmech.enc); - server->secmech.enc = NULL; - } - - if (server->secmech.dec) { - crypto_free_aead(server->secmech.dec); - server->secmech.dec = NULL; - } - } else { + if (server->secmech.enc) { + crypto_free_aead(server->secmech.enc); server->secmech.enc = NULL; + } + if (server->secmech.dec) { + crypto_free_aead(server->secmech.dec); server->secmech.dec = NULL; } } diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index 41d8cd20b25f..3f7fe74688a9 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4555,9 +4555,9 @@ decrypt_raw_data(struct TCP_Server_Info *server, char *buf, return rc; } } else { - if (unlikely(!server->secmech.dec)) - return -EIO; - + rc = smb3_crypto_aead_allocate(server); + if (unlikely(rc)) + return rc; tfm = server->secmech.dec; } diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 81e05db8e4d5..c4d52bebd37d 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -1252,15 +1252,8 @@ SMB2_negotiate(const unsigned int xid, cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); } - if (server->cipher_type && !rc) { - if (!SERVER_IS_CHAN(server)) { - rc = smb3_crypto_aead_allocate(server); - } else { - /* For channels, just reuse the primary server crypto secmech. */ - server->secmech.enc = server->primary_server->secmech.enc; - server->secmech.dec = server->primary_server->secmech.dec; - } - } + if (server->cipher_type && !rc) + rc = smb3_crypto_aead_allocate(server); neg_exit: free_rsp_buf(resp_buftype, rsp); return rc;

6 months, 3 weeks

1
0
0 0

[PATCH v3 1/3] firmware: arm_scmi: Ensure that the message-id supports fastchannel

by Cristian Marussi

From: Sibi Sankar <quic_sibis(a)quicinc.com> Currently the perf and powercap protocol relies on the protocol domain attributes, which just ensures that one fastchannel per domain, before instantiating fastchannels for all possible message-ids. Fix this by ensuring that each message-id supports fastchannel before initialization. Logs: scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:0] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:1] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:2] - ret:-95. Using regular messaging. CC: stable(a)vger.kernel.org Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoQjAWse2YxwyRJv@hovoldconsulting.com/ Fixes: 6f9ea4dabd2d ("firmware: arm_scmi: Generalize the fast channel support") Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com> [Cristian: Modified the condition checked to establish support or not] Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- RFC -> V1 - picked up a few tags Since PROTOCOL_MESSAGE_ATTRIBUTES, used to check if message_id is supported, is a mandatory command, it cannot fail so we must bail-out NOT only if FC was not supported for that command but also if the query fails as a whole; so the condition checked for bailing out is modified to: if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { --- drivers/firmware/arm_scmi/driver.c | 76 +++++++++++++++------------ drivers/firmware/arm_scmi/protocols.h | 2 + 2 files changed, 45 insertions(+), 33 deletions(-) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 1cf18cc8e63f..0e281fca0a38 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1738,6 +1738,39 @@ static int scmi_common_get_max_msg_size(const struct scmi_protocol_handle *ph) return info->desc->max_msg_size; } +/** + * scmi_protocol_msg_check - Check protocol message attributes + * + * @ph: A reference to the protocol handle. + * @message_id: The ID of the message to check. + * @attributes: A parameter to optionally return the retrieved message + * attributes, in case of Success. + * + * An helper to check protocol message attributes for a specific protocol + * and message pair. + * + * Return: 0 on SUCCESS + */ +static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, + u32 message_id, u32 *attributes) +{ + int ret; + struct scmi_xfer *t; + + ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, + sizeof(__le32), 0, &t); + if (ret) + return ret; + + put_unaligned_le32(message_id, t->tx.buf); + ret = do_xfer(ph, t); + if (!ret && attributes) + *attributes = get_unaligned_le32(t->rx.buf); + xfer_put(ph, t); + + return ret; +} + /** * struct scmi_iterator - Iterator descriptor * @msg: A reference to the message TX buffer; filled by @prepare_message with @@ -1879,6 +1912,7 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, int ret; u32 flags; u64 phys_addr; + u32 attributes; u8 size; void __iomem *addr; struct scmi_xfer *t; @@ -1887,6 +1921,15 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, struct scmi_msg_resp_desc_fc *resp; const struct scmi_protocol_instance *pi = ph_to_pi(ph); + /* Check if the MSG_ID supports fastchannel */ + ret = scmi_protocol_msg_check(ph, message_id, &attributes); + if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { + dev_dbg(ph->dev, + "Skip FC init for 0x%02X/%d domain:%d - ret:%d\n", + pi->proto->id, message_id, domain, ret); + return; + } + if (!p_addr) { ret = -EINVAL; goto err_out; @@ -2004,39 +2047,6 @@ static void scmi_common_fastchannel_db_ring(struct scmi_fc_db_info *db) SCMI_PROTO_FC_RING_DB(64); } -/** - * scmi_protocol_msg_check - Check protocol message attributes - * - * @ph: A reference to the protocol handle. - * @message_id: The ID of the message to check. - * @attributes: A parameter to optionally return the retrieved message - * attributes, in case of Success. - * - * An helper to check protocol message attributes for a specific protocol - * and message pair. - * - * Return: 0 on SUCCESS - */ -static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, - u32 message_id, u32 *attributes) -{ - int ret; - struct scmi_xfer *t; - - ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, - sizeof(__le32), 0, &t); - if (ret) - return ret; - - put_unaligned_le32(message_id, t->tx.buf); - ret = do_xfer(ph, t); - if (!ret && attributes) - *attributes = get_unaligned_le32(t->rx.buf); - xfer_put(ph, t); - - return ret; -} - static const struct scmi_proto_helpers_ops helpers_ops = { .extended_name_get = scmi_common_extended_name_get, .get_max_msg_size = scmi_common_get_max_msg_size, diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h index aaee57cdcd55..d62c4469d1fd 100644 --- a/drivers/firmware/arm_scmi/protocols.h +++ b/drivers/firmware/arm_scmi/protocols.h @@ -31,6 +31,8 @@ #define SCMI_PROTOCOL_VENDOR_BASE 0x80 +#define MSG_SUPPORTS_FASTCHANNEL(x) ((x) & BIT(0)) + enum scmi_common_cmd { PROTOCOL_VERSION = 0x0, PROTOCOL_ATTRIBUTES = 0x1, -- 2.47.0

6 months, 3 weeks

1
0
0 0

AV Expo - InfoComm 2025

by Vanessa Coleman

Hi, Will you be interested in purchasing Attendees List of InfoComm 2025 | The Coolest Pro AV Event. Attendees: 1. AV Integrator / Systems Integrators / IT Integrator 2. Rental / Staging or Live Events Producer / Events Pros 3. Video/Film Production / Technology Managers 4. Consultants / Info COMM Veterans 5. Independent, Reseller / Independent Technical Services 6. Artist/Content / Media Creator/Performer 7. Audio Engineer / Sound Designer 8. Costume/Make-Up/Prop/Scenery/Set Designer Director/Producer 9. Consultant, Content, Creator, Creative Agency, Experience Design Firm 10. Educator / Professor / Trainer 11. Electrician / Engineer / Rigger / Stagehand / Technician 12. Manufacturer / Distributor / Dealer's 13. Promotion/Consulting 14. Others from Audio and Visual Industry This list may be split by Category and Geography. What you obtain: Person details, title, company details, website, physical address, direct line, fax number, SIC, industry type, size, emails, and verification results. Can I send you the pricing breakdown and an example list? Regards, Vanessa Coleman, Event Coordinator Don't want emails from us anymore? Reply to this email with the word "Take out."

6 months, 3 weeks

1
2
0 0

[PATCH] drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS

by Janne Grunau via B4 Relay

From: Janne Grunau <j(a)jannau.net> Using "depends on" and "select" for the same Kconfig symbol is known to cause circular dependencies (cmp. "Kconfig recursive dependency limitations" in Documentation/kbuild/kconfig-language.rst. DRM drivers are selecting drm helpers so do the same for DRM_DEBUG_DP_MST_TOPOLOGY_REFS. Fixes following circular dependency reported on x86 for the downstream Asahi Linux tree: error: recursive dependency detected! symbol DRM_KMS_HELPER is selected by DRM_GEM_SHMEM_HELPER symbol DRM_GEM_SHMEM_HELPER is selected by RUST_DRM_GEM_SHMEM_HELPER symbol RUST_DRM_GEM_SHMEM_HELPER is selected by DRM_ASAHI symbol DRM_ASAHI depends on RUST symbol RUST depends on CALL_PADDING symbol CALL_PADDING depends on OBJTOOL symbol OBJTOOL is selected by STACK_VALIDATION symbol STACK_VALIDATION depends on UNWINDER_FRAME_POINTER symbol UNWINDER_FRAME_POINTER is part of choice block at arch/x86/Kconfig.debug:224 symbol <choice> unknown is visible depending on UNWINDER_GUESS symbol UNWINDER_GUESS prompt is visible depending on STACKDEPOT symbol STACKDEPOT is selected by DRM_DEBUG_DP_MST_TOPOLOGY_REFS symbol DRM_DEBUG_DP_MST_TOPOLOGY_REFS depends on DRM_KMS_HELPER Fixes: 12a280c72868 ("drm/dp_mst: Add topology ref history tracking for debugging") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> --- drivers/gpu/drm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index fbef3f471bd0e5101699cf576542f7350bea3982..bd228dc77e99b4356b09de02d9001237eb2423e2 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -188,7 +188,7 @@ config DRM_DEBUG_DP_MST_TOPOLOGY_REFS bool "Enable refcount backtrace history in the DP MST helpers" depends on STACKTRACE_SUPPORT select STACKDEPOT - depends on DRM_KMS_HELPER + select DRM_KMS_HELPER depends on DEBUG_KERNEL depends on EXPERT help --- base-commit: 2014c95afecee3e76ca4a56956a936e23283f05b change-id: 20250304-drm_debug_dp_mst_topo_kconfig-a112904ba611 Best regards, -- Janne Grunau <j(a)jannau.net>

6 months, 3 weeks

4
3
0 0

[PATCH 5.10.y 1/3] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250317173250.28780-3-kabel@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index ebc858087394..d583052af26c 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -4679,7 +4679,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -5085,7 +5085,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

2
5
0 0

[PATCH 6.6.y 1/4] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index bf93d700802b..be42de54e7df 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5713,7 +5713,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -6174,7 +6174,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

2
7
0 0

[PATCH 5.15.y 1/3] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 9f7ff54894d4..02bcf5a4b073 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5217,7 +5217,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -5660,7 +5660,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

2
5
0 0

[PATCH 6.1.y 1/4] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 0541c9a7fc49..b5e06f66cd38 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5813,7 +5813,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -6272,7 +6272,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

2
7
0 0

[PATCHSET 6.12] xfs: backported fixes from upstream

by Darrick J. Wong

Hi all, Here's a bunch of hand-ported bug fixes for 6.12 LTS. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=ne… --- Commits in this patchset: * xfs: do not check NEEDSREPAIR if ro,norecovery mount. * xfs: Do not allow norecovery mount with quotacheck * xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate * xfs: flush inodegc before swapon --- fs/xfs/xfs_aops.c | 41 +++++++++++++++++++++++++++++++++++++---- fs/xfs/xfs_qm_bhv.c | 49 ++++++++++++++++++++++++++++++++++--------------- fs/xfs/xfs_super.c | 8 ++++++-- 3 files changed, 77 insertions(+), 21 deletions(-)

6 months, 3 weeks

2
8
0 0

[PATCH 6.1.y v2] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- v2: Fix the following issue net/sched/act_mirred.c:265:6: error: variable 'is_redirect' is used uninitialized whenever 'if' condition is true found by the following tuxmake(https://lore.kernel.org/stable/CA+G9fYu+FEZ-3ye30Hk2sk1+LFsw7iO5AHu… tuxmake --runtime podman --target-arch arm --toolchain clang-20 --kconfig allmodconfig LLVM=1 LLVM_IAS=1 Verified the build test Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- net/sched/act_mirred.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 36395e5db3b4..bbc34987bd09 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -255,31 +255,31 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit); m_eaction = READ_ONCE(m->tcfm_eaction); + is_redirect = tcf_mirred_is_act_redirect(m_eaction); retval = READ_ONCE(m->tcf_action); dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; * since we can't easily detect the clsact caller, skip clone only for * ingress - that covers the TC S/W datapath. */ - is_redirect = tcf_mirred_is_act_redirect(m_eaction); at_ingress = skb_at_tc_ingress(skb); use_reinsert = at_ingress && is_redirect && tcf_mirred_can_reinsert(retval); if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -321,12 +321,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

6 months, 3 weeks

3
3
0 0

[PATCH 5.15.y] jfs: define xtree root and page independently

by Aditya Dutt

From: Dave Kleikamp <dave.kleikamp(a)oracle.com> [ Upstream commit a779ed754e52d582b8c0e17959df063108bd0656 ] In order to make array bounds checking sane, provide a separate definition of the in-inode xtree root and the external xtree page. Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Tested-by: Manas Ghandat <ghandatmanas(a)gmail.com> (cherry picked from commit a779ed754e52d582b8c0e17959df063108bd0656) Closes: https://syzkaller.appspot.com/bug?extid=ccb458b6679845ee0bae Reported-by: syzbot+ccb458b6679845ee0bae(a)syzkaller.appspotmail.com Signed-off-by: Aditya Dutt <duttaditya18(a)gmail.com> --- I am sending this as per the suggestion by Greg to submit backports for all the relevant stable trees: https://lore.kernel.org/stable/2025042210-stylized-nearest-ea59@gregkh/ This patch has been applied in >= 6.12 and has been backported to 6.6: 2ff51719ec615e1b373c1811443efe93594c41a9 I have already sent a mail for 6.1: https://lore.kernel.org/stable/20250427153045.90396-1-duttaditya18@gmail.co… syzbot checked the patch against 5.15.y and confirmed that the reproducer did not trigger any issues. check here: https://lore.kernel.org/lkml/67fea0bf.050a0220.186b78.0006.GAE@google.com/ fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +++--- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 ++-- fs/jfs/jfs_xtree.c | 4 ++-- fs/jfs/jfs_xtree.h | 37 +++++++++++++++++++++++-------------- 6 files changed, 32 insertions(+), 23 deletions(-) diff --git a/fs/jfs/jfs_dinode.h b/fs/jfs/jfs_dinode.h index 6b231d0d0071..603aae17a693 100644 --- a/fs/jfs/jfs_dinode.h +++ b/fs/jfs/jfs_dinode.h @@ -96,7 +96,7 @@ struct dinode { #define di_gengen u._file._u1._imap._gengen union { - xtpage_t _xtroot; + xtroot_t _xtroot; struct { u8 unused[16]; /* 16: */ dxd_t _dxd; /* 16: */ diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index c72e97f06579..0e7d2662f202 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -673,7 +673,7 @@ int diWrite(tid_t tid, struct inode *ip) * This is the special xtree inside the directory for storing * the directory table */ - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; jfs_ip->xtlid = 0; @@ -687,7 +687,7 @@ int diWrite(tid_t tid, struct inode *ip) * copy xtree root from inode to dinode: */ p = &jfs_ip->i_xtroot; - xp = (xtpage_t *) &dp->di_dirtable; + xp = (xtroot_t *) &dp->di_dirtable; lv = ilinelock->lv; for (n = 0; n < ilinelock->index; n++, lv++) { memcpy(&xp->xad[lv->offset], &p->xad[lv->offset], @@ -716,7 +716,7 @@ int diWrite(tid_t tid, struct inode *ip) * regular file: 16 byte (XAD slot) granularity */ if (type & tlckXTREE) { - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; /* diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h index 721def69e732..dd4264aa9bed 100644 --- a/fs/jfs/jfs_incore.h +++ b/fs/jfs/jfs_incore.h @@ -66,7 +66,7 @@ struct jfs_inode_info { lid_t xtlid; /* lid of xtree lock on directory */ union { struct { - xtpage_t _xtroot; /* 288: xtree root */ + xtroot_t _xtroot; /* 288: xtree root */ struct inomap *_imap; /* 4: inode map header */ } file; struct { diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index 6c8680d3907a..3a547e0b934f 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -783,7 +783,7 @@ struct tlock *txLock(tid_t tid, struct inode *ip, struct metapage * mp, if (mp->xflag & COMMIT_PAGE) p = (xtpage_t *) mp->data; else - p = &jfs_ip->i_xtroot; + p = (xtpage_t *) &jfs_ip->i_xtroot; xtlck->lwm.offset = le16_to_cpu(p->header.nextindex); } @@ -1710,7 +1710,7 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd, if (tlck->type & tlckBTROOT) { lrd->log.redopage.type |= cpu_to_le16(LOG_BTROOT); - p = &JFS_IP(ip)->i_xtroot; + p = (xtpage_t *) &JFS_IP(ip)->i_xtroot; if (S_ISDIR(ip->i_mode)) lrd->log.redopage.type |= cpu_to_le16(LOG_DIR_XTREE); diff --git a/fs/jfs/jfs_xtree.c b/fs/jfs/jfs_xtree.c index 3148e9b35f3b..34db519933b4 100644 --- a/fs/jfs/jfs_xtree.c +++ b/fs/jfs/jfs_xtree.c @@ -1224,7 +1224,7 @@ xtSplitRoot(tid_t tid, struct xtlock *xtlck; int rc; - sp = &JFS_IP(ip)->i_xtroot; + sp = (xtpage_t *) &JFS_IP(ip)->i_xtroot; INCREMENT(xtStat.split); @@ -3059,7 +3059,7 @@ static int xtRelink(tid_t tid, struct inode *ip, xtpage_t * p) */ void xtInitRoot(tid_t tid, struct inode *ip) { - xtpage_t *p; + xtroot_t *p; /* * acquire a transaction lock on the root diff --git a/fs/jfs/jfs_xtree.h b/fs/jfs/jfs_xtree.h index 5f51be8596b3..dc9b5f8d6385 100644 --- a/fs/jfs/jfs_xtree.h +++ b/fs/jfs/jfs_xtree.h @@ -65,24 +65,33 @@ struct xadlist { #define XTPAGEMAXSLOT 256 #define XTENTRYSTART 2 -/* - * xtree page: - */ -typedef union { - struct xtheader { - __le64 next; /* 8: */ - __le64 prev; /* 8: */ +struct xtheader { + __le64 next; /* 8: */ + __le64 prev; /* 8: */ - u8 flag; /* 1: */ - u8 rsrvd1; /* 1: */ - __le16 nextindex; /* 2: next index = number of entries */ - __le16 maxentry; /* 2: max number of entries */ - __le16 rsrvd2; /* 2: */ + u8 flag; /* 1: */ + u8 rsrvd1; /* 1: */ + __le16 nextindex; /* 2: next index = number of entries */ + __le16 maxentry; /* 2: max number of entries */ + __le16 rsrvd2; /* 2: */ - pxd_t self; /* 8: self */ - } header; /* (32) */ + pxd_t self; /* 8: self */ +}; +/* + * xtree root (in inode): + */ +typedef union { + struct xtheader header; xad_t xad[XTROOTMAXSLOT]; /* 16 * maxentry: xad array */ +} xtroot_t; + +/* + * xtree page: + */ +typedef union { + struct xtheader header; + xad_t xad[XTPAGEMAXSLOT]; /* 16 * maxentry: xad array */ } xtpage_t; /* -- 2.34.1

6 months, 3 weeks

2
1
0 0

[PATCH 6.1.y v2] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- v2: Fix the following issue net/sched/act_mirred.c:265:6: error: variable 'is_redirect' is used uninitialized whenever 'if' condition is true found by the following tuxmake (https://lore.kernel.org/stable/CA+G9fYu+FEZ-3ye30Hk2sk1+LFsw7iO5AHueUa9H1Ub…) Verified the build test by cmd(tuxmake --runtime podman --target-arch arm --toolchain clang-20 --kconfig allmodconfig LLVM=1 LLVM_IAS=1) --- net/sched/act_mirred.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 36395e5db3b4..bbc34987bd09 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -255,31 +255,31 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit); m_eaction = READ_ONCE(m->tcfm_eaction); + is_redirect = tcf_mirred_is_act_redirect(m_eaction); retval = READ_ONCE(m->tcf_action); dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; * since we can't easily detect the clsact caller, skip clone only for * ingress - that covers the TC S/W datapath. */ - is_redirect = tcf_mirred_is_act_redirect(m_eaction); at_ingress = skb_at_tc_ingress(skb); use_reinsert = at_ingress && is_redirect && tcf_mirred_can_reinsert(retval); if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -321,12 +321,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

6 months, 3 weeks

4
4
0 0

[PATCH 5.10.y v2] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- v2: Fix the following issue net/sched/act_mirred.c:265:6: error: variable 'is_redirect' is used uninitialized whenever 'if' condition is true found by the following tuxmake (https://lore.kernel.org/stable/CA+G9fYu+FEZ-3ye30Hk2sk1+LFsw7iO5AHueUa9H1Ub…) tuxmake --runtime podman --target-arch arm --toolchain clang-20 --kconfig allmodconfig LLVM=1 LLVM_IAS=1 The above command line couldn't pass for some other issue unrelated to this patch, but we're sure that the above "is_redirect" issue has been fixed. --- net/sched/act_mirred.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 91a19460cb57..07b9f8335f05 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -256,31 +256,31 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit); m_eaction = READ_ONCE(m->tcfm_eaction); + is_redirect = tcf_mirred_is_act_redirect(m_eaction); retval = READ_ONCE(m->tcf_action); dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; * since we can't easily detect the clsact caller, skip clone only for * ingress - that covers the TC S/W datapath. */ - is_redirect = tcf_mirred_is_act_redirect(m_eaction); at_ingress = skb_at_tc_ingress(skb); use_reinsert = at_ingress && is_redirect && tcf_mirred_can_reinsert(retval); if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -323,12 +323,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

6 months, 3 weeks

2
1
0 0

[PATCH 6.12.y 1/5] Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"

by Marek Behún

This reverts commit 2b27df6852444b76724f5d425826a38581d63407. For stable 6.12 it was misapplied to wrong entries of the `mv88e6xxx_table` array: instead of the MV88E6320 and MV88E6321 entries it was applied to the MV88E6240 and MV88E6352 entries. Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 28967a338aa9..720ff57c854d 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -6182,8 +6182,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 2, - .internal_phys_offset = 3, + .num_internal_phys = 5, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, @@ -6377,8 +6376,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 2, - .internal_phys_offset = 3, + .num_internal_phys = 5, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, -- 2.49.0

6 months, 3 weeks

3
12
0 0

[PATCH 5.15.y v2] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- v2: Fix the following issue net/sched/act_mirred.c:265:6: error: variable 'is_redirect' is used uninitialized whenever 'if' condition is true found by the following tuxmake (https://lore.kernel.org/stable/CA+G9fYu+FEZ-3ye30Hk2sk1+LFsw7iO5AHueUa9H1Ub…) Verified the build test by cmd(tuxmake --runtime podman --target-arch arm --toolchain clang-20 --kconfig allmodconfig LLVM=1 LLVM_IAS=1) --- net/sched/act_mirred.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 97cd4b2377d6..1aa1d10de30e 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -254,31 +254,31 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit); m_eaction = READ_ONCE(m->tcfm_eaction); + is_redirect = tcf_mirred_is_act_redirect(m_eaction); retval = READ_ONCE(m->tcf_action); dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; * since we can't easily detect the clsact caller, skip clone only for * ingress - that covers the TC S/W datapath. */ - is_redirect = tcf_mirred_is_act_redirect(m_eaction); at_ingress = skb_at_tc_ingress(skb); use_reinsert = at_ingress && is_redirect && tcf_mirred_can_reinsert(retval); if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -321,12 +321,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

6 months, 3 weeks

2
1
0 0

platform_shutdown crasher reaches LTS v5.10

by Chuck Lever

Howdy - My queue/5.10 CI test runners have hit this crash on shutdown: [ 42.547410] RIP: 0010:platform_shutdown+0x9/0x20 [ 42.547955] Code: b7 46 08 c3 cc cc cc cc 31 c0 83 bf a8 02 00 00 ff 75 ec c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 68 <48> 8b 40 e8 48 85 c0 74 09 48 83 ef 10 e9 35 2c 80 00 c3 cc cc cc [ 42.550016] RSP: 0018:ffffc2ff80013de0 EFLAGS: 00010246 [ 42.550630] RAX: 0000000000000000 RBX: ffff9e6805d2ec18 RCX: 0000000000000000 [ 42.551444] RDX: 0000000000000001 RSI: ffff9e6805d2ec18 RDI: ffff9e6805d2ec10 [ 42.552263] RBP: ffffffff9be79420 R08: ffff9e6805d2f408 R09: ffffffff9bc5c698 [ 42.553081] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9e6805d2ec10 [ 42.553900] R13: ffff9e6805d2ec90 R14: 00000000fee1dead R15: 0000000000000000 [ 42.554717] FS: 00007f05a6960b80(0000) GS:ffff9e6b6fc00000(0000) knlGS:0000000000000000 [ 42.555633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.556291] CR2: ffffffffffffffe8 CR3: 000000010960a006 CR4: 0000000000370ef0 [ 42.557105] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.557919] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.558733] Call Trace: [ 42.559044] device_shutdown+0x15b/0x1c0 [ 42.559512] __do_sys_reboot.cold+0x2f/0x5b [ 42.560015] ? vfs_writev+0x9b/0x110 [ 42.560444] ? do_writev+0x57/0xf0 [ 42.560859] do_syscall_64+0x33/0x40 [ 42.561289] entry_SYSCALL_64_after_hwframe+0x67/0xd1 It's likely due to this recently applied commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… Maybe commit 46e85af0cc53 ("driver core: platform: don't oops in platform_shutdown() on unbound devices") fixes this issue, but I didn't test it. -- Chuck Lever

6 months, 3 weeks

2
1
0 0

[lvc-project] [PATCH 5.10/5.15] drm/amd/pm: vega10_hwmgr: fix potential off-by-one overflow in 'performance_levels'

by Igor Artemiev

From: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> commit 2cc4a5914ce952d6fc83b0f8089a23095ad4f677 upstream. Since 'hardwareActivityPerformanceLevels' is set to the size of the 'performance_levels' array in vega10_hwmgr_backend_init(), using the '<=' assertion to check for the next index value is incorrect. Replace it with '<'. Detected using the static analysis tool - Svace. Fixes: f83a9991648b ("drm/amd/powerplay: add Vega10 powerplay support (v5)") Reviewed-by: Evan Quan <evan.quan(a)amd.com> Signed-off-by: Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Igor: In order to adapt this patch to branch 5.10/5.15 the variable name 'vega10_ps' has been changed to 'vega10_power_state' as it is used in branch 5.10/5.15.] Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> --- drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c index 79a41180adf1..30eab5002077 100644 --- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c +++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c @@ -3171,7 +3171,7 @@ static int vega10_get_pp_table_entry_callback_func(struct pp_hwmgr *hwmgr, return -1); PP_ASSERT_WITH_CODE( - (vega10_power_state->performance_level_count <= + (vega10_power_state->performance_level_count < hwmgr->platform_descriptor. hardwareActivityPerformanceLevels), "Performance levels exceeds Driver limit!", -- 2.39.2

6 months, 3 weeks

1
0
0 0

[PATCH 6.6] iommu: Handle race with default domain setup

by Robin Murphy

[ Upstream commit b46064a18810bad3aea089a79993ca5ea7a3d2b2 ] It turns out that deferred default domain creation leaves a subtle race window during iommu_device_register() wherein a client driver may asynchronously probe in parallel and get as far as performing DMA API operations with dma-direct, only to be switched to iommu-dma underfoot once the default domain attachment finally happens, with obviously disastrous consequences. Even the wonky of_iommu_configure() path is at risk, since iommu_fwspec_init() will no longer defer client probe as the instance ops are (necessarily) already registered, and the "replay" iommu_probe_device() call can see dev->iommu_group already set and so think there's nothing to do either. Fortunately we already have the right tool in the right place in the form of iommu_device_use_default_domain(), which just needs to ensure that said default domain is actually ready to *be* used. Deferring the client probe shouldn't have too much impact, given that this only happens while the IOMMU driver is probing, and thus due to kick the deferred probe list again once it finishes. [ Backport: The above is true for mainline, but here we still have arch_setup_dma_ops() to worry about, which is not replayed if the default domain happens to be allocated *between* that call and subsequently reaching iommu_device_use_default_domain(), so we need an additional earlier check to cover that case. Also we're now back before the nominal commit 98ac73f99bc4 so we need to tweak the logic to depend on IOMMU_DMA as well, to avoid falsely deferring on architectures not using default domains. This then serves us back as far as f188056352bc, where this specific form of the problem first arises. ] Reported-by: Charan Teja Kalla <quic_charante(a)quicinc.com> Fixes: 98ac73f99bc4 ("iommu: Require a default_domain for all iommu drivers") Fixes: f188056352bc ("iommu: Avoid locking/unlocking for iommu_probe_device()") Link: https://lore.kernel.org/r/e88b94c9b575034a2c98a48b3d383654cbda7902.17407532… Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/iommu/iommu.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 3f1029c0825e..29b48a6a0275 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -566,6 +566,17 @@ int iommu_probe_device(struct device *dev) mutex_lock(&iommu_probe_device_lock); ret = __iommu_probe_device(dev, NULL); mutex_unlock(&iommu_probe_device_lock); + + /* + * The dma_configure replay paths need bus_iommu_probe() to + * finish before they can call arch_setup_dma_ops() + */ + if (IS_ENABLED(CONFIG_IOMMU_DMA) && !ret && dev->iommu_group) { + mutex_lock(&dev->iommu_group->mutex); + if (!dev->iommu_group->default_domain) + ret = -EPROBE_DEFER; + mutex_unlock(&dev->iommu_group->mutex); + } if (ret) return ret; @@ -3149,6 +3160,11 @@ int iommu_device_use_default_domain(struct device *dev) return 0; mutex_lock(&group->mutex); + /* We may race against bus_iommu_probe() finalising groups here */ + if (!group->default_domain) { + ret = -EPROBE_DEFER; + goto unlock_out; + } if (group->owner_cnt) { if (group->owner || !iommu_is_default_domain(group) || !xa_empty(&group->pasid_array)) { -- 2.39.2.101.g768bb238c484.dirty

6 months, 3 weeks

3
3
0 0

FAILED: patch "[PATCH] comedi: jr3_pci: Fix synchronous deletion of timer" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 44d9b3f584c59a606b521e7274e658d5b866c699 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042807-emcee-squealing-c022@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44d9b3f584c59a606b521e7274e658d5b866c699 Mon Sep 17 00:00:00 2001 From: Ian Abbott <abbotti(a)mev.co.uk> Date: Tue, 15 Apr 2025 13:39:01 +0100 Subject: [PATCH] comedi: jr3_pci: Fix synchronous deletion of timer When `jr3_pci_detach()` is called during device removal, it calls `timer_delete_sync()` to stop the timer, but the timer expiry function always reschedules the timer, so the synchronization is ineffective. Call `timer_shutdown_sync()` instead. It does not matter that the timer expiry function pointer is cleared, because the device is being removed. Fixes: 07b509e6584a5 ("Staging: comedi: add jr3_pci driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250415123901.13483-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/comedi/drivers/jr3_pci.c b/drivers/comedi/drivers/jr3_pci.c index cdc842b32bab..75dce1ff2419 100644 --- a/drivers/comedi/drivers/jr3_pci.c +++ b/drivers/comedi/drivers/jr3_pci.c @@ -758,7 +758,7 @@ static void jr3_pci_detach(struct comedi_device *dev) struct jr3_pci_dev_private *devpriv = dev->private; if (devpriv) - timer_delete_sync(&devpriv->timer); + timer_shutdown_sync(&devpriv->timer); comedi_pci_detach(dev); }

6 months, 3 weeks

2
1
0 0

[PATCH] drm/v3d: Add job to pending list if the reset was skipped

by Maíra Canal

When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `free_job()`. Consequently, when we skip the reset and keep the job running, the job won't be freed when it finally completes. This situation leads to a memory leak, as exposed in [1]. Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active"), this patch ensures the job is put back on the pending list when extending the timeout. Cc: stable(a)vger.kernel.org # 6.0 Link: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12227 [1] Reported-by: Daivik Bhatia <dtgs1208(a)gmail.com> Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_sched.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index b3be08b0ca91..a98dcf9d75b1 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -734,11 +734,6 @@ v3d_gpu_reset_for_timeout(struct v3d_dev *v3d, struct drm_sched_job *sched_job) return DRM_GPU_SCHED_STAT_NOMINAL; } -/* If the current address or return address have changed, then the GPU - * has probably made progress and we should delay the reset. This - * could fail if the GPU got in an infinite loop in the CL, but that - * is pretty unlikely outside of an i-g-t testcase. - */ static enum drm_gpu_sched_stat v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 *timedout_ctca, u32 *timedout_ctra) @@ -748,9 +743,16 @@ v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 ctca = V3D_CORE_READ(0, V3D_CLE_CTNCA(q)); u32 ctra = V3D_CORE_READ(0, V3D_CLE_CTNRA(q)); + /* If the current address or return address have changed, then the GPU + * has probably made progress and we should delay the reset. This + * could fail if the GPU got in an infinite loop in the CL, but that + * is pretty unlikely outside of an i-g-t testcase. + */ if (*timedout_ctca != ctca || *timedout_ctra != ctra) { *timedout_ctca = ctca; *timedout_ctra = ctra; + + list_add(&sched_job->list, &sched_job->sched->pending_list); return DRM_GPU_SCHED_STAT_NOMINAL; } @@ -790,11 +792,13 @@ v3d_csd_job_timedout(struct drm_sched_job *sched_job) struct v3d_dev *v3d = job->base.v3d; u32 batches = V3D_CORE_READ(0, V3D_CSD_CURRENT_CFG4(v3d->ver)); - /* If we've made progress, skip reset and let the timer get - * rearmed. + /* If we've made progress, skip reset, add the job to the pending + * list, and let the timer get rearmed. */ if (job->timedout_batches != batches) { job->timedout_batches = batches; + + list_add(&sched_job->list, &sched_job->sched->pending_list); return DRM_GPU_SCHED_STAT_NOMINAL; } -- 2.49.0

6 months, 3 weeks

2
2
0 0

[PATCH 5.4.y] crypto: atmel-sha204a - Set hwrng quality to lowest possible

by Marek Behún

commit 8006aff15516a170640239c5a8e6696c0ba18d8e upstream. According to the review by Bill Cox [1], the Atmel SHA204A random number generator produces random numbers with very low entropy. Set the lowest possible entropy for this chip just to be safe. [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator") Cc: <stable(a)vger.kernel.org> Signed-off-by: Marek Behún <kabel(a)kernel.org> Acked-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [ rebased for 5.4 ] Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/crypto/atmel-sha204a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c index c96c14e7dab1..0ef92109ce22 100644 --- a/drivers/crypto/atmel-sha204a.c +++ b/drivers/crypto/atmel-sha204a.c @@ -107,7 +107,12 @@ static int atmel_sha204a_probe(struct i2c_client *client, i2c_priv->hwrng.name = dev_name(&client->dev); i2c_priv->hwrng.read = atmel_sha204a_rng_read; - i2c_priv->hwrng.quality = 1024; + + /* + * According to review by Bill Cox [1], this HWRNG has very low entropy. + * [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html + */ + i2c_priv->hwrng.quality = 1; ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng); if (ret) -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH 5.10.y] crypto: atmel-sha204a - Set hwrng quality to lowest possible

by Marek Behún

commit 8006aff15516a170640239c5a8e6696c0ba18d8e upstream. According to the review by Bill Cox [1], the Atmel SHA204A random number generator produces random numbers with very low entropy. Set the lowest possible entropy for this chip just to be safe. [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator") Cc: <stable(a)vger.kernel.org> Signed-off-by: Marek Behún <kabel(a)kernel.org> Acked-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [ rebased for 5.10 ] Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/crypto/atmel-sha204a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c index c96c14e7dab1..0ef92109ce22 100644 --- a/drivers/crypto/atmel-sha204a.c +++ b/drivers/crypto/atmel-sha204a.c @@ -107,7 +107,12 @@ static int atmel_sha204a_probe(struct i2c_client *client, i2c_priv->hwrng.name = dev_name(&client->dev); i2c_priv->hwrng.read = atmel_sha204a_rng_read; - i2c_priv->hwrng.quality = 1024; + + /* + * According to review by Bill Cox [1], this HWRNG has very low entropy. + * [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html + */ + i2c_priv->hwrng.quality = 1; ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng); if (ret) -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH 5.15.y] crypto: atmel-sha204a - Set hwrng quality to lowest possible

by Marek Behún

commit 8006aff15516a170640239c5a8e6696c0ba18d8e upstream. According to the review by Bill Cox [1], the Atmel SHA204A random number generator produces random numbers with very low entropy. Set the lowest possible entropy for this chip just to be safe. [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator") Cc: <stable(a)vger.kernel.org> Signed-off-by: Marek Behún <kabel(a)kernel.org> Acked-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [ rebased for 5.15 ] Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/crypto/atmel-sha204a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c index c96c14e7dab1..0ef92109ce22 100644 --- a/drivers/crypto/atmel-sha204a.c +++ b/drivers/crypto/atmel-sha204a.c @@ -107,7 +107,12 @@ static int atmel_sha204a_probe(struct i2c_client *client, i2c_priv->hwrng.name = dev_name(&client->dev); i2c_priv->hwrng.read = atmel_sha204a_rng_read; - i2c_priv->hwrng.quality = 1024; + + /* + * According to review by Bill Cox [1], this HWRNG has very low entropy. + * [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html + */ + i2c_priv->hwrng.quality = 1; ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng); if (ret) -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH 6.1.y] crypto: atmel-sha204a - Set hwrng quality to lowest possible

by Marek Behún

commit 8006aff15516a170640239c5a8e6696c0ba18d8e upstream. According to the review by Bill Cox [1], the Atmel SHA204A random number generator produces random numbers with very low entropy. Set the lowest possible entropy for this chip just to be safe. [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator") Cc: <stable(a)vger.kernel.org> Signed-off-by: Marek Behún <kabel(a)kernel.org> Acked-by: Ard Biesheuvel <ardb(a)kernel.org> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [ rebased for 6.1 ] Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/crypto/atmel-sha204a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/atmel-sha204a.c b/drivers/crypto/atmel-sha204a.c index a84b657598c6..51738c730717 100644 --- a/drivers/crypto/atmel-sha204a.c +++ b/drivers/crypto/atmel-sha204a.c @@ -107,7 +107,12 @@ static int atmel_sha204a_probe(struct i2c_client *client, i2c_priv->hwrng.name = dev_name(&client->dev); i2c_priv->hwrng.read = atmel_sha204a_rng_read; - i2c_priv->hwrng.quality = 1024; + + /* + * According to review by Bill Cox [1], this HWRNG has very low entropy. + * [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html + */ + i2c_priv->hwrng.quality = 1; ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng); if (ret) -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH 5.15.y v2 1/3] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250317173250.28780-3-kabel@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 9f7ff54894d4..02bcf5a4b073 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5217,7 +5217,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -5660,7 +5660,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

1
2
0 0

FAILED: patch "[PATCH] comedi: jr3_pci: Fix synchronous deletion of timer" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 44d9b3f584c59a606b521e7274e658d5b866c699 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042806-speculate-arose-b5b8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44d9b3f584c59a606b521e7274e658d5b866c699 Mon Sep 17 00:00:00 2001 From: Ian Abbott <abbotti(a)mev.co.uk> Date: Tue, 15 Apr 2025 13:39:01 +0100 Subject: [PATCH] comedi: jr3_pci: Fix synchronous deletion of timer When `jr3_pci_detach()` is called during device removal, it calls `timer_delete_sync()` to stop the timer, but the timer expiry function always reschedules the timer, so the synchronization is ineffective. Call `timer_shutdown_sync()` instead. It does not matter that the timer expiry function pointer is cleared, because the device is being removed. Fixes: 07b509e6584a5 ("Staging: comedi: add jr3_pci driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250415123901.13483-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/comedi/drivers/jr3_pci.c b/drivers/comedi/drivers/jr3_pci.c index cdc842b32bab..75dce1ff2419 100644 --- a/drivers/comedi/drivers/jr3_pci.c +++ b/drivers/comedi/drivers/jr3_pci.c @@ -758,7 +758,7 @@ static void jr3_pci_detach(struct comedi_device *dev) struct jr3_pci_dev_private *devpriv = dev->private; if (devpriv) - timer_delete_sync(&devpriv->timer); + timer_shutdown_sync(&devpriv->timer); comedi_pci_detach(dev); }

6 months, 3 weeks

2
1
0 0

[PATCH 6.1.y v2 1/4] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250317173250.28780-3-kabel@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 0541c9a7fc49..b5e06f66cd38 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5813,7 +5813,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -6272,7 +6272,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

1
3
0 0

FAILED: patch "[PATCH] comedi: jr3_pci: Fix synchronous deletion of timer" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 44d9b3f584c59a606b521e7274e658d5b866c699 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042806-snowy-deftly-db68@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44d9b3f584c59a606b521e7274e658d5b866c699 Mon Sep 17 00:00:00 2001 From: Ian Abbott <abbotti(a)mev.co.uk> Date: Tue, 15 Apr 2025 13:39:01 +0100 Subject: [PATCH] comedi: jr3_pci: Fix synchronous deletion of timer When `jr3_pci_detach()` is called during device removal, it calls `timer_delete_sync()` to stop the timer, but the timer expiry function always reschedules the timer, so the synchronization is ineffective. Call `timer_shutdown_sync()` instead. It does not matter that the timer expiry function pointer is cleared, because the device is being removed. Fixes: 07b509e6584a5 ("Staging: comedi: add jr3_pci driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250415123901.13483-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/comedi/drivers/jr3_pci.c b/drivers/comedi/drivers/jr3_pci.c index cdc842b32bab..75dce1ff2419 100644 --- a/drivers/comedi/drivers/jr3_pci.c +++ b/drivers/comedi/drivers/jr3_pci.c @@ -758,7 +758,7 @@ static void jr3_pci_detach(struct comedi_device *dev) struct jr3_pci_dev_private *devpriv = dev->private; if (devpriv) - timer_delete_sync(&devpriv->timer); + timer_shutdown_sync(&devpriv->timer); comedi_pci_detach(dev); }

6 months, 3 weeks

2
1
0 0

[PATCH 6.6.y v2 1/4] net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family

by Marek Behún

commit 4ae01ec007716986e1a20f1285eb013cbf188830 upstream. The atu_move_port_mask for 6341 family (Topaz) is 0xf, not 0x1f. The PortVec field is 8 bits wide, not 11 as in 6390 family. Fix this. Fixes: e606ca36bbf2 ("net: dsa: mv88e6xxx: rework ATU Remove") Signed-off-by: Marek Behún <kabel(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250317173250.28780-3-kabel@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index bf93d700802b..be42de54e7df 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5713,7 +5713,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, @@ -6174,7 +6174,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .global1_addr = 0x1b, .global2_addr = 0x1c, .age_time_coeff = 3750, - .atu_move_port_mask = 0x1f, + .atu_move_port_mask = 0xf, .g1_irqs = 9, .g2_irqs = 10, .pvt = true, -- 2.49.0

6 months, 3 weeks

1
3
0 0

[PATCH 6.12.y v2 1/5] Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"

by Marek Behún

This reverts commit 2b27df6852444b76724f5d425826a38581d63407. For stable 6.12 it was misapplied to wrong entries of the `mv88e6xxx_table` array: instead of the MV88E6320 and MV88E6321 entries it was applied to the MV88E6240 and MV88E6352 entries. Signed-off-by: Marek Behún <kabel(a)kernel.org> --- drivers/net/dsa/mv88e6xxx/chip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 28967a338aa9..720ff57c854d 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -6182,8 +6182,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 2, - .internal_phys_offset = 3, + .num_internal_phys = 5, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, @@ -6377,8 +6376,7 @@ static const struct mv88e6xxx_info mv88e6xxx_table[] = { .num_databases = 4096, .num_macs = 8192, .num_ports = 7, - .num_internal_phys = 2, - .internal_phys_offset = 3, + .num_internal_phys = 5, .num_gpio = 15, .max_vid = 4095, .max_sid = 63, -- 2.49.0

6 months, 3 weeks

1
4
0 0

FAILED: patch "[PATCH] comedi: jr3_pci: Fix synchronous deletion of timer" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 44d9b3f584c59a606b521e7274e658d5b866c699 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042805-agonize-founder-450f@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44d9b3f584c59a606b521e7274e658d5b866c699 Mon Sep 17 00:00:00 2001 From: Ian Abbott <abbotti(a)mev.co.uk> Date: Tue, 15 Apr 2025 13:39:01 +0100 Subject: [PATCH] comedi: jr3_pci: Fix synchronous deletion of timer When `jr3_pci_detach()` is called during device removal, it calls `timer_delete_sync()` to stop the timer, but the timer expiry function always reschedules the timer, so the synchronization is ineffective. Call `timer_shutdown_sync()` instead. It does not matter that the timer expiry function pointer is cleared, because the device is being removed. Fixes: 07b509e6584a5 ("Staging: comedi: add jr3_pci driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250415123901.13483-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/comedi/drivers/jr3_pci.c b/drivers/comedi/drivers/jr3_pci.c index cdc842b32bab..75dce1ff2419 100644 --- a/drivers/comedi/drivers/jr3_pci.c +++ b/drivers/comedi/drivers/jr3_pci.c @@ -758,7 +758,7 @@ static void jr3_pci_detach(struct comedi_device *dev) struct jr3_pci_dev_private *devpriv = dev->private; if (devpriv) - timer_delete_sync(&devpriv->timer); + timer_shutdown_sync(&devpriv->timer); comedi_pci_detach(dev); }

6 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] usb: typec: class: Invalidate USB device pointers on partner" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 66e1a887273c6b89f09bc11a40d0a71d5a081a8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042838-staple-purr-ea46@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66e1a887273c6b89f09bc11a40d0a71d5a081a8e Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Fri, 21 Mar 2025 14:37:27 +0000 Subject: [PATCH] usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a clean state for future connections. Cc: stable(a)vger.kernel.org Fixes: 59de2a56d127 ("usb: typec: Link enumerated USB devices with Type-C partner") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Benson Leung <bleung(a)chromium.org> Link: https://lore.kernel.org/r/20250321143728.4092417-3-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/class.c b/drivers/usb/typec/class.c index eadb150223f8..3df3e3736916 100644 --- a/drivers/usb/typec/class.c +++ b/drivers/usb/typec/class.c @@ -1086,10 +1086,14 @@ void typec_unregister_partner(struct typec_partner *partner) port = to_typec_port(partner->dev.parent); mutex_lock(&port->partner_link_lock); - if (port->usb2_dev) + if (port->usb2_dev) { typec_partner_unlink_device(partner, port->usb2_dev); - if (port->usb3_dev) + port->usb2_dev = NULL; + } + if (port->usb3_dev) { typec_partner_unlink_device(partner, port->usb3_dev); + port->usb3_dev = NULL; + } device_unregister(&partner->dev); mutex_unlock(&port->partner_link_lock);

6 months, 3 weeks

2
1
0 0

[PATCH 6.6/6.12] ext4: goto right label 'out_mmap_sem' in ext4_setattr()

by Ricardo Cañuelo Navarro

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 7e91ae31e2d264155dfd102101afc2de7bd74a64 ] Otherwise, if ext4_inode_attach_jinode() fails, a hung task will happen because filemap_invalidate_unlock() isn't called to unlock mapping->invalidate_lock. Like this: EXT4-fs error (device sda) in ext4_setattr:5557: Out of memory INFO: task fsstress:374 blocked for more than 122 seconds. Not tainted 6.14.0-rc1-next-20250206-xfstests-dirty #726 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:fsstress state:D stack:0 pid:374 tgid:374 ppid:373 task_flags:0x440140 flags:0x00000000 Call Trace: <TASK> __schedule+0x2c9/0x7f0 schedule+0x27/0xa0 schedule_preempt_disabled+0x15/0x30 rwsem_down_read_slowpath+0x278/0x4c0 down_read+0x59/0xb0 page_cache_ra_unbounded+0x65/0x1b0 filemap_get_pages+0x124/0x3e0 filemap_read+0x114/0x3d0 vfs_read+0x297/0x360 ksys_read+0x6c/0xe0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fixes: c7fc0366c656 ("ext4: partial zero eof block on unaligned inode size extension") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Brian Foster <bfoster(a)redhat.com> Link: https://patch.msgid.link/20250213112247.3168709-1-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com> --- Hi, Requesting this fix to be backported to stable v6.6 and v6.12, which contain the backport for upstream patch c7fc0366c656 ("ext4: partial zero eof block on unaligned inode size extension"). That patch was also backported to v6.14 but the fix is there already as well. Thanks, Ricardo --- fs/ext4/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index ddfeaf19bff1ba22cea7e108c0564daceb09e9ee..ebb8097b11397fb3e8c005035a808712ac31ee77 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -5478,7 +5478,7 @@ int ext4_setattr(struct mnt_idmap *idmap, struct dentry *dentry, oldsize & (inode->i_sb->s_blocksize - 1)) { error = ext4_inode_attach_jinode(inode); if (error) - goto err_out; + goto out_mmap_sem; } handle = ext4_journal_start(inode, EXT4_HT_INODE, 3); --- base-commit: 23ec0b4057294d86cdefafe373b1f03568f75aff change-id: 20250429-rcn-20250429-v6-6-backport-a299b0c87086

6 months, 3 weeks

1
0
0 0

[PATCH 6.1.y v3] net/sched: act_mirred: don't override retval if we already lost the skb

by jianqi.ren.cn＠windriver.com

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 ] If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it. Reviewed-by: Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> Fixes: e5cf1baf92cb ("act_mirred: use TC_ACT_REINSERT when possible") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- v2: Fix the following issue net/sched/act_mirred.c:265:6: error: variable 'is_redirect' is used uninitialized whenever 'if' condition is true found by the following tuxmake (https://lore.kernel.org/stable/CA+G9fYu+FEZ-3ye30Hk2sk1+LFsw7iO5AHueUa9H1Ub…) Verified the build test by cmd(tuxmake --runtime podman --target-arch arm --toolchain clang-20 --kconfig allmodconfig LLVM=1 LLVM_IAS=1) --- net/sched/act_mirred.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 36395e5db3b4..bbc34987bd09 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -255,31 +255,31 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, m_mac_header_xmit = READ_ONCE(m->tcfm_mac_header_xmit); m_eaction = READ_ONCE(m->tcfm_eaction); + is_redirect = tcf_mirred_is_act_redirect(m_eaction); retval = READ_ONCE(m->tcf_action); dev = rcu_dereference_bh(m->tcfm_dev); if (unlikely(!dev)) { pr_notice_once("tc mirred: target device is gone\n"); - goto out; + goto err_cant_do; } if (unlikely(!(dev->flags & IFF_UP)) || !netif_carrier_ok(dev)) { net_notice_ratelimited("tc mirred to Houston: device %s is down\n", dev->name); - goto out; + goto err_cant_do; } /* we could easily avoid the clone only if called by ingress and clsact; * since we can't easily detect the clsact caller, skip clone only for * ingress - that covers the TC S/W datapath. */ - is_redirect = tcf_mirred_is_act_redirect(m_eaction); at_ingress = skb_at_tc_ingress(skb); use_reinsert = at_ingress && is_redirect && tcf_mirred_can_reinsert(retval); if (!use_reinsert) { skb2 = skb_clone(skb, GFP_ATOMIC); if (!skb2) - goto out; + goto err_cant_do; } want_ingress = tcf_mirred_act_wants_ingress(m_eaction); @@ -321,12 +321,16 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, } err = tcf_mirred_forward(want_ingress, skb2); - if (err) { -out: + if (err) tcf_action_inc_overlimit_qstats(&m->common); - if (tcf_mirred_is_act_redirect(m_eaction)) - retval = TC_ACT_SHOT; - } + __this_cpu_dec(mirred_nest_level); + + return retval; + +err_cant_do: + if (is_redirect) + retval = TC_ACT_SHOT; + tcf_action_inc_overlimit_qstats(&m->common); __this_cpu_dec(mirred_nest_level); return retval; -- 2.34.1

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: class: Fix NULL pointer access" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ec27386de23a511008c53aa2f3434ad180a3ca9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042828-delivery-nearly-1a44@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ec27386de23a511008c53aa2f3434ad180a3ca9a Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Fri, 21 Mar 2025 14:37:26 +0000 Subject: [PATCH] usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration. Cc: stable(a)vger.kernel.org Fixes: 59de2a56d127 ("usb: typec: Link enumerated USB devices with Type-C partner") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250321143728.4092417-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/class.c b/drivers/usb/typec/class.c index 9c76c3d0c6cf..eadb150223f8 100644 --- a/drivers/usb/typec/class.c +++ b/drivers/usb/typec/class.c @@ -1052,6 +1052,7 @@ struct typec_partner *typec_register_partner(struct typec_port *port, partner->usb_mode = USB_MODE_USB3; } + mutex_lock(&port->partner_link_lock); ret = device_register(&partner->dev); if (ret) { dev_err(&port->dev, "failed to register partner (%d)\n", ret); @@ -1063,6 +1064,7 @@ struct typec_partner *typec_register_partner(struct typec_port *port, typec_partner_link_device(partner, port->usb2_dev); if (port->usb3_dev) typec_partner_link_device(partner, port->usb3_dev); + mutex_unlock(&port->partner_link_lock); return partner; } @@ -1083,12 +1085,14 @@ void typec_unregister_partner(struct typec_partner *partner) port = to_typec_port(partner->dev.parent); + mutex_lock(&port->partner_link_lock); if (port->usb2_dev) typec_partner_unlink_device(partner, port->usb2_dev); if (port->usb3_dev) typec_partner_unlink_device(partner, port->usb3_dev); device_unregister(&partner->dev); + mutex_unlock(&port->partner_link_lock); } EXPORT_SYMBOL_GPL(typec_unregister_partner); @@ -2041,10 +2045,11 @@ static struct typec_partner *typec_get_partner(struct typec_port *port) static void typec_partner_attach(struct typec_connector *con, struct device *dev) { struct typec_port *port = container_of(con, struct typec_port, con); - struct typec_partner *partner = typec_get_partner(port); + struct typec_partner *partner; struct usb_device *udev = to_usb_device(dev); enum usb_mode usb_mode; + mutex_lock(&port->partner_link_lock); if (udev->speed < USB_SPEED_SUPER) { usb_mode = USB_MODE_USB2; port->usb2_dev = dev; @@ -2053,18 +2058,22 @@ static void typec_partner_attach(struct typec_connector *con, struct device *dev port->usb3_dev = dev; } + partner = typec_get_partner(port); if (partner) { typec_partner_set_usb_mode(partner, usb_mode); typec_partner_link_device(partner, dev); put_device(&partner->dev); } + mutex_unlock(&port->partner_link_lock); } static void typec_partner_deattach(struct typec_connector *con, struct device *dev) { struct typec_port *port = container_of(con, struct typec_port, con); - struct typec_partner *partner = typec_get_partner(port); + struct typec_partner *partner; + mutex_lock(&port->partner_link_lock); + partner = typec_get_partner(port); if (partner) { typec_partner_unlink_device(partner, dev); put_device(&partner->dev); @@ -2074,6 +2083,7 @@ static void typec_partner_deattach(struct typec_connector *con, struct device *d port->usb2_dev = NULL; else if (port->usb3_dev == dev) port->usb3_dev = NULL; + mutex_unlock(&port->partner_link_lock); } /** @@ -2614,6 +2624,7 @@ struct typec_port *typec_register_port(struct device *parent, ida_init(&port->mode_ids); mutex_init(&port->port_type_lock); + mutex_init(&port->partner_link_lock); port->id = id; port->ops = cap->ops; diff --git a/drivers/usb/typec/class.h b/drivers/usb/typec/class.h index b3076a24ad2e..db2fe96c48ff 100644 --- a/drivers/usb/typec/class.h +++ b/drivers/usb/typec/class.h @@ -59,6 +59,7 @@ struct typec_port { enum typec_port_type port_type; enum usb_mode usb_mode; struct mutex port_type_lock; + struct mutex partner_link_lock; enum typec_orientation orientation; struct typec_switch *sw;

6 months, 3 weeks

2
1
0 0

[PATCH net v2 0/2] address EEE regressions on KSZ switches since v6.9 (v6.14+)

by Oleksij Rempel

This patch series addresses a regression in Energy Efficient Ethernet (EEE) handling for KSZ switches with integrated PHYs, introduced in kernel v6.9 by commit fe0d4fd9285e ("net: phy: Keep track of EEE configuration"). The first patch updates the DSA driver to allow phylink to properly manage PHY EEE configuration. Since integrated PHYs handle LPI internally and ports without integrated PHYs do not document MAC-level LPI support, dummy MAC LPI callbacks are provided. The second patch removes outdated EEE workarounds from the micrel PHY driver, as they are no longer needed with correct phylink handling. This series addresses the regression for mainline and kernels starting from v6.14. It is not easily possible to fully fix older kernels due to missing infrastructure changes. Tested on KSZ9893 hardware. Oleksij Rempel (2): net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink drivers/net/dsa/microchip/ksz_common.c | 134 +++++++++++++++++++------ drivers/net/phy/micrel.c | 7 -- include/linux/micrel_phy.h | 1 - 3 files changed, 106 insertions(+), 36 deletions(-) -- 2.39.5

6 months, 3 weeks

2
4
0 0

Re: Patch "drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2)" has been added to the 5.10-stable tree

by Christian König

On 4/26/25 15:40, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2) > > to the 5.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amdgpu-remove-amdgpu_device-arg-from-free_sgt-ap.patch > and it can be found in the queue-5.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Mhm, why has that patch been picked up for backporting? It's a cleanup and not a bug fix. When some other fix depends on it it's probably ok to backport it as well, but stand alone it would probably rather hurt than help, Regards, Christian. > > > > commit 09a1b6ca7c7d9c07c702479646a0a8cfa2329e11 > Author: Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> > Date: Wed Feb 24 20:48:06 2021 -0600 > > drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2) > > [ Upstream commit 5392b2af97dc5802991f953eb2687e538da4688c ] > > Currently callers have to provide handle of amdgpu_device, > which is not used by the implementation. It is unlikely this > parameter will become useful in future, thus removing it > > v2: squash in unused variable fix > > Reviewed-by: Christian König <christian.koenig(a)amd.com> > Signed-off-by: Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Stable-dep-of: c0dd8a9253fa ("drm/amdgpu/dma_buf: fix page_link check") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c > index e93ccdc5faf4e..bbbacc7b6c463 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c > @@ -357,17 +357,12 @@ static void amdgpu_dma_buf_unmap(struct dma_buf_attachment *attach, > struct sg_table *sgt, > enum dma_data_direction dir) > { > - struct dma_buf *dma_buf = attach->dmabuf; > - struct drm_gem_object *obj = dma_buf->priv; > - struct amdgpu_bo *bo = gem_to_amdgpu_bo(obj); > - struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev); > - > if (sgt->sgl->page_link) { > dma_unmap_sgtable(attach->dev, sgt, dir, 0); > sg_free_table(sgt); > kfree(sgt); > } else { > - amdgpu_vram_mgr_free_sgt(adev, attach->dev, dir, sgt); > + amdgpu_vram_mgr_free_sgt(attach->dev, dir, sgt); > } > } > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > index a87951b2f06dd..bd873b1b760cf 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h > @@ -113,8 +113,7 @@ int amdgpu_vram_mgr_alloc_sgt(struct amdgpu_device *adev, > struct device *dev, > enum dma_data_direction dir, > struct sg_table **sgt); > -void amdgpu_vram_mgr_free_sgt(struct amdgpu_device *adev, > - struct device *dev, > +void amdgpu_vram_mgr_free_sgt(struct device *dev, > enum dma_data_direction dir, > struct sg_table *sgt); > uint64_t amdgpu_vram_mgr_usage(struct ttm_resource_manager *man); > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c > index 2c3a94e939bab..ad72db21b8d62 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c > @@ -530,15 +530,13 @@ int amdgpu_vram_mgr_alloc_sgt(struct amdgpu_device *adev, > /** > * amdgpu_vram_mgr_alloc_sgt - allocate and fill a sg table > * > - * @adev: amdgpu device pointer > * @dev: device pointer > * @dir: data direction of resource to unmap > * @sgt: sg table to free > * > * Free a previously allocate sg table. > */ > -void amdgpu_vram_mgr_free_sgt(struct amdgpu_device *adev, > - struct device *dev, > +void amdgpu_vram_mgr_free_sgt(struct device *dev, > enum dma_data_direction dir, > struct sg_table *sgt) > {

6 months, 3 weeks

2
2
0 0

[PATCH net v1 0/2] address EEE regressions on KSZ switches since v6.9 (v6.14+)

by Oleksij Rempel

This patch series addresses a regression in Energy Efficient Ethernet (EEE) handling for KSZ switches with integrated PHYs, introduced in kernel v6.9 by commit fe0d4fd9285e ("net: phy: Keep track of EEE configuration"). The first patch updates the DSA driver to allow phylink to properly manage PHY EEE configuration. Since integrated PHYs handle LPI internally and ports without integrated PHYs do not document MAC-level LPI support, dummy MAC LPI callbacks are provided. The second patch removes outdated EEE workarounds from the micrel PHY driver, as they are no longer needed with correct phylink handling. This series addresses the regression for mainline and kernels starting from v6.14. It is not easily possible to fully fix older kernels due to missing infrastructure changes. Tested on KSZ9893 hardware. Oleksij Rempel (2): net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink drivers/net/dsa/microchip/ksz_common.c | 97 ++++++++++++++++++-------- drivers/net/phy/micrel.c | 7 -- include/linux/micrel_phy.h | 1 - 3 files changed, 69 insertions(+), 36 deletions(-) -- 2.39.5

6 months, 3 weeks

2
5
0 0

Re: Patch "x86/Kconfig: Make CONFIG_PCI_CNB20LE_QUIRK depend on X86_32" has been added to the 6.14-stable tree

by Mateusz Jończyk

Dnia 29 kwietnia 2025 03:41:48 CEST, Sasha Levin <sashal(a)kernel.org> napisał/a: >This is a note to let you know that I've just added the patch titled > > x86/Kconfig: Make CONFIG_PCI_CNB20LE_QUIRK depend on X86_32 > >to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > >The filename of the patch is: > x86-kconfig-make-config_pci_cnb20le_quirk-depend-on-.patch >and it can be found in the queue-6.14 subdirectory. > >If you, or anyone else, feels it should not be added to the stable tree, >please let <stable(a)vger.kernel.org> know about it. Hello, I'd like to ask that this patch be dropped from the stable queues (for 6.14 and earlier kernels). It does not fix anything important, it is just for convenience - to hide this one option from amd64 kernel Kconfig. Greetings, Mateusz > > > >commit 8cc03c8c367ced0228a5fbaec8c02274f11b2a38 >Author: Mateusz Jończyk <mat.jonczyk(a)o2.pl> >Date: Fri Mar 21 21:48:48 2025 +0100 > > x86/Kconfig: Make CONFIG_PCI_CNB20LE_QUIRK depend on X86_32 > > [ Upstream commit d9f87802676bb23b9425aea8ad95c76ad9b50c6e ] > > I was unable to find a good description of the ServerWorks CNB20LE > chipset. However, it was probably exclusively used with the Pentium III > processor (this CPU model was used in all references to it that I > found where the CPU model was provided: dmesgs in [1] and [2]; > [3] page 2; [4]-[7]). > > As is widely known, the Pentium III processor did not support the 64-bit > mode, support for which was introduced by Intel a couple of years later. > So it is safe to assume that no systems with the CNB20LE chipset have > amd64 and the CONFIG_PCI_CNB20LE_QUIRK may now depend on X86_32. > > Additionally, I have determined that most computers with the CNB20LE > chipset did have ACPI support and this driver was inactive on them. > I have submitted a patch to remove this driver, but it was met with > resistance [8]. > > [1] Jim Studt, Re: Problem with ServerWorks CNB20LE and lost interrupts > Linux Kernel Mailing List, https://lkml.org/lkml/2002/1/11/111 > > [2] RedHat Bug 665109 - e100 problems on old Compaq Proliant DL320 > https://bugzilla.redhat.com/show_bug.cgi?id=665109 > > [3] R. Hughes-Jones, S. Dallison, G. Fairey, Performance Measurements on > Gigabit Ethernet NICs and Server Quality Motherboards, > http://datatag.web.cern.ch/papers/pfldnet2003-rhj.doc > > [4] "Hardware for Linux", > Probe #d6b5151873 of Intel STL2-bd A28808-302 Desktop Computer (STL2) > https://linux-hardware.org/?probe=d6b5151873 > > [5] "Hardware for Linux", Probe #0b5d843f10 of Compaq ProLiant DL380 > https://linux-hardware.org/?probe=0b5d843f10 > > [6] Ubuntu Forums, Dell Poweredge 2400 - Adaptec SCSI Bus AIC-7880 > https://ubuntuforums.org/showthread.php?t=1689552 > > [7] Ira W. Snyder, "BISECTED: 2.6.35 (and -git) fail to boot: APIC problems" > https://lkml.org/lkml/2010/8/13/220 > > [8] Bjorn Helgaas, "Re: [PATCH] x86/pci: drop ServerWorks / Broadcom > CNB20LE PCI host bridge driver" > https://lore.kernel.org/lkml/20220318165535.GA840063@bhelgaas/T/ > > Signed-off-by: Mateusz Jończyk <mat.jonczyk(a)o2.pl> > Signed-off-by: David Heideberg <david(a)ixit.cz> > Signed-off-by: Ingo Molnar <mingo(a)kernel.org> > Cc: "H. Peter Anvin" <hpa(a)zytor.com> > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Link: https://lore.kernel.org/r/20250321-x86_x2apic-v3-6-b0cbaa6fa338@ixit.cz > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > >diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >index aeb95b6e55369..de47e7c435679 100644 >--- a/arch/x86/Kconfig >+++ b/arch/x86/Kconfig >@@ -2981,13 +2981,21 @@ config MMCONF_FAM10H > depends on X86_64 && PCI_MMCONFIG && ACPI > > config PCI_CNB20LE_QUIRK >- bool "Read CNB20LE Host Bridge Windows" if EXPERT >- depends on PCI >+ bool "Read PCI host bridge windows from the CNB20LE chipset" if EXPERT >+ depends on X86_32 && PCI > help > Read the PCI windows out of the CNB20LE host bridge. This allows > PCI hotplug to work on systems with the CNB20LE chipset which do > not have ACPI. > >+ The ServerWorks (later Broadcom) CNB20LE was a chipset designed >+ most probably only for Pentium III. >+ >+ To find out if you have such a chipset, search for a PCI device with >+ 1166:0009 PCI IDs, for example by executing >+ lspci -nn | grep '1166:0009' >+ The code is inactive if there is none. >+ > There's no public spec for this chipset, and this functionality > is known to be incomplete. >

6 months, 3 weeks

2
1
0 0

Re: Patch "hardening: Disable GCC randstruct for COMPILE_TEST" has been added to the 6.14-stable tree

by Kees Cook

On April 28, 2025 6:48:46 PM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > hardening: Disable GCC randstruct for COMPILE_TEST Please don't backport this to any stable kernels. There is already a fix in -next and the problem only exists due to a 6.15 landlock change. -- Kees Cook

6 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042947-baffling-scrawny-24d8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042923-flagman-payroll-a044@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042956-parkway-commend-a62f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

6 months, 3 weeks

1
0
0 0

Build failure due to backport of "bpf: Add namespace to BPF internal symbols"

by Shung-Hsi Yu

Hi Sasha, bpf-add-namespace-to-bpf-internal-symbols.patch is stable-queue.git seems like the culprit responsible for build failure in stable 6.12 and earlier (log below). The reason is likely due to the lack of commit cdd30ebb1b9f ("module: Convert symbol namespace to string literal") before v6.13. Getting rid of the quotes s/"BPF_INTERNAL"/BPF_INTERNAL/ probably would be enough to fix it. In file included from .vmlinux.export.c:1: .vmlinux.export.c:1697:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1697:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1697:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1706:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1706:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1706:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1708:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1708:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1708:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ make[2]: *** [scripts/Makefile.vmlinux:18: .vmlinux.export.o] Error 1 make[1]: *** [/home/runner/work/libbpf/libbpf/.kernel/Makefile:1184: vmlinux] Error 2 make: *** [Makefile:224: __sub-make] Error 2 Shung-Hsi Yu

6 months, 3 weeks

2
1
0 0

[PATCH V3] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

FEAT_PMUv3p9 registers such as PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 access from EL1 requires appropriate EL2 fine grained trap configuration via FEAT_FGT2 based trap control registers HDFGRTR2_EL2 and HDFGWTR2_EL2. Otherwise such register accesses will result in traps into EL2. Add a new helper __init_el2_fgt2() which initializes FEAT_FGT2 based fine grained trap control registers HDFGRTR2_EL2 and HDFGWTR2_EL2 (setting the bits nPMICNTR_EL0, nPMICFILTR_EL0 and nPMUACR_EL1) to enable access into PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 registers. Also update booting.rst with SCR_EL3.FGTEn2 requirement for all FEAT_FGT2 based registers to be accessible in EL2. Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Rob Herring <robh(a)kernel.org> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Oliver Upton <oliver.upton(a)linux.dev> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-doc(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: kvmarm(a)lists.linux.dev Fixes: 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") Fixes: d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") Cc: stable(a)vger.kernel.org Tested-by: Rob Herring (Arm) <robh(a)kernel.org> Reviewed-by: Rob Herring (Arm) <robh(a)kernel.org> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- Changes in V3: - Added 'MDCR_EL3.EnPM2 = 0b1' as a booting requirement per Mark - Added 'Fixes:' and 'CC: stable' tags per Mark Changes in V2: https://lore.kernel.org/all/20250203050828.1049370-8-anshuman.khandual@arm.… Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index cad6fdc96b98..dee7b6de864f 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -288,6 +288,12 @@ Before jumping into the kernel, the following conditions must be met: - SCR_EL3.FGTEn (bit 27) must be initialised to 0b1. + For CPUs with the Fine Grained Traps 2 (FEAT_FGT2) extension present: + + - If EL3 is present and the kernel is entered at EL2: + + - SCR_EL3.FGTEn2 (bit 59) must be initialised to 0b1. + For CPUs with support for HCRX_EL2 (FEAT_HCX) present: - If EL3 is present and the kernel is entered at EL2: @@ -382,6 +388,22 @@ Before jumping into the kernel, the following conditions must be met: - SMCR_EL2.EZT0 (bit 30) must be initialised to 0b1. + For CPUs with the Performance Monitors Extension (FEAT_PMUv3p9): + + - If EL3 is present: + + - MDCR_EL3.EnPM2 (bit 7) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HDFGRTR2_EL2.nPMICNTR_EL0 (bit 2) must be initialised to 0b1. + - HDFGRTR2_EL2.nPMICFILTR_EL0 (bit 3) must be initialised to 0b1. + - HDFGRTR2_EL2.nPMUACR_EL1 (bit 4) must be initialised to 0b1. + + - HDFGWTR2_EL2.nPMICNTR_EL0 (bit 2) must be initialised to 0b1. + - HDFGWTR2_EL2.nPMICFILTR_EL0 (bit 3) must be initialised to 0b1. + - HDFGWTR2_EL2.nPMUACR_EL1 (bit 4) must be initialised to 0b1. + For CPUs with Memory Copy and Memory Set instructions (FEAT_MOPS): - If the kernel is entered at EL1 and EL2 is present: diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 25e162651750..1a0071faf57e 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -233,6 +233,30 @@ .Lskip_fgt_\@: .endm +.macro __init_el2_fgt2 + mrs x1, id_aa64mmfr0_el1 + ubfx x1, x1, #ID_AA64MMFR0_EL1_FGT_SHIFT, #4 + cmp x1, #ID_AA64MMFR0_EL1_FGT_FGT2 + b.lt .Lskip_fgt2_\@ + + mov x0, xzr + mrs x1, id_aa64dfr0_el1 + ubfx x1, x1, #ID_AA64DFR0_EL1_PMUVer_SHIFT, #4 + cmp x1, #ID_AA64DFR0_EL1_PMUVer_V3P9 + b.lt .Lskip_pmuv3p9_\@ + + orr x0, x0, #HDFGRTR2_EL2_nPMICNTR_EL0 + orr x0, x0, #HDFGRTR2_EL2_nPMICFILTR_EL0 + orr x0, x0, #HDFGRTR2_EL2_nPMUACR_EL1 +.Lskip_pmuv3p9_\@: + msr_s SYS_HDFGRTR2_EL2, x0 + msr_s SYS_HDFGWTR2_EL2, x0 + msr_s SYS_HFGRTR2_EL2, xzr + msr_s SYS_HFGWTR2_EL2, xzr + msr_s SYS_HFGITR2_EL2, xzr +.Lskip_fgt2_\@: +.endm + .macro __init_el2_gcs mrs_s x1, SYS_ID_AA64PFR1_EL1 ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 @@ -283,6 +307,7 @@ __init_el2_nvhe_idregs __init_el2_cptr __init_el2_fgt + __init_el2_fgt2 __init_el2_gcs .endm -- 2.25.1

6 months, 3 weeks

2
3
0 0

[PATCH v2] drm/amdgpu: Remove redundant return value checks for amdgpu_ras_error_data_init

by Wentao Liang

The function amdgpu_ras_error_data_init() always returns 0, making its return value checks redundant. This patch changes its return type to void and removes all unnecessary checks in the callers. This simplifies the code and avoids confusion about the function's behavior. Additionally, this change keeps the usage consistent within amdgpu_ras_do_page_retirement(), which also does not check the return value. Fixes: 5b1270beb380 ("drm/amdgpu: add ras_err_info to identify RAS error source") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Add a missing semicolon drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 +++++-------------- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 8 ++------ drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 +-- drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 3 +-- 5 files changed, 10 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index 4c9fa24dd972..5be391ebeca3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -182,9 +182,7 @@ static int amdgpu_reserve_page_direct(struct amdgpu_device *adev, uint64_t addre return 0; } - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); memset(&err_rec, 0x0, sizeof(struct eeprom_table_record)); err_data.err_addr = &err_rec; @@ -687,8 +685,7 @@ static struct ras_manager *amdgpu_ras_create_obj(struct amdgpu_device *adev, if (alive_obj(obj)) return NULL; - if (amdgpu_ras_error_data_init(&obj->err_data)) - return NULL; + amdgpu_ras_error_data_init(&obj->err_data); obj->head = *head; obj->adev = adev; @@ -1428,9 +1425,7 @@ static int amdgpu_ras_query_error_status_with_event(struct amdgpu_device *adev, if (!obj) return -EINVAL; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); if (!amdgpu_ras_get_error_query_mode(adev, &error_query_mode)) return -EINVAL; @@ -2255,9 +2250,7 @@ static void amdgpu_ras_interrupt_umc_handler(struct ras_manager *obj, if (!data->cb) return; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return; + amdgpu_ras_error_data_init(&err_data); /* Let IP handle its data, maybe we need get the output * from the callback to update the error type/count, etc @@ -4623,13 +4616,11 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, } } -int amdgpu_ras_error_data_init(struct ras_err_data *err_data) +void amdgpu_ras_error_data_init(struct ras_err_data *err_data) { memset(err_data, 0, sizeof(*err_data)); INIT_LIST_HEAD(&err_data->err_node_list); - - return 0; } static void amdgpu_ras_error_node_release(struct ras_err_node *err_node) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h index 6db772ecfee4..5f88e70fbf5c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h @@ -931,7 +931,7 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, uint32_t reg_list_size, uint32_t instance); -int amdgpu_ras_error_data_init(struct ras_err_data *err_data); +void amdgpu_ras_error_data_init(struct ras_err_data *err_data); void amdgpu_ras_error_data_fini(struct ras_err_data *err_data); int amdgpu_ras_error_statistic_ce_count(struct ras_err_data *err_data, struct amdgpu_smuio_mcm_config_info *mcm_info, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c index 896f3609b0ee..5de6e332c2cd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c @@ -52,9 +52,7 @@ int amdgpu_umc_page_retirement_mca(struct amdgpu_device *adev, struct ras_err_data err_data; int ret; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); err_data.err_addr = kcalloc(adev->umc.max_ras_err_cnt_per_query, @@ -230,9 +228,7 @@ int amdgpu_umc_pasid_poison_handler(struct amdgpu_device *adev, }; struct ras_manager *obj = amdgpu_ras_find_obj(adev, &head); - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); ret = amdgpu_umc_do_page_retirement(adev, &err_data, NULL, reset); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c index a26a9be58eac..d4bdfe280c88 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c @@ -364,8 +364,7 @@ static void nbio_v7_4_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); if (adev->asic_type == CHIP_ALDEBARAN) bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, mmBIF_DOORBELL_INT_CNTL_ALDE); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c index 8a0a63ac88d2..c79ed1adf681 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c @@ -537,8 +537,7 @@ static void nbio_v7_9_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, regBIF_BX0_BIF_DOORBELL_INT_CNTL); -- 2.42.0.windows.2

6 months, 3 weeks

1
0
0 0

[PATCH] fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()

by Max Kellermann

If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O request via erofs_fileio_rq_submit() and allocate a new I/O request with an empty `struct bio`. Then it retries the bio_add_folio() call. However, at this point, erofs_onlinefolio_split() has already been called which increments `folio->private`; the retry will call erofs_onlinefolio_split() again, but there will never be a matching erofs_onlinefolio_end() call. This leaves the folio locked forever and all waiters will be stuck in folio_wait_bit_common(). This bug has been added by commit ce63cb62d794 ("erofs: support unencoded inodes for fileio"), but was practically unreachable because there was room for 256 folios in the `struct bio` - until commit 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") which reduced the array capacity to 16 folios. It was now trivial to trigger the bug by manually invoking readahead from userspace, e.g.: posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED); This should be fixed by invoking erofs_onlinefolio_split() only after bio_add_folio() has succeeded. This is safe: asynchronous completions invoking erofs_onlinefolio_end() will not unlock the folio because erofs_fileio_scan_folio() is still holding a reference to be released by erofs_onlinefolio_end() at the end. Fixes: ce63cb62d794 ("erofs: support unencoded inodes for fileio") Fixes: 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/erofs/fileio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/erofs/fileio.c b/fs/erofs/fileio.c index 4fa0a0121288..60c7cc4c105c 100644 --- a/fs/erofs/fileio.c +++ b/fs/erofs/fileio.c @@ -150,10 +150,10 @@ static int erofs_fileio_scan_folio(struct erofs_fileio *io, struct folio *folio) io->rq->bio.bi_iter.bi_sector = io->dev.m_pa >> 9; attached = 0; } - if (!attached++) - erofs_onlinefolio_split(folio); if (!bio_add_folio(&io->rq->bio, folio, len, cur)) goto io_retry; + if (!attached++) + erofs_onlinefolio_split(folio); io->dev.m_pa += len; } cur += len; -- 2.47.2

6 months, 3 weeks

2
1
0 0

kernel BUG in write_dev_supers in linux6.15-rc1

by Jianzhou Zhao

Hello, I found a potential bug titled " kernel BUG in write_dev_supers " with modified syzkaller in the Linux6.15-rc1. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : 0af2f6be1b4281385b618cb86ad946eded089ac8 kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=4c918722cb7e3d7 compiler: gcc version 11.4.0 Unfortunately, we failed to generate the reproduction program of this bug. ------------[ cut here ]----------------------------------------- TITLE: kernel BUG in write_dev_supers ------------[ cut here ]------------ ================================================================== assertion failed: folio_order(folio) == 0, in fs/btrfs/disk-io.c:3856 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:3856! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 9462 Comm: syz-executor Not tainted 6.15.0-rc1-dirty #9 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:write_dev_supers+0x7f0/0x910 fs/btrfs/disk-io.c:3856 Code: e9 03 ff ff ff e8 70 a3 eb fd b9 10 0f 00 00 48 c7 c2 60 c0 d9 8b 48 c7 c6 60 c7 d9 8b 48 c7 c7 e0 c0 d9 8b e8 41 d4 ca fd 90 <0f> 0b 48 8b 7c 24 38 e8 04 f9 51 fe e9 3d f9 ff ff e8 3a f8 51 fe RSP: 0018:ffffc900053ff7c0 EFLAGS: 00010286 RAX: 0000000000000045 RBX: ffff888029e60000 RCX: ffffffff819a5929 RDX: 0000000000000000 RSI: ffff88801eb9bc80 RDI: 0000000000000002 RBP: ffffea0001560a00 R08: fffffbfff1c4bb00 R09: fffff52000a7feb1 R10: fffff52000a7feb0 R11: ffffc900053ff587 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000001000000 FS: 000055556e3c5500(0000) GS:ffff888097b41000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8af4976080 CR3: 0000000076248000 CR4: 0000000000752ef0 PKRU: 80000000 Call Trace: <TASK> write_all_supers+0x921/0x3680 fs/btrfs/disk-io.c:4153 btrfs_commit_transaction+0x2dad/0x4620 fs/btrfs/transaction.c:2541 btrfs_sync_fs+0x130/0x760 fs/btrfs/super.c:1040 sync_filesystem fs/sync.c:66 [inline] sync_filesystem+0x1d3/0x2a0 fs/sync.c:30 generic_shutdown_super+0x74/0x390 fs/super.c:621 kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3c/0x50 fs/btrfs/super.c:2100 deactivate_locked_super+0xb8/0x130 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xb1/0xd0 fs/super.c:502 cleanup_mnt+0x378/0x510 fs/namespace.c:1435 task_work_run+0x16f/0x280 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x29e/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xdc/0x260 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe31fbadfcb Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 RSP: 002b:00007fff6eed1d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00000000000000cf RCX: 00007fe31fbadfcb RDX: 00007fe31fa4eb30 RSI: 0000000000000009 RDI: 00007fff6eed1e50 RBP: 00007fff6eed1e50 R08: 0000000000000000 R09: 00007fff6eed1c20 R10: 000055556e3d8673 R11: 0000000000000246 R12: 00007fe31fc44135 R13: 00007fff6eed2f20 R14: 000055556e3d8600 R15: 000000000003644b </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:write_dev_supers+0x7f0/0x910 fs/btrfs/disk-io.c:3856 Code: e9 03 ff ff ff e8 70 a3 eb fd b9 10 0f 00 00 48 c7 c2 60 c0 d9 8b 48 c7 c6 60 c7 d9 8b 48 c7 c7 e0 c0 d9 8b e8 41 d4 ca fd 90 <0f> 0b 48 8b 7c 24 38 e8 04 f9 51 fe e9 3d f9 ff ff e8 3a f8 51 fe RSP: 0018:ffffc900053ff7c0 EFLAGS: 00010286 RAX: 0000000000000045 RBX: ffff888029e60000 RCX: ffffffff819a5929 RDX: 0000000000000000 RSI: ffff88801eb9bc80 RDI: 0000000000000002 RBP: ffffea0001560a00 R08: fffffbfff1c4bb00 R09: fffff52000a7feb1 R10: fffff52000a7feb0 R11: ffffc900053ff587 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000001000000 FS: 000055556e3c5500(0000) GS:ffff8880eb341000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa5b213e730 CR3: 0000000076248000 CR4: 0000000000752ef0 PKRU: 80000000 ================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
1
0 0

[PATCH v2] usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version

by Pawel Laszczak

The controllers with rtl version larger than RTL_REVISION_NEW_LPM (0x00002700) has bug which causes that controller doesn't resume from L1 state. It happens if after receiving LPM packet controller starts transitioning to L1 and in this moment the driver force resuming by write operation to PORTSC.PLS. It's corner case and happens when write operation to PORTSC occurs during device delay before transitioning to L1 after transmitting ACK time (TL1TokenRetry). Forcing transition from L1->L0 by driver for revision larger than RTL_REVISION_NEW_LPM is not needed, so driver can simply fix this issue through block call of cdnsp_force_l0_go function. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - improved patch description - changed RTL_REVISION_NEW_LPM value drivers/usb/cdns3/cdnsp-gadget.c | 2 ++ drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index 87f310841735..e64c8f7eb0c5 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -1773,6 +1773,8 @@ static void cdnsp_get_rev_cap(struct cdnsp_device *pdev) reg += cdnsp_find_next_ext_cap(reg, 0, RTL_REV_CAP); pdev->rev_cap = reg; + pdev->rtl_revision = readl(&pdev->rev_cap->rtl_revision); + dev_info(pdev->dev, "Rev: %08x/%08x, eps: %08x, buff: %08x/%08x\n", readl(&pdev->rev_cap->ctrl_revision), readl(&pdev->rev_cap->rtl_revision), diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 84887dfea763..357ddbe53917 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -1357,6 +1357,7 @@ struct cdnsp_port { * @rev_cap: Controller Capabilities Registers. * @hcs_params1: Cached register copies of read-only HCSPARAMS1 * @hcc_params: Cached register copies of read-only HCCPARAMS1 + * @rtl_revision: Cached controller rtl revision. * @setup: Temporary buffer for setup packet. * @ep0_preq: Internal allocated request used during enumeration. * @ep0_stage: ep0 stage during enumeration process. @@ -1411,6 +1412,8 @@ struct cdnsp_device { __u32 hcs_params1; __u32 hcs_params3; __u32 hcc_params; + #define RTL_REVISION_NEW_LPM 0x2700 + __u32 rtl_revision; /* Lock used in interrupt thread context. */ spinlock_t lock; struct usb_ctrlrequest setup; diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 46852529499d..fd06cb85c4ea 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -308,7 +308,8 @@ static bool cdnsp_ring_ep_doorbell(struct cdnsp_device *pdev, writel(db_value, reg_addr); - cdnsp_force_l0_go(pdev); + if (pdev->rtl_revision < RTL_REVISION_NEW_LPM) + cdnsp_force_l0_go(pdev); /* Doorbell was set. */ return true; -- 2.43.0

6 months, 3 weeks

2
1
0 0

[PATCH] configfs-tsm-report: Fix NULL dereference of tsm_ops

by Dan Williams

Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, the configfs-tsm-report mechanism has an expectation that tsm_unregister() can happen at any time and cause established config-item access to start failing. That expectation is not fully satisfied. While tsm_report_read(), tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail if tsm_ops have been unregistered, tsm_report_privlevel_store() tsm_report_provider_show() fail to check for ops registration. Add the missing checks for tsm_ops having been removed. Now, in supporting the ability for tsm_unregister() to always succeed, it leaves the problem of what to do with lingering config-items. The expectation is that the admin that arranges for the ->remove() (unbind) of the ${tsm_arch}-guest driver is also responsible for deletion of all open config-items. Until that deletion happens, ->probe() (reload / bind) of the ${tsm_arch}-guest driver fails. This allows for emergency shutdown / revocation of attestation interfaces, and requires coordinated restart. Fixes: 70e6f7e2b985 ("configfs-tsm: Introduce a shared ABI for attestation reports") Cc: stable(a)vger.kernel.org Cc: Suzuki K Poulose <suzuki.poulose(a)arm.com> Cc: Steven Price <steven.price(a)arm.com> Cc: Sami Mujawar <sami.mujawar(a)arm.com> Cc: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reported-by: Cedric Xing <cedric.xing(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/virt/coco/tsm.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c index 9432d4e303f1..096f4f7c0c11 100644 --- a/drivers/virt/coco/tsm.c +++ b/drivers/virt/coco/tsm.c @@ -15,6 +15,7 @@ static struct tsm_provider { const struct tsm_ops *ops; void *data; + atomic_t count; } provider; static DECLARE_RWSEM(tsm_rwsem); @@ -92,6 +93,10 @@ static ssize_t tsm_report_privlevel_store(struct config_item *cfg, if (rc) return rc; + guard(rwsem_write)(&tsm_rwsem); + if (!provider.ops) + return -ENXIO; + /* * The valid privilege levels that a TSM might accept, if it accepts a * privilege level setting at all, are a max of TSM_PRIVLEVEL_MAX (see @@ -101,7 +106,6 @@ static ssize_t tsm_report_privlevel_store(struct config_item *cfg, if (provider.ops->privlevel_floor > val || val > TSM_PRIVLEVEL_MAX) return -EINVAL; - guard(rwsem_write)(&tsm_rwsem); rc = try_advance_write_generation(report); if (rc) return rc; @@ -115,6 +119,10 @@ static ssize_t tsm_report_privlevel_floor_show(struct config_item *cfg, char *buf) { guard(rwsem_read)(&tsm_rwsem); + + if (!provider.ops) + return -ENXIO; + return sysfs_emit(buf, "%u\n", provider.ops->privlevel_floor); } CONFIGFS_ATTR_RO(tsm_report_, privlevel_floor); @@ -217,6 +225,9 @@ CONFIGFS_ATTR_RO(tsm_report_, generation); static ssize_t tsm_report_provider_show(struct config_item *cfg, char *buf) { guard(rwsem_read)(&tsm_rwsem); + if (!provider.ops) + return -ENXIO; + return sysfs_emit(buf, "%s\n", provider.ops->name); } CONFIGFS_ATTR_RO(tsm_report_, provider); @@ -421,12 +432,20 @@ static struct config_item *tsm_report_make_item(struct config_group *group, if (!state) return ERR_PTR(-ENOMEM); + atomic_inc(&provider.count); config_item_init_type_name(&state->cfg, name, &tsm_report_type); return &state->cfg; } +static void tsm_report_drop_item(struct config_group *group, struct config_item *item) +{ + config_item_put(item); + atomic_dec(&provider.count); +} + static struct configfs_group_operations tsm_report_group_ops = { .make_item = tsm_report_make_item, + .drop_item = tsm_report_drop_item, }; static const struct config_item_type tsm_reports_type = { @@ -459,6 +478,11 @@ int tsm_register(const struct tsm_ops *ops, void *priv) return -EBUSY; } + if (atomic_read(&provider.count)) { + pr_err("configfs/tsm not empty\n"); + return -EBUSY; + } + provider.ops = ops; provider.data = priv; return 0;

6 months, 3 weeks

3
5
0 0

[REGRESSION] 6.14.3 panic - kernel NULL pointer dereference in htb_dequeue

by Alan J. Wylie

#regzbot introduced: 6.14.2..6.14.3 Since 6.14.3 I have been seeing random panics, all in htb_dequeue. 6.14.2 was fine. One only happened 8 hours after the reboot, so bisecting would be prolonged, since I have no idea what is triggering the crash. I've captured three panics with netconsole. All are very similar. I've also included the script I use to initialise tc. As well as when the ppp over ethernet interface comes up, I also run this every 5 minutes as a cron job since my ADSL line can fluctuate between 22 and 30 Mb/s. However, from the timings of the last few lines in /var/log/messages before the crash, it doesn't seem that this is directly related. Finally, I've decoded the first panic. I'm more than happy to help with debugging, if necessary. The system is running up-to-date Gentoo. Linux version 6.14.3 (alan@bilbo) (gcc (Gentoo Hardened 14.2.1_p20241221 p7) 14.2.1 20241221, GNU ld (Gentoo 2.44 p1) 2.44.0) #20 SMP PREEMPT_DYNAMIC Sun Apr 20 21:18:54 BST 2025 Linux bilbo 6.14.3 #20 SMP PREEMPT_DYNAMIC Sun Apr 20 21:18:54 BST 2025 x86_64 AMD FX(tm)-4300 Quad-Core Processor AuthenticAMD GNU/Linux # equery -q list iproute2 sys-apps/iproute2-6.13.0 BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x126/0x220 Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 RSP: 0018:ffffffff81e03e40 EFLAGS: 00000202 RAX: ffff88842ec00000 RBX: ffff8881008d9400 RCX: 0000000000000000 RDX: 00001a94d9502071 RSI: fffffffbb3498394 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 00001a94d7bd7640 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 00001a94d9502071 R15: 0000000000000000 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 rest_init+0xbc/0xc0 start_kernel+0x630/0x630 x86_64_start_reservations+0x25/0x30 x86_64_start_kernel+0x73/0x80 common_startup_64+0x12c/0x138 </TASK> Modules linked in: udp_diag netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe binfmt_misc pppox ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec drm_suballoc_helper ath9k drm_ttm_helper syscopyarea ttm sysfillrect ath9k_common sysimgblt ath9k_hw fb_sys_fops drm_display_helper drm_kms_helper ath mac80211 agpgart pl2303 snd_hda_codec_realtek cfbfillrect snd_hda_codec_generic usbserial snd_hda_codec_hdmi snd_hda_scodec_component cfbimgblt snd_hda_intel fb_io_fops snd_intel_dspcfg cfbcopyarea snd_hda_codec i2c_algo_bit fb snd_hda_core aesni_intel cfg80211 cdc_acm snd_pcm crypto_simd font snd_timer cryptd snd at24 e1000 regmap_i2c acpi_cpufreq libarc4 soundcore k10temp fam15h_power evdev nfsd sch_fq_codel auth_rpcgss lockd grace drm sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid ohci_pci xhci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 usbcore sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 1062b1067 P4D 1062b1067 PUD 1062ae067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88812106e000 RCX: ffff88812106e180 RDX: ffff888129726c00 RSI: ffff888106a052e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88812106e2b0 R09: 0000000036705a4e R10: 0000000000000d03 R11: ffffc9000010cff8 R12: ffff888129726c00 R13: ffff88812106e2b8 R14: 000000d9fd03fce6 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000112716000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:acpi_safe_halt+0x22/0x30 Code: 0f 1f 84 00 00 00 00 00 65 48 8b 05 b8 38 71 7e 48 8b 00 a8 08 75 14 8b 05 a3 92 bb 00 85 c0 7e 07 0f 00 2d 20 4f 15 00 fb f4 <fa> e9 18 77 00 00 0f 1f 84 00 00 00 00 00 8a 47 08 3c 01 75 05 e9 RSP: 0018:ffffc900000c7e80 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88842ec80000 RDX: ffff888100ddd464 RSI: ffff888100ddd400 RDI: ffff888100ddd464 RBP: 0000000000000001 R08: 0000000000000001 R09: 071c71c71c71c71c R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: ffffffff81f982e8 R14: ffffffff81f98300 R15: 0000000000000000 acpi_idle_enter+0x8f/0xa0 cpuidle_enter_state+0xb3/0x220 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 start_secondary+0xed/0xf0 common_startup_64+0x12c/0x138 </TASK> Modules linked in: netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe pppox binfmt_misc ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib ath9k video wmi drm_exec ath9k_common drm_suballoc_helper ath9k_hw drm_ttm_helper syscopyarea ttm sysfillrect sysimgblt ath pl2303 snd_hda_codec_realtek fb_sys_fops snd_hda_codec_generic usbserial mac80211 drm_display_helper snd_hda_codec_hdmi snd_hda_scodec_component drm_kms_helper snd_hda_intel snd_intel_dspcfg snd_hda_codec agpgart cfbfillrect snd_hda_core cfbimgblt fb_io_fops aesni_intel snd_pcm cfg80211 e1000 cfbcopyarea i2c_algo_bit cdc_acm fb crypto_simd snd_timer snd cryptd acpi_cpufreq at24 font fam15h_power libarc4 soundcore k10temp regmap_i2c evdev nfsd sch_fq_codel auth_rpcgss lockd drm grace sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid xhci_pci ohci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd usbcore sha512_ssse3 sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88812106e000 RCX: ffff88812106e180 RDX: ffff888129726c00 RSI: ffff888106a052e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88812106e2b0 R09: 0000000036705a4e R10: 0000000000000d03 R11: ffffc9000010cff8 R12: ffff888129726c00 R13: ffff88812106e2b8 R14: 000000d9fd03fce6 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000112716000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811899d000 RCX: ffff88811899d180 RDX: ffff8881845f2800 RSI: ffff8881069b7ae8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811899d2b0 R09: 000000002997d2aa R10: 0000000000003fbf R11: ffffc9000010cff8 R12: ffff8881845f2800 R13: ffff88811899d2b8 R14: 000000a69ae56401 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000103c80000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue+0x42f/0x610 [sch_htb] __qdisc_run+0x253/0x480 ? timerqueue_del+0x2c/0x40 qdisc_run+0x15/0x30 net_tx_action+0x182/0x1b0 handle_softirqs+0x102/0x240 __irq_exit_rcu+0x3e/0xb0 sysvec_apic_timer_interrupt+0x5b/0x70 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x126/0x220 Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 RSP: 0018:ffffc900000c7e98 EFLAGS: 00000202 RAX: ffff88842ec80000 RBX: ffff888101d7f800 RCX: 0000000000000000 RDX: 000000a6607c6802 RSI: fffffffc350c4254 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 000000e8ec11c440 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 000000a6607c6802 R15: 0000000000000000 ? cpuidle_enter_state+0x116/0x220 cpuidle_enter+0x2a/0x40 do_idle+0x12d/0x1a0 cpu_startup_entry+0x29/0x30 start_secondary+0xed/0xf0 common_startup_64+0x12c/0x138 </TASK> Modules linked in: sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables pppoe tun pppox binfmt_misc ppp_generic slhc netconsole af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec ath9k drm_suballoc_helper drm_ttm_helper syscopyarea ttm ath9k_common ath9k_hw sysfillrect sysimgblt fb_sys_fops drm_display_helper ath pl2303 drm_kms_helper usbserial mac80211 snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi agpgart snd_hda_scodec_component cfbfillrect snd_hda_intel cfbimgblt snd_intel_dspcfg snd_hda_codec fb_io_fops snd_hda_core cfbcopyarea aesni_intel i2c_algo_bit cfg80211 snd_pcm fb snd_timer e1000 snd crypto_simd cdc_acm cryptd at24 font acpi_cpufreq libarc4 soundcore fam15h_power regmap_i2c k10temp evdev nfsd sch_fq_codel auth_rpcgss lockd grace sunrpc drm fuse configfs drm_panel_orientation_quirks backlight loop nfnetlink usbhid xhci_pci ohci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 sha256_ssse3 usbcore sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next+0x0/0x50 Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b RSP: 0018:ffffc9000010ce50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811899d000 RCX: ffff88811899d180 RDX: ffff8881845f2800 RSI: ffff8881069b7ae8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811899d2b0 R09: 000000002997d2aa R10: 0000000000003fbf R11: ffffc9000010cff8 R12: ffff8881845f2800 R13: ffff88811899d2b8 R14: 000000a69ae56401 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000103c80000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- #!/bin/bash # https://www.bufferbloat.net/projects/codel/wiki/Cake/#installing-cake-out-o… # https://trofi.github.io/posts/217-mitigating%20bufferbloat.html #set -x set -o nounset set -o errexit export PATH=/sbin:/bin:/usr/sbin:/usr/bin ext=ppp0 ext_ingress=ppp0ifb0 # [query ADSL modem for up and down rates] echo -e "pppd pppoe UP $UP DN $DN" | systemd-cat -t traffic-control ext_up=$((UP * 95 / 100))kbit ext_down=$((DN * 95 / 100))kbit # below taken from https://wiki.gentoo.org/wiki/Traffic_shaping q=1486 # HTB Quantum = 1500bytes IP + 14 bytes ethernet. # Higher bandwidths may require a higher htb quantum. MEASURE. # Some ADSL devices might require a stab setting. quantum=300 # fq_codel quantum 300 gives a boost to interactive flows # At higher bandwidths (50Mbit+) don't bother modprobe act_mirred modprobe ifb modprobe sch_cake modprobe sch_fq_codel ethtool -K "$ext" tso off gso off gro off # Also turn of gro on ALL interfaces # e.g ethtool -K eth1 gro off if you have eth1 # some devices you may need to run these # commands independently # Clear old queuing disciplines (qdisc) on the interfaces tc qdisc del dev "$ext" root >& /dev/null || true tc qdisc del dev "$ext" ingress >& /dev/null || true tc qdisc del dev "$ext_ingress" root >& /dev/null || true tc qdisc del dev "$ext_ingress" ingress >& /dev/null || true ip link del "$ext_ingress" >& /dev/null || true ######### # INGRESS ######### # Create ingress on external interface tc qdisc add dev "$ext" handle ffff: ingress ip link add name "$ext_ingress" type ifb ip link set dev "$ext_ingress" up || true # if the interace is not up bad things happen # Forward all ingress traffic to the IFB device tc filter add dev "$ext" parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev "$ext_ingress" # Create an EGRESS filter on the IFB device # Warning: sch_htb: quantum of class 10001 is big. Consider r2q change # https://web.archive.org/web/20030514055053/http://www.docum.org/stef.coene/… # default r2q is 10 # since up ADSL rate went from 24.4 Mb/s to 26.8 Mb/s, "r2q 15" started giving a "too big" error # up it to 20, now OK again tc qdisc add dev "$ext_ingress" root handle 1: htb default 11 r2q 20 # Add root class HTB with rate limiting tc class add dev "$ext_ingress" parent 1: classid 1:1 htb rate $ext_down #|& grep -v "Consider r2q change" || true tc class add dev "$ext_ingress" parent 1:1 classid 1:11 htb rate $ext_down prio 0 quantum $q # Add FQ_CODEL qdisc with ECN support (if you want ecn) tc qdisc add dev "$ext_ingress" parent 1:11 fq_codel quantum $quantum ecn ######### # EGRESS ######### # Add FQ_CODEL to EGRESS on external interface tc qdisc add dev "$ext" root handle 1: htb default 11 # Add root class HTB with rate limiting tc class add dev "$ext" parent 1: classid 1:1 htb rate $ext_up tc class add dev "$ext" parent 1:1 classid 1:11 htb rate $ext_up prio 0 quantum $q # Note: You can apply a packet limit here and on ingress if you are memory constrained - e.g # for low bandwidths and machines with < 64MB of ram, limit 1000 is good, otherwise no point # Add FQ_CODEL qdisc without ECN support - on egress it's generally better to just drop the packet # but feel free to enable it if you want. tc qdisc add dev "$ext" parent 1:11 fq_codel quantum $quantum noecn $ cat ~/1.panic | scripts/decode_stacktrace.sh vmlinux BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.14.3 #20 Tainted: [O]=OOT_MODULE Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970A-DS3P, BIOS FD 02/26/2016 RIP: 0010:rb_next (lib/rbtree.c:496) Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b All code ======== 0: e8 d5 fa ff ff call 0xfffffffffffffada 5: 5b pop %rbx 6: 4c 89 e0 mov %r12,%rax 9: 5d pop %rbp a: 41 5c pop %r12 c: 41 5d pop %r13 e: 41 5e pop %r14 10: e9 85 73 01 00 jmp 0x1739a 15: 5b pop %rbx 16: 5d pop %rbp 17: 41 5c pop %r12 19: 41 5d pop %r13 1b: 41 5e pop %r14 1d: e9 38 76 01 00 jmp 0x1765a 22: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 29: 00 2a:* 48 3b 3f cmp (%rdi),%rdi <-- trapping instruction 2d: 48 89 f8 mov %rdi,%rax 30: 74 38 je 0x6a 32: 48 8b 57 08 mov 0x8(%rdi),%rdx 36: 48 85 d2 test %rdx,%rdx 39: 74 11 je 0x4c 3b: 48 89 d0 mov %rdx,%rax 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 48 3b 3f cmp (%rdi),%rdi 3: 48 89 f8 mov %rdi,%rax 6: 74 38 je 0x40 8: 48 8b 57 08 mov 0x8(%rdi),%rdx c: 48 85 d2 test %rdx,%rdx f: 74 11 je 0x22 11: 48 89 d0 mov %rdx,%rax 14: 48 rex.W 15: 8b .byte 0x8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Call Trace: <IRQ> htb_dequeue (net/sched/sch_htb.c:351 (discriminator 1) net/sched/sch_htb.c:924 (discriminator 1) net/sched/sch_htb.c:982 (discriminator 1)) sch_htb __qdisc_run (net/sched/sch_generic.c:294 net/sched/sch_generic.c:398 net/sched/sch_generic.c:416) ? timerqueue_del (lib/timerqueue.c:58) qdisc_run (./include/net/pkt_sched.h:128 ./include/net/pkt_sched.h:124) net_tx_action (net/core/dev.c:5553) handle_softirqs (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/jump_label.h:262 ./include/trace/events/irq.h:142 kernel/softirq.c:562) __irq_exit_rcu (kernel/softirq.c:435 kernel/softirq.c:662) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 (discriminator 35) arch/x86/kernel/apic/apic.c:1049 (discriminator 35)) </IRQ> <TASK> asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:574) RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:292) Code: 18 4c 6f 00 85 c0 7e 0b 8b 73 04 83 cf ff e8 a1 22 e5 ff 31 ff e8 9a 2e 98 ff 45 84 ff 74 07 31 ff e8 0e 58 9d ff fb 45 85 ed <0f> 88 cc 00 00 00 49 63 c5 48 8b 3c 24 48 6b c8 68 48 6b d0 30 49 All code ======== 0: 18 4c 6f 00 sbb %cl,0x0(%rdi,%rbp,2) 4: 85 c0 test %eax,%eax 6: 7e 0b jle 0x13 8: 8b 73 04 mov 0x4(%rbx),%esi b: 83 cf ff or $0xffffffff,%edi e: e8 a1 22 e5 ff call 0xffffffffffe522b4 13: 31 ff xor %edi,%edi 15: e8 9a 2e 98 ff call 0xffffffffff982eb4 1a: 45 84 ff test %r15b,%r15b 1d: 74 07 je 0x26 1f: 31 ff xor %edi,%edi 21: e8 0e 58 9d ff call 0xffffffffff9d5834 26: fb sti 27: 45 85 ed test %r13d,%r13d 2a:* 0f 88 cc 00 00 00 js 0xfc <-- trapping instruction 30: 49 63 c5 movslq %r13d,%rax 33: 48 8b 3c 24 mov (%rsp),%rdi 37: 48 6b c8 68 imul $0x68,%rax,%rcx 3b: 48 6b d0 30 imul $0x30,%rax,%rdx 3f: 49 rex.WB Code starting with the faulting instruction =========================================== 0: 0f 88 cc 00 00 00 js 0xd2 6: 49 63 c5 movslq %r13d,%rax 9: 48 8b 3c 24 mov (%rsp),%rdi d: 48 6b c8 68 imul $0x68,%rax,%rcx 11: 48 6b d0 30 imul $0x30,%rax,%rdx 15: 49 rex.WB RSP: 0018:ffffffff81e03e40 EFLAGS: 00000202 RAX: ffff88842ec00000 RBX: ffff8881008d9400 RCX: 0000000000000000 RDX: 00001a94d9502071 RSI: fffffffbb3498394 RDI: 0000000000000000 RBP: 0000000000000002 R08: 0000000000000002 R09: 00001a94d7bd7640 R10: 0000000000000006 R11: 0000000000000020 R12: ffffffff81f98280 R13: 0000000000000002 R14: 00001a94d9502071 R15: 0000000000000000 cpuidle_enter (drivers/cpuidle/cpuidle.c:391 (discriminator 2)) do_idle (kernel/sched/idle.c:234 kernel/sched/idle.c:325) cpu_startup_entry (kernel/sched/idle.c:422) rest_init (init/main.c:743) start_kernel (init/main.c:1525) x86_64_start_reservations (arch/x86/kernel/head64.c:513) x86_64_start_kernel (??:?) common_startup_64 (arch/x86/kernel/head_64.S:421) </TASK> Modules linked in: udp_diag netconsole sch_htb cls_u32 sch_ingress sch_cake ifb act_mirred xt_hl xt_nat ts_bm xt_string xt_TARPIT(O) xt_CT xt_tcpudp xt_helper nf_nat_ftp nf_conntrack_ftp ip6t_rt ip6table_nat xt_MASQUERADE iptable_nat nf_nat xt_TCPMSS xt_LOG nf_log_syslog ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6table_raw iptable_raw ip6table_mangle iptable_mangle xt_multiport xt_state xt_limit xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun pppoe binfmt_misc pppox ppp_generic slhc af_packet bridge stp llc ctr ccm dm_crypt radeon drm_client_lib video wmi drm_exec drm_suballoc_helper ath9k drm_ttm_helper syscopyarea ttm sysfillrect ath9k_common sysimgblt ath9k_hw fb_sys_fops drm_display_helper drm_kms_helper ath mac80211 agpgart pl2303 snd_hda_codec_realtek cfbfillrect snd_hda_codec_generic usbserial snd_hda_codec_hdmi snd_hda_scodec_component cfbimgblt snd_hda_intel fb_io_fops snd_intel_dspcfg cfbcopyarea snd_hda_codec i2c_algo_bit fb snd_hda_core aesni_intel cfg80211 cdc_acm snd_pcm crypto_simd font snd_timer cryptd snd at24 e1000 regmap_i2c acpi_cpufreq libarc4 soundcore k10temp fam15h_power evdev nfsd sch_fq_codel auth_rpcgss lockd grace drm sunrpc drm_panel_orientation_quirks fuse backlight configfs loop nfnetlink usbhid ohci_pci xhci_pci xhci_hcd ohci_hcd ehci_pci ehci_hcd sha512_ssse3 usbcore sha256_ssse3 sha1_ssse3 sha1_generic gf128mul usb_common dm_mirror dm_region_hash dm_log cpuid i2c_piix4 i2c_smbus i2c_dev i2c_core it87 hwmon_vid msr dmi_sysfs autofs4 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:rb_next (lib/rbtree.c:496) Code: e8 d5 fa ff ff 5b 4c 89 e0 5d 41 5c 41 5d 41 5e e9 85 73 01 00 5b 5d 41 5c 41 5d 41 5e e9 38 76 01 00 0f 1f 84 00 00 00 00 00 <48> 3b 3f 48 89 f8 74 38 48 8b 57 08 48 85 d2 74 11 48 89 d0 48 8b All code ======== 0: e8 d5 fa ff ff call 0xfffffffffffffada 5: 5b pop %rbx 6: 4c 89 e0 mov %r12,%rax 9: 5d pop %rbp a: 41 5c pop %r12 c: 41 5d pop %r13 e: 41 5e pop %r14 10: e9 85 73 01 00 jmp 0x1739a 15: 5b pop %rbx 16: 5d pop %rbp 17: 41 5c pop %r12 19: 41 5d pop %r13 1b: 41 5e pop %r14 1d: e9 38 76 01 00 jmp 0x1765a 22: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 29: 00 2a:* 48 3b 3f cmp (%rdi),%rdi <-- trapping instruction 2d: 48 89 f8 mov %rdi,%rax 30: 74 38 je 0x6a 32: 48 8b 57 08 mov 0x8(%rdi),%rdx 36: 48 85 d2 test %rdx,%rdx 39: 74 11 je 0x4c 3b: 48 89 d0 mov %rdx,%rax 3e: 48 rex.W 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 48 3b 3f cmp (%rdi),%rdi 3: 48 89 f8 mov %rdi,%rax 6: 74 38 je 0x40 8: 48 8b 57 08 mov 0x8(%rdi),%rdx c: 48 85 d2 test %rdx,%rdx f: 74 11 je 0x22 11: 48 89 d0 mov %rdx,%rax 14: 48 rex.W 15: 8b .byte 0x8b RSP: 0018:ffffc90000003e50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811a764000 RCX: ffff88811a764180 RDX: ffff88835e4c6c00 RSI: ffff888162c998e8 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff88811a7642b0 R09: 00000000a535eebc R10: 0000000000000d09 R11: ffffc90000003ff8 R12: ffff88835e4c6c00 R13: ffff88811a7642b8 R14: 00001a951355b383 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88842ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001084b4000 CR4: 00000000000406f0 Kernel panic - not syncing: Fatal exception in interrupt Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- $ -- Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan(a)wylie.me.uk> Dance like no-one's watching. / Encrypt like everyone is. Security is inversely proportional to convenience

6 months, 3 weeks

4
24
0 0

Hello from peter channn

by Peter chan

Hello, I hope you're doing well. I wanted to follow up as I haven't received a response to my previous message—it’s possible it didn’t reach you. Allow me to reintroduce myself. My name is Dr. Peter Chan, and I serve as the Human Resources Manager and Product Research Assistant at Lan Chem Laboratories Ltd. I would appreciate the opportunity to connect and discuss lucrative opportunity, that might interest you .Please let me know a convenient time for you. I look forward to your response. Best regards, Dr. Peter Chan Human Resources Manager & Product Research Assistant Lan Chem Laboratories Ltd. This electronic mail and its attachment(s) is intended only for the recipient(s) to whom it is addressed. It may contain information which may be confidential and/or protected by legal privilege. If you are not the intended recipient(s), reading, disclosing, printing, copying, forwarding this electronic mail and its attachment(s) and/or taking any action in reliance on the information in this electronic mail and its attachment(s) are prohibited. Koperasi Telkomsel/Koperasi Telekomunikasi Selular/Kisel shall not be liable in respect of communication made by its employee which is contrary to the company policy and/or outside the scope of the employment of the individual concerned. The employee will be personally liable for any damages or other liability arising Surat elektronik ini beserta lampirannya dimaksudkan hanya untuk penerima kepada siapa surat tersebut ditujukan. Informasi yang terdapat di dalamnya dapat bersifat rahasia dan/atau dilindungi oleh hukum. Jika Anda bukan penerima yang dituju, Anda dilarang untuk membaca, mengungkapkan, mencetak, menduplikasi/menyalin, meneruskan surat elektronik ini beserta lampirannya dan/atau mengambil tindakan apapun berdasarkan informasi yang terdapat dalam surat elektronik ini beserta lampirannya. Koperasi Telkomsel/Koperasi Telekomunikasi Selular/Kisel tidak bertanggung jawab atas setiap komunikasi karyawan yang bertentangan dengan kebijakan perusahaan dan/atau berada di luar lingkup pekerjaannya. Segala resiko dan akibat yang ditimbulkan merupakan tanggung jawab personal masing-masing.

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ')' in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbu...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ')' in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:2e17160abef3cb44a707a6b2dac8d873f29c593c - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1260:33: error: expected ')' 1260 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1260:1: note: to match this '(' 1260 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ .vmlinux.export.c:1269:42: error: expected ')' 1269 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1269:1: note: to match this '(' 1269 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ .vmlinux.export.c:1271:34: error: expected ')' 1271 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1271:1: note: to match this '(' 1271 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ 3 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fc28a43948caad95c14a3 #kernelci issue maestro:2e17160abef3cb44a707a6b2dac8d873f29c593c Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[PATCH] f2fs: fix to do sanity check on sit_bitmap_size

by Chao Yu

w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid opcode: 0000 [#1] SMP PTI CPU: 11 UID: 0 PID: 3922 Comm: mount Not tainted 6.15.0-rc1+ #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_ra_meta_pages+0x47c/0x490 Call Trace: f2fs_build_segment_manager+0x11c3/0x2600 f2fs_fill_super+0xe97/0x2840 mount_bdev+0xf4/0x140 legacy_get_tree+0x2b/0x50 vfs_get_tree+0x29/0xd0 path_mount+0x487/0xaf0 __x64_sys_mount+0x116/0x150 do_syscall_64+0x82/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fdbfde1bcfe The reaseon is: sit_i->bitmap_size is 192, so size of sit bitmap is 192*8=1536, at maximum there are 1536 sit blocks, however MAIN_SEGS is 261893, so that sit_blk_cnt is 4762, build_sit_entries() -> current_sit_addr() tries to access out-of-boundary in sit_bitmap at offset from [1536, 4762), once sit_bitmap and sit_bitmap_mirror is not the same, it will trigger f2fs_bug_on(). Let's add sanity check in f2fs_sanity_check_ckpt() to avoid panic. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/super.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index eb1275616d8c..8abfbee13204 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -3716,6 +3716,7 @@ int f2fs_sanity_check_ckpt(struct f2fs_sb_info *sbi) block_t user_block_count, valid_user_blocks; block_t avail_node_count, valid_node_count; unsigned int nat_blocks, nat_bits_bytes, nat_bits_blocks; + unsigned int sit_blk_cnt; int i, j; total = le32_to_cpu(raw_super->segment_count); @@ -3827,6 +3828,13 @@ int f2fs_sanity_check_ckpt(struct f2fs_sb_info *sbi) return 1; } + sit_blk_cnt = DIV_ROUND_UP(main_segs, SIT_ENTRY_PER_BLOCK); + if (sit_bitmap_size * 8 < sit_blk_cnt) { + f2fs_err(sbi, "Wrong bitmap size: sit: %u, sit_blk_cnt:%u", + sit_bitmap_size, sit_blk_cnt); + return 1; + } + cp_pack_start_sum = __start_sum_addr(sbi); cp_payload = __cp_payload(sbi); if (cp_pack_start_sum < cp_payload + 1 || -- 2.49.0

6 months, 3 weeks

2
1
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:5e7d4ac9b1bb62b7ce4e9d81fe31aa0726357a6d - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: bcf9e2b721c5e719f339b23ddfb5b0a0c0727cc9 Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1742:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' 1742 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1742:53: error: use of undeclared identifier 'MSM_UART_CR' 1742 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1743:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_TX' 1743 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1743:53: error: use of undeclared identifier 'MSM_UART_CR' 1743 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1744:27: error: use of undeclared identifier 'MSM_UART_CR_TX_ENABLE' 1744 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1744:50: error: use of undeclared identifier 'MSM_UART_CR' 1744 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ 6 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fc02043948caad95c0cfb #kernelci issue maestro:5e7d4ac9b1bb62b7ce4e9d81fe31aa0726357a6d Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:bf938601ba6b379bbb6d272604bf0b09f4c945df - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:2020:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 2020 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2020:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2020 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2020:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2020 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:2029:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 2029 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2029:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2029 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2029:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2029 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:2031:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 2031 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2031:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2031 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2031:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2031 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/x86_64/chromeos-amd-stoneyridge.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc27743948caad95c148f #kernelci issue maestro:bf938601ba6b379bbb6d272604bf0b09f4c945df Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[PATCH net V3] amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload

by Vishal Badole

According to the XGMAC specification, enabling features such as Layer 3 and Layer 4 Packet Filtering, Split Header and Virtualized Network support automatically selects the IPC Full Checksum Offload Engine on the receive side. When RX checksum offload is disabled, these dependent features must also be disabled to prevent abnormal behavior caused by mismatched feature dependencies. Ensure that toggling RX checksum offload (disabling or enabling) properly disables or enables all dependent features, maintaining consistent and expected behavior in the network device. v2->v3: ------- - Removed RSS feature toggling as checksum offloading functions correctly without it v1->v2: ------- - Combine 2 patches into a single patch - Update the "Fix: tag" - Add necessary changes to support earlier versions of the hardware as well Cc: stable(a)vger.kernel.org Fixes: 1a510ccf5869 ("amd-xgbe: Add support for VXLAN offload capabilities") Signed-off-by: Vishal Badole <Vishal.Badole(a)amd.com> --- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +++++++-- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +++++++++++++++++++++-- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 11 +++++++++-- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 ++++ 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c index 230726d7b74f..d41b58fad37b 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c @@ -373,8 +373,13 @@ static int xgbe_map_rx_buffer(struct xgbe_prv_data *pdata, } /* Set up the header page info */ - xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa, - XGBE_SKB_ALLOC_SIZE); + if (pdata->netdev->features & NETIF_F_RXCSUM) { + xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa, + XGBE_SKB_ALLOC_SIZE); + } else { + xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa, + pdata->rx_buf_size); + } /* Set up the buffer page info */ xgbe_set_buffer_data(&rdata->rx.buf, &ring->rx_buf_pa, diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c index 7a923b6e83df..d0a35aab7355 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c @@ -321,6 +321,18 @@ static void xgbe_config_sph_mode(struct xgbe_prv_data *pdata) XGMAC_IOWRITE_BITS(pdata, MAC_RCR, HDSMS, XGBE_SPH_HDSMS_SIZE); } +static void xgbe_disable_sph_mode(struct xgbe_prv_data *pdata) +{ + unsigned int i; + + for (i = 0; i < pdata->channel_count; i++) { + if (!pdata->channel[i]->rx_ring) + break; + + XGMAC_DMA_IOWRITE_BITS(pdata->channel[i], DMA_CH_CR, SPH, 0); + } +} + static int xgbe_write_rss_reg(struct xgbe_prv_data *pdata, unsigned int type, unsigned int index, unsigned int val) { @@ -3750,8 +3762,12 @@ static int xgbe_init(struct xgbe_prv_data *pdata) xgbe_config_tx_coalesce(pdata); xgbe_config_rx_buffer_size(pdata); xgbe_config_tso_mode(pdata); - xgbe_config_sph_mode(pdata); - xgbe_config_rss(pdata); + + if (pdata->netdev->features & NETIF_F_RXCSUM) { + xgbe_config_sph_mode(pdata); + xgbe_config_rss(pdata); + } + desc_if->wrapper_tx_desc_init(pdata); desc_if->wrapper_rx_desc_init(pdata); xgbe_enable_dma_interrupts(pdata); @@ -3910,5 +3926,9 @@ void xgbe_init_function_ptrs_dev(struct xgbe_hw_if *hw_if) hw_if->disable_vxlan = xgbe_disable_vxlan; hw_if->set_vxlan_id = xgbe_set_vxlan_id; + /* For Split Header*/ + hw_if->enable_sph = xgbe_config_sph_mode; + hw_if->disable_sph = xgbe_disable_sph_mode; + DBGPR("<--xgbe_init_function_ptrs\n"); } diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c index f249f89fec38..51b4adb8a404 100755 --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c @@ -2290,10 +2290,17 @@ static int xgbe_set_features(struct net_device *netdev, if (ret) return ret; - if ((features & NETIF_F_RXCSUM) && !rxcsum) + if ((features & NETIF_F_RXCSUM) && !rxcsum) { + hw_if->enable_sph(pdata); + hw_if->enable_vxlan(pdata); hw_if->enable_rx_csum(pdata); - else if (!(features & NETIF_F_RXCSUM) && rxcsum) + schedule_work(&pdata->restart_work); + } else if (!(features & NETIF_F_RXCSUM) && rxcsum) { + hw_if->disable_sph(pdata); + hw_if->disable_vxlan(pdata); hw_if->disable_rx_csum(pdata); + schedule_work(&pdata->restart_work); + } if ((features & NETIF_F_HW_VLAN_CTAG_RX) && !rxvlan) hw_if->enable_rx_vlan_stripping(pdata); diff --git a/drivers/net/ethernet/amd/xgbe/xgbe.h b/drivers/net/ethernet/amd/xgbe/xgbe.h index db73c8f8b139..92b61a318f66 100755 --- a/drivers/net/ethernet/amd/xgbe/xgbe.h +++ b/drivers/net/ethernet/amd/xgbe/xgbe.h @@ -902,6 +902,10 @@ struct xgbe_hw_if { void (*enable_vxlan)(struct xgbe_prv_data *); void (*disable_vxlan)(struct xgbe_prv_data *); void (*set_vxlan_id)(struct xgbe_prv_data *); + + /* For Split Header */ + void (*enable_sph)(struct xgbe_prv_data *pdata); + void (*disable_sph)(struct xgbe_prv_data *pdata); }; /* This structure represents implementation specific routines for an -- 2.34.1

6 months, 3 weeks

3
2
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:b76cc30f77b7553b090563986ff704b6cb486cc7 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1490:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1490 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1490:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1490 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1490:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1490 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1499:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1499 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1499:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1499 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1499:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1499 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1501:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1501 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1501:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1501 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1501:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1501 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-mediatek.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc26d43948caad95c1488 #kernelci issue maestro:b76cc30f77b7553b090563986ff704b6cb486cc7 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:8e2865f6194683f33bbb8b50a0b34432ec684c04 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1190:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1190 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1190:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1190 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1190:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1190 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1199:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1199 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1199:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1199 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1199:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1199 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1201:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1201 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1201:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1201 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1201:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1201 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## imx_v6_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2a643948caad95c1591 #kernelci issue maestro:8e2865f6194683f33bbb8b50a0b34432ec684c04 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:8421d9bd7d9712918c240a3ddb25f8b423e6d1c3 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1553:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1553 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1553:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1553 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1553:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1553 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1562:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1562 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1562:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1562 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1562:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1562 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1564:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1564 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1564:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1564 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1564:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1564 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kcidebug+lab-setup on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2c743948caad95c15b1 #kernelci issue maestro:8421d9bd7d9712918c240a3ddb25f8b423e6d1c3 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:226919bcaaa9d40e69f47be32aabf5e7ae0c04b9 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1622:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1622 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1622:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1622 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1622:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1622 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1631:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1631 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1631:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1631 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1631:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1631 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1633:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1633 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1633:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1633 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1633:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1633 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## i386_defconfig+kselftest on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2e443948caad95c16a7 #kernelci issue maestro:226919bcaaa9d40e69f47be32aabf5e7ae0c04b9 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:919d41f0579d64c448e7226a3a954b0c3f646d97 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1492:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1492 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1492:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1492 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1492:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1492 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1501:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1501 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1501:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1501 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1501:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1501 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1503:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1503 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1503:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1503 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1503:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1503 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-qualcomm.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc27243948caad95c148c #kernelci issue maestro:919d41f0579d64c448e7226a3a954b0c3f646d97 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:481ef3f3cd91fcd1e324a4727e4de3d82e365420 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1126:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1126 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1126:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1126 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1126:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1126 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1135:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1135 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1135:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1135 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1135:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1135 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1137:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1137 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1137:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1137 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1137:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1137 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## defconfig on (riscv): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2ee43948caad95c16b4 #kernelci issue maestro:481ef3f3cd91fcd1e324a4727e4de3d82e365420 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

+ selftests-mm-fix-a-build-failure-on-powerpc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix a build failure on powerpc has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-a-build-failure-on-powerpc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Nysal Jan K.A." <nysal(a)linux.ibm.com> Subject: selftests/mm: fix a build failure on powerpc Date: Mon, 28 Apr 2025 18:49:35 +0530 The compiler is unaware of the size of code generated by the ".rept" assembler directive. This results in the compiler emitting branch instructions where the offset to branch to exceeds the maximum allowed value, resulting in build failures like the following: CC protection_keys /tmp/ccypKWAE.s: Assembler messages: /tmp/ccypKWAE.s:2073: Error: operand out of range (0x0000000000020158 is not between 0xffffffffffff8000 and 0x0000000000007ffc) /tmp/ccypKWAE.s:2509: Error: operand out of range (0x0000000000020130 is not between 0xffffffffffff8000 and 0x0000000000007ffc) Fix the issue by manually adding nop instructions using the preprocessor. Link: https://lkml.kernel.org/r/20250428131937.641989-2-nysal@linux.ibm.com Fixes: 46036188ea1f5 ("selftests/mm: build with -O2") Reported-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Reviewed-by:Donet Tom <donettom(a)linux.ibm.com> Tested-by: Donet Tom <donettom(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pkey-powerpc.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/pkey-powerpc.h~selftests-mm-fix-a-build-failure-on-powerpc +++ a/tools/testing/selftests/mm/pkey-powerpc.h @@ -104,8 +104,18 @@ static inline void expect_fault_on_read_ return; } +#define REPEAT_8(s) s s s s s s s s +#define REPEAT_64(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) \ + REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) +#define REPEAT_512(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) \ + REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) +#define REPEAT_4096(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) \ + REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) +#define REPEAT_16384(s) REPEAT_4096(s) REPEAT_4096(s) \ + REPEAT_4096(s) REPEAT_4096(s) + /* 4-byte instructions * 16384 = 64K page */ -#define __page_o_noops() asm(".rept 16384 ; nop; .endr") +#define __page_o_noops() asm(REPEAT_16384("nop\n")) static inline void *malloc_pkey_with_mprotect_subpage(long size, int prot, u16 pkey) { _ Patches currently in -mm which might be from nysal(a)linux.ibm.com are selftests-mm-fix-a-build-failure-on-powerpc.patch

6 months, 3 weeks

1
0
0 0

+ selftests-mm-fix-build-break-when-compiling-pkey_utilc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix build break when compiling pkey_util.c has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-build-break-when-compiling-pkey_utilc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Madhavan Srinivasan <maddy(a)linux.ibm.com> Subject: selftests/mm: fix build break when compiling pkey_util.c Date: Mon, 28 Apr 2025 18:49:34 +0530 Commit 50910acd6f615 ("selftests/mm: use sys_pkey helpers consistently") added a pkey_util.c to refactor some of the protection_keys functions accessible by other tests. But this broken the build in powerpc in two ways, pkey-powerpc.h: In function `arch_is_powervm': pkey-powerpc.h:73:21: error: storage size of `buf' isn't known 73 | struct stat buf; | ^~~ pkey-powerpc.h:75:14: error: implicit declaration of function `stat'; did you mean `strcat'? [-Wimplicit-function-declaration] 75 | if ((stat("/sys/firmware/devicetree/base/ibm,partition-name", &buf) == 0) && | ^~~~ | strcat Since pkey_util.c includes pkeys-helper.h, which in turn includes pkeys-powerpc.h, stat.h including is missing for "struct stat". This is fixed by adding "sys/stat.h" in pkeys-powerpc.h Secondly, pkey-powerpc.h:55:18: warning: format `%llx' expects argument of type `long long unsigned int', but argument 3 has type `u64' {aka `long unsigned int'} [-Wformat=] 55 | dprintf4("%s() changing %016llx to %016llx\n", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __func__, __read_pkey_reg(), pkey_reg); | ~~~~~~~~~~~~~~~~~ | | | u64 {aka long unsigned int} pkey-helpers.h:63:32: note: in definition of macro `dprintf_level' 63 | sigsafe_printf(args); \ | ^~~~ These format specifier related warning are removed by adding "__SANE_USERSPACE_TYPES__" to pkeys_utils.c. Link: https://lkml.kernel.org/r/20250428131937.641989-1-nysal@linux.ibm.com Fixes: 50910acd6f615 ("selftests/mm: use sys_pkey helpers consistently") Signed-off-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pkey-powerpc.h | 2 ++ tools/testing/selftests/mm/pkey_util.c | 1 + 2 files changed, 3 insertions(+) --- a/tools/testing/selftests/mm/pkey-powerpc.h~selftests-mm-fix-build-break-when-compiling-pkey_utilc +++ a/tools/testing/selftests/mm/pkey-powerpc.h @@ -3,6 +3,8 @@ #ifndef _PKEYS_POWERPC_H #define _PKEYS_POWERPC_H +#include <sys/stat.h> + #ifndef SYS_pkey_alloc # define SYS_pkey_alloc 384 # define SYS_pkey_free 385 --- a/tools/testing/selftests/mm/pkey_util.c~selftests-mm-fix-build-break-when-compiling-pkey_utilc +++ a/tools/testing/selftests/mm/pkey_util.c @@ -1,4 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only +#define __SANE_USERSPACE_TYPES__ #include <sys/syscall.h> #include <unistd.h> _ Patches currently in -mm which might be from maddy(a)linux.ibm.com are selftests-mm-fix-build-break-when-compiling-pkey_utilc.patch

6 months, 3 weeks

1
0
0 0

[PATCH v2] Input: cyttsp5 - fix power control issue on wakeup

by Hugo Villeneuve

From: Mikael Gonella-Bolduc <mgonellabolduc(a)dimonoff.com> The power control function ignores the "on" argument when setting the report ID, and thus is always sending HID_POWER_SLEEP. This causes a problem when trying to wakeup. Fix by sending the state variable, which contains the proper HID_POWER_ON or HID_POWER_SLEEP based on the "on" argument. Fixes: 3c98b8dbdced ("Input: cyttsp5 - implement proper sleep and wakeup procedures") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Signed-off-by: Mikael Gonella-Bolduc <mgonellabolduc(a)dimonoff.com> --- Changes for v2: - Add Mikael SOB tag drivers/input/touchscreen/cyttsp5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/input/touchscreen/cyttsp5.c b/drivers/input/touchscreen/cyttsp5.c index eafe5a9b89648..86edcacb4ab3e 100644 --- a/drivers/input/touchscreen/cyttsp5.c +++ b/drivers/input/touchscreen/cyttsp5.c @@ -580,7 +580,7 @@ static int cyttsp5_power_control(struct cyttsp5 *ts, bool on) int rc; SET_CMD_REPORT_TYPE(cmd[0], 0); - SET_CMD_REPORT_ID(cmd[0], HID_POWER_SLEEP); + SET_CMD_REPORT_ID(cmd[0], state); SET_CMD_OPCODE(cmd[1], HID_CMD_SET_POWER); rc = cyttsp5_write(ts, HID_COMMAND_REG, cmd, sizeof(cmd)); base-commit: 7adf8b1afc14832de099f9e178f08f91dc0dd6d0 -- 2.39.5

6 months, 3 weeks

3
2
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function)...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:d940d725a86576ad87109055564f7d1508cedf2a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e110b4519e01628bc31ba22c9111554d8944c82a Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1728:34: error: ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? 1728 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_RX drivers/tty/serial/msm_serial.c:1728:34: note: each undeclared identifier is reported only once for each function it appears in drivers/tty/serial/msm_serial.c:1728:60: error: ‘MSM_UART_CR’ undeclared (first use in this function); did you mean ‘UART_CR’? 1728 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~ | UART_CR AR drivers/video/fbdev/built-in.a CC drivers/video/of_display_timing.o drivers/tty/serial/msm_serial.c:1729:34: error: ‘MSM_UART_CR_CMD_RESET_TX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_TX’? 1729 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_TX drivers/tty/serial/msm_serial.c:1730:34: error: ‘MSM_UART_CR_TX_ENABLE’ undeclared (first use in this function); did you mean ‘UART_CR_TX_ENABLE’? 1730 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~ | UART_CR_TX_ENABLE CC drivers/video/of_videomode.o CC drivers/tty/serial/xilinx_uartps.o AR drivers/usb/core/built-in.a ===================================================== # Builds where the incident occurred: ## defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fbf8443948caad95c0b94 ## defconfig+lab-setup+kselftest on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fbfc943948caad95c0c27 ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fbfae43948caad95c0bf1 ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fbfb643948caad95c0bfc #kernelci issue maestro:d940d725a86576ad87109055564f7d1508cedf2a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function)...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:4658360a1ef3b10dbc89e4bd12a394656d4c7b8c - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: bcf9e2b721c5e719f339b23ddfb5b0a0c0727cc9 Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1742:34: error: ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? 1742 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_RX drivers/tty/serial/msm_serial.c:1742:34: note: each undeclared identifier is reported only once for each function it appears in drivers/tty/serial/msm_serial.c:1742:60: error: ‘MSM_UART_CR’ undeclared (first use in this function); did you mean ‘UART_CR’? 1742 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~ | UART_CR AR drivers/base/firmware_loader/built-in.a CC drivers/base/regmap/regmap.o drivers/tty/serial/msm_serial.c:1743:34: error: ‘MSM_UART_CR_CMD_RESET_TX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_TX’? 1743 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_TX drivers/tty/serial/msm_serial.c:1744:34: error: ‘MSM_UART_CR_TX_ENABLE’ undeclared (first use in this function); did you mean ‘UART_CR_TX_ENABLE’? 1744 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~ | UART_CR_TX_ENABLE ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc04443948caad95c0d37 ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc03c43948caad95c0d2d #kernelci issue maestro:4658360a1ef3b10dbc89e4bd12a394656d4c7b8c Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) label ‘err_put’ used but not defined in drivers/usb/chipidea/ci_hd...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- label ‘err_put’ used but not defined in drivers/usb/chipidea/ci_hdrc_imx.o (drivers/usb/chipidea/ci_hdrc_imx.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:8334bdc588cf39f59f780a79b56b0197445bb931 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: bcf9e2b721c5e719f339b23ddfb5b0a0c0727cc9 Log excerpt: ===================================================== drivers/usb/chipidea/ci_hdrc_imx.c:402:33: error: label ‘err_put’ used but not defined 402 | goto err_put; | ^~~~ ===================================================== # Builds where the incident occurred: ## multi_v5_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc04043948caad95c0d34 #kernelci issue maestro:8334bdc588cf39f59f780a79b56b0197445bb931 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:e97aa40b96988fc4cd3e5c2e0098abffae9be766 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e110b4519e01628bc31ba22c9111554d8944c82a Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1728:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' 1728 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1728:53: error: use of undeclared identifier 'MSM_UART_CR' 1728 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ CC drivers/scsi/scsi_sysctl.o drivers/tty/serial/msm_serial.c:1729:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_TX' 1729 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1729:53: error: use of undeclared identifier 'MSM_UART_CR' 1729 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1730:27: error: use of undeclared identifier 'MSM_UART_CR_TX_ENABLE' 1730 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1730:50: error: use of undeclared identifier 'MSM_UART_CR' 1730 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ 6 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fbf9b43948caad95c0bce #kernelci issue maestro:e97aa40b96988fc4cd3e5c2e0098abffae9be766 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:6ffcf98c66c5d150243f133e2b6545c2360d68a8 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1417:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1417 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1417:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1417 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1417:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1417 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1426:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1426 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1426:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1426 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1426:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1426 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1428:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1428 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1428:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1428 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1428:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1428 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2ab43948caad95c1595 #kernelci issue maestro:6ffcf98c66c5d150243f133e2b6545c2360d68a8 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function)...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:8f9e585d814ad41cea3f055c8d011c099a1ac9ad - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 7e1718e4648c8d93f1738a07033b83f2fd6b43e5 Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1737:34: error: ‘MSM_UART_CR_CMD_RESET_RX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_RX’? 1737 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_RX drivers/tty/serial/msm_serial.c:1737:34: note: each undeclared identifier is reported only once for each function it appears in drivers/tty/serial/msm_serial.c:1737:60: error: ‘MSM_UART_CR’ undeclared (first use in this function); did you mean ‘UART_CR’? 1737 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^~~~~~~~~~~ | UART_CR drivers/tty/serial/msm_serial.c:1738:34: error: ‘MSM_UART_CR_CMD_RESET_TX’ undeclared (first use in this function); did you mean ‘UART_CR_CMD_RESET_TX’? 1738 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~~~~ | UART_CR_CMD_RESET_TX drivers/tty/serial/msm_serial.c:1739:34: error: ‘MSM_UART_CR_TX_ENABLE’ undeclared (first use in this function); did you mean ‘UART_CR_TX_ENABLE’? 1739 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^~~~~~~~~~~~~~~~~~~~~ | UART_CR_TX_ENABLE ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc0e643948caad95c107c ## defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc09343948caad95c0ea0 #kernelci issue maestro:8f9e585d814ad41cea3f055c8d011c099a1ac9ad Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:5da0a9a420589f98d3a8ea7cb0afbba8ecc7606d - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1260:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1260 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1260:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1260 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1260:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1260 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1269:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1269 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1269:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1269 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1269:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1269 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1271:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1271 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1271:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1271 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1271:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1271 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2cc43948caad95c15b4 ## defconfig+lab-setup+kselftest on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2c243948caad95c15aa #kernelci issue maestro:5da0a9a420589f98d3a8ea7cb0afbba8ecc7606d Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:b3bf65712cbf0afb6965b8e30e3b0b32d73bf462 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:2011:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 2011 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2011:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2011 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2011:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2011 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:2020:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 2020 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2020:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2020 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2020:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2020 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:2022:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 2022 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:2022:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2022 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:2022:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 2022 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/x86_64/chromeos-intel-pineview.flavour.config+lab-setup+x86-board+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc27b43948caad95c1492 #kernelci issue maestro:b3bf65712cbf0afb6965b8e30e3b0b32d73bf462 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ')' in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbu...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ')' in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:4c5b6ca45d520d28e9cb7711bd71952a44f4db34 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1649:33: error: expected ')' 1649 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1649:1: note: to match this '(' 1649 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ .vmlinux.export.c:1658:42: error: expected ')' 1658 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1658:1: note: to match this '(' 1658 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ .vmlinux.export.c:1660:34: error: expected ')' 1660 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^ .vmlinux.export.c:1660:1: note: to match this '(' 1660 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^ ./include/linux/export-internal.h:62:37: note: expanded from macro 'KSYMTAB_FUNC' 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^ ./include/linux/export-internal.h:41:5: note: expanded from macro '__KSYMTAB' 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ 3 errors generated. ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+kselftest+x86-board on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fc29843948caad95c14ba #kernelci issue maestro:4c5b6ca45d520d28e9cb7711bd71952a44f4db34 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux....

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- expected ‘)’ before ‘BPF_INTERNAL’ in .vmlinux.export.o (.vmlinux.export.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:46f49bf36be10baf43434c37b3ddb54286312613 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 0f114e4705bd70a1aade95111161a0a24a597879 Log excerpt: ===================================================== .vmlinux.export.c:1649:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1649 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1649:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1649 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1649:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1649 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1658:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1658 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1658:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1658 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1658:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1658 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1660:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1660 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1660:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1660 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1660:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1660 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+kselftest+x86-board on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc30543948caad95c16c9 ## x86_64_defconfig+lab-setup+x86-board+kselftest on (x86_64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:680fc2f743948caad95c16ba #kernelci issue maestro:46f49bf36be10baf43434c37b3ddb54286312613 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' in drivers/tty/serial/msm_serial.o (drivers/tty/serial/msm_serial.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:d95ff390762699864781d2727badc1f762a8695e - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 7e1718e4648c8d93f1738a07033b83f2fd6b43e5 Log excerpt: ===================================================== drivers/tty/serial/msm_serial.c:1737:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_RX' 1737 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1737:53: error: use of undeclared identifier 'MSM_UART_CR' 1737 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1738:27: error: use of undeclared identifier 'MSM_UART_CR_CMD_RESET_TX' 1738 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1738:53: error: use of undeclared identifier 'MSM_UART_CR' 1738 | msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1739:27: error: use of undeclared identifier 'MSM_UART_CR_TX_ENABLE' 1739 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ drivers/tty/serial/msm_serial.c:1739:50: error: use of undeclared identifier 'MSM_UART_CR' 1739 | msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); | ^ 6 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fc0ab43948caad95c0eb7 #kernelci issue maestro:d95ff390762699864781d2727badc1f762a8695e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) use of undeclared label 'err_put' in drivers/usb/chipidea/ci_hdrc_...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- use of undeclared label 'err_put' in drivers/usb/chipidea/ci_hdrc_imx.o (drivers/usb/chipidea/ci_hdrc_imx.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:0f670a2992fd569c8e6d89a8144eab56c6e1abfb - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: bcf9e2b721c5e719f339b23ddfb5b0a0c0727cc9 Log excerpt: ===================================================== drivers/usb/chipidea/ci_hdrc_imx.c:402:10: error: use of undeclared label 'err_put' 402 | goto err_p CC [M] drivers/rtc/rtc-fsl-ftm-alarm.o ut; | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:680fc01743948caad95c0ced #kernelci issue maestro:0f670a2992fd569c8e6d89a8144eab56c6e1abfb Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8c531e0a8c2d82509ad97c6d3a1e6217c7ed136d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042802-foil-prepaid-54ec@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c531e0a8c2d82509ad97c6d3a1e6217c7ed136d Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Sun, 16 Mar 2025 13:26:56 +0300 Subject: [PATCH] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling usb_phy_init() may return an error code if e.g. its implementation fails to prepare/enable some clocks. And properly rollback on probe error path by calling the counterpart usb_phy_shutdown(). Found by Linux Verification Center (linuxtesting.org). Fixes: be9cae2479f4 ("usb: chipidea: imx: Fix ULPI on imx53") Cc: stable <stable(a)kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/20250316102658.490340-4-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index d942b3c72640..4f8bfd242b59 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -484,7 +484,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) of_usb_get_phy_mode(np) == USBPHY_INTERFACE_MODE_ULPI) { pdata.flags |= CI_HDRC_OVERRIDE_PHY_CONTROL; data->override_phy_control = true; - usb_phy_init(pdata.usb_phy); + ret = usb_phy_init(pdata.usb_phy); + if (ret) { + dev_err(dev, "Failed to init phy\n"); + goto err_clk; + } } if (pdata.flags & CI_HDRC_SUPPORTS_RUNTIME_PM) @@ -493,7 +497,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_usbmisc_init(data->usbmisc_data); if (ret) { dev_err(dev, "usbmisc init failed, ret=%d\n", ret); - goto err_clk; + goto phy_shutdown; } data->ci_pdev = ci_hdrc_add_device(dev, @@ -502,7 +506,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (IS_ERR(data->ci_pdev)) { ret = PTR_ERR(data->ci_pdev); dev_err_probe(dev, ret, "ci_hdrc_add_device failed\n"); - goto err_clk; + goto phy_shutdown; } if (data->usbmisc_data) { @@ -536,6 +540,9 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) disable_device: ci_hdrc_remove_device(data->ci_pdev); +phy_shutdown: + if (data->override_phy_control) + usb_phy_shutdown(data->phy); err_clk: clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk:

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c531e0a8c2d82509ad97c6d3a1e6217c7ed136d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042856-rotten-chatty-2573@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c531e0a8c2d82509ad97c6d3a1e6217c7ed136d Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Sun, 16 Mar 2025 13:26:56 +0300 Subject: [PATCH] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling usb_phy_init() may return an error code if e.g. its implementation fails to prepare/enable some clocks. And properly rollback on probe error path by calling the counterpart usb_phy_shutdown(). Found by Linux Verification Center (linuxtesting.org). Fixes: be9cae2479f4 ("usb: chipidea: imx: Fix ULPI on imx53") Cc: stable <stable(a)kernel.org> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/20250316102658.490340-4-pchelkin@ispras.ru Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index d942b3c72640..4f8bfd242b59 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -484,7 +484,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) of_usb_get_phy_mode(np) == USBPHY_INTERFACE_MODE_ULPI) { pdata.flags |= CI_HDRC_OVERRIDE_PHY_CONTROL; data->override_phy_control = true; - usb_phy_init(pdata.usb_phy); + ret = usb_phy_init(pdata.usb_phy); + if (ret) { + dev_err(dev, "Failed to init phy\n"); + goto err_clk; + } } if (pdata.flags & CI_HDRC_SUPPORTS_RUNTIME_PM) @@ -493,7 +497,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_usbmisc_init(data->usbmisc_data); if (ret) { dev_err(dev, "usbmisc init failed, ret=%d\n", ret); - goto err_clk; + goto phy_shutdown; } data->ci_pdev = ci_hdrc_add_device(dev, @@ -502,7 +506,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (IS_ERR(data->ci_pdev)) { ret = PTR_ERR(data->ci_pdev); dev_err_probe(dev, ret, "ci_hdrc_add_device failed\n"); - goto err_clk; + goto phy_shutdown; } if (data->usbmisc_data) { @@ -536,6 +540,9 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) disable_device: ci_hdrc_remove_device(data->ci_pdev); +phy_shutdown: + if (data->override_phy_control) + usb_phy_shutdown(data->phy); err_clk: clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk:

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xhci: Limit time spent with xHC interrupts disabled during" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bea5892d0ed274e03655223d1977cf59f9aff2f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042852-proximity-drudge-3cec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bea5892d0ed274e03655223d1977cf59f9aff2f2 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 10 Apr 2025 18:18:27 +0300 Subject: [PATCH] xhci: Limit time spent with xHC interrupts disabled during bus resume Current xhci bus resume implementation prevents xHC host from generating interrupts during high-speed USB 2 and super-speed USB 3 bus resume. Only reason to disable interrupts during bus resume would be to prevent the interrupt handler from interfering with the resume process of USB 2 ports. Host initiated resume of USB 2 ports is done in two stages. The xhci driver first transitions the port from 'U3' to 'Resume' state, then wait in Resume for 20ms, and finally moves port to U0 state. xhci driver can't prevent interrupts by keeping the xhci spinlock due to this 20ms sleep. Limit interrupt disabling to the USB 2 port resume case only. resuming USB 2 ports in bus resume is only done in special cases where USB 2 ports had to be forced to suspend during bus suspend. The current way of preventing interrupts by clearing the 'Interrupt Enable' (INTE) bit in USBCMD register won't prevent the Interrupter registers 'Interrupt Pending' (IP), 'Event Handler Busy' (EHB) and USBSTS register Event Interrupt (EINT) bits from being set. New interrupts can't be issued before those bits are properly clered. Disable interrupts by clearing the interrupter register 'Interrupt Enable' (IE) bit instead. This way IP, EHB and INTE won't be set before IE is enabled again and a new interrupt is triggered. Reported-by: Devyn Liu <liudingyuan(a)huawei.com> Closes: https://lore.kernel.org/linux-usb/b1a9e2d51b4d4ff7a304f77c5be8164e@huawei.c… Cc: stable(a)vger.kernel.org Tested-by: Devyn Liu <liudingyuan(a)huawei.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250410151828.2868740-6-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index c0f226584a40..486347776cb2 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1878,9 +1878,10 @@ int xhci_bus_resume(struct usb_hcd *hcd) int max_ports, port_index; int sret; u32 next_state; - u32 temp, portsc; + u32 portsc; struct xhci_hub *rhub; struct xhci_port **ports; + bool disabled_irq = false; rhub = xhci_get_rhub(hcd); ports = rhub->ports; @@ -1896,17 +1897,20 @@ int xhci_bus_resume(struct usb_hcd *hcd) return -ESHUTDOWN; } - /* delay the irqs */ - temp = readl(&xhci->op_regs->command); - temp &= ~CMD_EIE; - writel(temp, &xhci->op_regs->command); - /* bus specific resume for ports we suspended at bus_suspend */ - if (hcd->speed >= HCD_USB3) + if (hcd->speed >= HCD_USB3) { next_state = XDEV_U0; - else + } else { next_state = XDEV_RESUME; - + if (bus_state->bus_suspended) { + /* + * prevent port event interrupts from interfering + * with usb2 port resume process + */ + xhci_disable_interrupter(xhci->interrupters[0]); + disabled_irq = true; + } + } port_index = max_ports; while (port_index--) { portsc = readl(ports[port_index]->addr); @@ -1974,11 +1978,9 @@ int xhci_bus_resume(struct usb_hcd *hcd) (void) readl(&xhci->op_regs->command); bus_state->next_statechange = jiffies + msecs_to_jiffies(5); - /* re-enable irqs */ - temp = readl(&xhci->op_regs->command); - temp |= CMD_EIE; - writel(temp, &xhci->op_regs->command); - temp = readl(&xhci->op_regs->command); + /* re-enable interrupter */ + if (disabled_irq) + xhci_enable_interrupter(xhci->interrupters[0]); spin_unlock_irqrestore(&xhci->lock, flags); return 0; diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index ca390beda85b..90eb491267b5 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -322,7 +322,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci) xhci_info(xhci, "Fault detected\n"); } -static int xhci_enable_interrupter(struct xhci_interrupter *ir) +int xhci_enable_interrupter(struct xhci_interrupter *ir) { u32 iman; @@ -335,7 +335,7 @@ static int xhci_enable_interrupter(struct xhci_interrupter *ir) return 0; } -static int xhci_disable_interrupter(struct xhci_interrupter *ir) +int xhci_disable_interrupter(struct xhci_interrupter *ir) { u32 iman; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 28b6264f8b87..242ab9fbc8ae 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1890,6 +1890,8 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, struct usb_tt *tt, gfp_t mem_flags); int xhci_set_interrupter_moderation(struct xhci_interrupter *ir, u32 imod_interval); +int xhci_enable_interrupter(struct xhci_interrupter *ir); +int xhci_disable_interrupter(struct xhci_interrupter *ir); /* xHCI ring, segment, TRB, and TD functions */ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb);

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xhci: Limit time spent with xHC interrupts disabled during" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bea5892d0ed274e03655223d1977cf59f9aff2f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042851-improvise-serrated-1343@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bea5892d0ed274e03655223d1977cf59f9aff2f2 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 10 Apr 2025 18:18:27 +0300 Subject: [PATCH] xhci: Limit time spent with xHC interrupts disabled during bus resume Current xhci bus resume implementation prevents xHC host from generating interrupts during high-speed USB 2 and super-speed USB 3 bus resume. Only reason to disable interrupts during bus resume would be to prevent the interrupt handler from interfering with the resume process of USB 2 ports. Host initiated resume of USB 2 ports is done in two stages. The xhci driver first transitions the port from 'U3' to 'Resume' state, then wait in Resume for 20ms, and finally moves port to U0 state. xhci driver can't prevent interrupts by keeping the xhci spinlock due to this 20ms sleep. Limit interrupt disabling to the USB 2 port resume case only. resuming USB 2 ports in bus resume is only done in special cases where USB 2 ports had to be forced to suspend during bus suspend. The current way of preventing interrupts by clearing the 'Interrupt Enable' (INTE) bit in USBCMD register won't prevent the Interrupter registers 'Interrupt Pending' (IP), 'Event Handler Busy' (EHB) and USBSTS register Event Interrupt (EINT) bits from being set. New interrupts can't be issued before those bits are properly clered. Disable interrupts by clearing the interrupter register 'Interrupt Enable' (IE) bit instead. This way IP, EHB and INTE won't be set before IE is enabled again and a new interrupt is triggered. Reported-by: Devyn Liu <liudingyuan(a)huawei.com> Closes: https://lore.kernel.org/linux-usb/b1a9e2d51b4d4ff7a304f77c5be8164e@huawei.c… Cc: stable(a)vger.kernel.org Tested-by: Devyn Liu <liudingyuan(a)huawei.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250410151828.2868740-6-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index c0f226584a40..486347776cb2 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1878,9 +1878,10 @@ int xhci_bus_resume(struct usb_hcd *hcd) int max_ports, port_index; int sret; u32 next_state; - u32 temp, portsc; + u32 portsc; struct xhci_hub *rhub; struct xhci_port **ports; + bool disabled_irq = false; rhub = xhci_get_rhub(hcd); ports = rhub->ports; @@ -1896,17 +1897,20 @@ int xhci_bus_resume(struct usb_hcd *hcd) return -ESHUTDOWN; } - /* delay the irqs */ - temp = readl(&xhci->op_regs->command); - temp &= ~CMD_EIE; - writel(temp, &xhci->op_regs->command); - /* bus specific resume for ports we suspended at bus_suspend */ - if (hcd->speed >= HCD_USB3) + if (hcd->speed >= HCD_USB3) { next_state = XDEV_U0; - else + } else { next_state = XDEV_RESUME; - + if (bus_state->bus_suspended) { + /* + * prevent port event interrupts from interfering + * with usb2 port resume process + */ + xhci_disable_interrupter(xhci->interrupters[0]); + disabled_irq = true; + } + } port_index = max_ports; while (port_index--) { portsc = readl(ports[port_index]->addr); @@ -1974,11 +1978,9 @@ int xhci_bus_resume(struct usb_hcd *hcd) (void) readl(&xhci->op_regs->command); bus_state->next_statechange = jiffies + msecs_to_jiffies(5); - /* re-enable irqs */ - temp = readl(&xhci->op_regs->command); - temp |= CMD_EIE; - writel(temp, &xhci->op_regs->command); - temp = readl(&xhci->op_regs->command); + /* re-enable interrupter */ + if (disabled_irq) + xhci_enable_interrupter(xhci->interrupters[0]); spin_unlock_irqrestore(&xhci->lock, flags); return 0; diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index ca390beda85b..90eb491267b5 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -322,7 +322,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci) xhci_info(xhci, "Fault detected\n"); } -static int xhci_enable_interrupter(struct xhci_interrupter *ir) +int xhci_enable_interrupter(struct xhci_interrupter *ir) { u32 iman; @@ -335,7 +335,7 @@ static int xhci_enable_interrupter(struct xhci_interrupter *ir) return 0; } -static int xhci_disable_interrupter(struct xhci_interrupter *ir) +int xhci_disable_interrupter(struct xhci_interrupter *ir) { u32 iman; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 28b6264f8b87..242ab9fbc8ae 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1890,6 +1890,8 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, struct usb_tt *tt, gfp_t mem_flags); int xhci_set_interrupter_moderation(struct xhci_interrupter *ir, u32 imod_interval); +int xhci_enable_interrupter(struct xhci_interrupter *ir); +int xhci_disable_interrupter(struct xhci_interrupter *ir); /* xHCI ring, segment, TRB, and TD functions */ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb);

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f1fb088d9cecde5c3066d8ff8846789667519b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042805-scorer-petty-9d6b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f1fb088d9cecde5c3066d8ff8846789667519b7d Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 4 Apr 2025 12:38:19 -0700 Subject: [PATCH] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Take irqfds.lock when adding/deleting an IRQ bypass producer to ensure irqfd->producer isn't modified while kvm_irq_routing_update() is running. The only lock held when a producer is added/removed is irqbypass's mutex. Fixes: 872768800652 ("KVM: x86: select IRQ_BYPASS_MANAGER") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-ID: <20250404193923.1413163-5-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9c98b77b7dc1..a6829a370e6a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13561,15 +13561,22 @@ int kvm_arch_irq_bypass_add_producer(struct irq_bypass_consumer *cons, { struct kvm_kernel_irqfd *irqfd = container_of(cons, struct kvm_kernel_irqfd, consumer); + struct kvm *kvm = irqfd->kvm; int ret; - irqfd->producer = prod; kvm_arch_start_assignment(irqfd->kvm); + + spin_lock_irq(&kvm->irqfds.lock); + irqfd->producer = prod; + ret = kvm_x86_call(pi_update_irte)(irqfd->kvm, prod->irq, irqfd->gsi, 1); if (ret) kvm_arch_end_assignment(irqfd->kvm); + spin_unlock_irq(&kvm->irqfds.lock); + + return ret; } @@ -13579,9 +13586,9 @@ void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons, int ret; struct kvm_kernel_irqfd *irqfd = container_of(cons, struct kvm_kernel_irqfd, consumer); + struct kvm *kvm = irqfd->kvm; WARN_ON(irqfd->producer != prod); - irqfd->producer = NULL; /* * When producer of consumer is unregistered, we change back to @@ -13589,12 +13596,18 @@ void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons, * when the irq is masked/disabled or the consumer side (KVM * int this case doesn't want to receive the interrupts. */ + spin_lock_irq(&kvm->irqfds.lock); + irqfd->producer = NULL; + ret = kvm_x86_call(pi_update_irte)(irqfd->kvm, prod->irq, irqfd->gsi, 0); if (ret) printk(KERN_INFO "irq bypass consumer (token %p) unregistration" " fails: %d\n", irqfd->consumer.token, ret); + spin_unlock_irq(&kvm->irqfds.lock); + + kvm_arch_end_assignment(irqfd->kvm); }

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f1fb088d9cecde5c3066d8ff8846789667519b7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042805-occupier-decibel-a03d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f1fb088d9cecde5c3066d8ff8846789667519b7d Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 4 Apr 2025 12:38:19 -0700 Subject: [PATCH] KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Take irqfds.lock when adding/deleting an IRQ bypass producer to ensure irqfd->producer isn't modified while kvm_irq_routing_update() is running. The only lock held when a producer is added/removed is irqbypass's mutex. Fixes: 872768800652 ("KVM: x86: select IRQ_BYPASS_MANAGER") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-ID: <20250404193923.1413163-5-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 9c98b77b7dc1..a6829a370e6a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13561,15 +13561,22 @@ int kvm_arch_irq_bypass_add_producer(struct irq_bypass_consumer *cons, { struct kvm_kernel_irqfd *irqfd = container_of(cons, struct kvm_kernel_irqfd, consumer); + struct kvm *kvm = irqfd->kvm; int ret; - irqfd->producer = prod; kvm_arch_start_assignment(irqfd->kvm); + + spin_lock_irq(&kvm->irqfds.lock); + irqfd->producer = prod; + ret = kvm_x86_call(pi_update_irte)(irqfd->kvm, prod->irq, irqfd->gsi, 1); if (ret) kvm_arch_end_assignment(irqfd->kvm); + spin_unlock_irq(&kvm->irqfds.lock); + + return ret; } @@ -13579,9 +13586,9 @@ void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons, int ret; struct kvm_kernel_irqfd *irqfd = container_of(cons, struct kvm_kernel_irqfd, consumer); + struct kvm *kvm = irqfd->kvm; WARN_ON(irqfd->producer != prod); - irqfd->producer = NULL; /* * When producer of consumer is unregistered, we change back to @@ -13589,12 +13596,18 @@ void kvm_arch_irq_bypass_del_producer(struct irq_bypass_consumer *cons, * when the irq is masked/disabled or the consumer side (KVM * int this case doesn't want to receive the interrupts. */ + spin_lock_irq(&kvm->irqfds.lock); + irqfd->producer = NULL; + ret = kvm_x86_call(pi_update_irte)(irqfd->kvm, prod->irq, irqfd->gsi, 0); if (ret) printk(KERN_INFO "irq bypass consumer (token %p) unregistration" " fails: %d\n", irqfd->consumer.token, ret); + spin_unlock_irq(&kvm->irqfds.lock); + + kvm_arch_end_assignment(irqfd->kvm); }

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Reset IRTE to host control if *new* route isn't" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042851-tasting-pushup-f190@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9bcac97dc42d2f4da8229d18feb0fe2b1ce523a2 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 4 Apr 2025 12:38:17 -0700 Subject: [PATCH] KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst case scenario can result in use-after-free, e.g. if the VM is torn down, but the underlying host IRQ isn't freed. Fixes: efc644048ecd ("KVM: x86: Update IRTE for posted-interrupts") Fixes: 411b44ba80ab ("svm: Implements update_pi_irte hook to setup posted interrupt") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-ID: <20250404193923.1413163-3-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index a961e6e67050..8e09f6ae98fd 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -896,6 +896,7 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, { struct kvm_kernel_irq_routing_entry *e; struct kvm_irq_routing_table *irq_rt; + bool enable_remapped_mode = true; int idx, ret = 0; if (!kvm_arch_has_assigned_device(kvm) || !kvm_arch_has_irq_bypass()) @@ -932,6 +933,8 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, kvm_vcpu_apicv_active(&svm->vcpu)) { struct amd_iommu_pi_data pi; + enable_remapped_mode = false; + /* Try to enable guest_mode in IRTE */ pi.base = __sme_set(page_to_phys(svm->avic_backing_page) & AVIC_HPA_MASK); @@ -950,33 +953,6 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, */ if (!ret && pi.is_guest_mode) svm_ir_list_add(svm, &pi); - } else { - /* Use legacy mode in IRTE */ - struct amd_iommu_pi_data pi; - - /** - * Here, pi is used to: - * - Tell IOMMU to use legacy mode for this interrupt. - * - Retrieve ga_tag of prior interrupt remapping data. - */ - pi.prev_ga_tag = 0; - pi.is_guest_mode = false; - ret = irq_set_vcpu_affinity(host_irq, &pi); - - /** - * Check if the posted interrupt was previously - * setup with the guest_mode by checking if the ga_tag - * was cached. If so, we need to clean up the per-vcpu - * ir_list. - */ - if (!ret && pi.prev_ga_tag) { - int id = AVIC_GATAG_TO_VCPUID(pi.prev_ga_tag); - struct kvm_vcpu *vcpu; - - vcpu = kvm_get_vcpu_by_id(kvm, id); - if (vcpu) - svm_ir_list_del(to_svm(vcpu), &pi); - } } if (!ret && svm) { @@ -992,6 +968,34 @@ int avic_pi_update_irte(struct kvm *kvm, unsigned int host_irq, } ret = 0; + if (enable_remapped_mode) { + /* Use legacy mode in IRTE */ + struct amd_iommu_pi_data pi; + + /** + * Here, pi is used to: + * - Tell IOMMU to use legacy mode for this interrupt. + * - Retrieve ga_tag of prior interrupt remapping data. + */ + pi.prev_ga_tag = 0; + pi.is_guest_mode = false; + ret = irq_set_vcpu_affinity(host_irq, &pi); + + /** + * Check if the posted interrupt was previously + * setup with the guest_mode by checking if the ga_tag + * was cached. If so, we need to clean up the per-vcpu + * ir_list. + */ + if (!ret && pi.prev_ga_tag) { + int id = AVIC_GATAG_TO_VCPUID(pi.prev_ga_tag); + struct kvm_vcpu *vcpu; + + vcpu = kvm_get_vcpu_by_id(kvm, id); + if (vcpu) + svm_ir_list_del(to_svm(vcpu), &pi); + } + } out: srcu_read_unlock(&kvm->irq_srcu, idx); return ret; diff --git a/arch/x86/kvm/vmx/posted_intr.c b/arch/x86/kvm/vmx/posted_intr.c index 51116fe69a50..d70e5b90087d 100644 --- a/arch/x86/kvm/vmx/posted_intr.c +++ b/arch/x86/kvm/vmx/posted_intr.c @@ -297,6 +297,7 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, { struct kvm_kernel_irq_routing_entry *e; struct kvm_irq_routing_table *irq_rt; + bool enable_remapped_mode = true; struct kvm_lapic_irq irq; struct kvm_vcpu *vcpu; struct vcpu_data vcpu_info; @@ -335,21 +336,8 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, kvm_set_msi_irq(kvm, e, &irq); if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) || - !kvm_irq_is_postable(&irq)) { - /* - * Make sure the IRTE is in remapped mode if - * we don't handle it in posted mode. - */ - ret = irq_set_vcpu_affinity(host_irq, NULL); - if (ret < 0) { - printk(KERN_INFO - "failed to back to remapped mode, irq: %u\n", - host_irq); - goto out; - } - + !kvm_irq_is_postable(&irq)) continue; - } vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); vcpu_info.vector = irq.vector; @@ -357,11 +345,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, trace_kvm_pi_irte_update(host_irq, vcpu->vcpu_id, e->gsi, vcpu_info.vector, vcpu_info.pi_desc_addr, set); - if (set) - ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); - else - ret = irq_set_vcpu_affinity(host_irq, NULL); + if (!set) + continue; + enable_remapped_mode = false; + + ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); if (ret < 0) { printk(KERN_INFO "%s: failed to update PI IRTE\n", __func__); @@ -369,6 +358,9 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, } } + if (enable_remapped_mode) + ret = irq_set_vcpu_affinity(host_irq, NULL); + ret = 0; out: srcu_read_unlock(&kvm->irq_srcu, idx);

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xen-netfront: handle NULL returned by" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cc3628dcd851ddd8d418bf0c897024b4621ddc92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042858-guacamole-ozone-ac80@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc3628dcd851ddd8d418bf0c897024b4621ddc92 Mon Sep 17 00:00:00 2001 From: Alexey Nepomnyashih <sdl(a)nppct.ru> Date: Thu, 17 Apr 2025 12:21:17 +0000 Subject: [PATCH] xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may lead to a NULL pointer dereference if the result is used later in processing, potentially causing crashes, data corruption, or undefined behavior. On XDP redirect failure, the associated page must be released explicitly if it was previously retained via get_page(). Failing to do so may result in a memory leak, as the pages reference count is not decremented. Cc: stable(a)vger.kernel.org # v5.9+ Fixes: 6c5aa6fc4def ("xen networking: add basic XDP support for xen-netfront") Signed-off-by: Alexey Nepomnyashih <sdl(a)nppct.ru> Link: https://patch.msgid.link/20250417122118.1009824-1-sdl@nppct.ru Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index fc52d5c4c69b..5091e1fa4a0d 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -985,20 +985,27 @@ static u32 xennet_run_xdp(struct netfront_queue *queue, struct page *pdata, act = bpf_prog_run_xdp(prog, xdp); switch (act) { case XDP_TX: - get_page(pdata); xdpf = xdp_convert_buff_to_frame(xdp); - err = xennet_xdp_xmit(queue->info->netdev, 1, &xdpf, 0); - if (unlikely(!err)) - xdp_return_frame_rx_napi(xdpf); - else if (unlikely(err < 0)) + if (unlikely(!xdpf)) { trace_xdp_exception(queue->info->netdev, prog, act); + break; + } + get_page(pdata); + err = xennet_xdp_xmit(queue->info->netdev, 1, &xdpf, 0); + if (unlikely(err <= 0)) { + if (err < 0) + trace_xdp_exception(queue->info->netdev, prog, act); + xdp_return_frame_rx_napi(xdpf); + } break; case XDP_REDIRECT: get_page(pdata); err = xdp_do_redirect(queue->info->netdev, xdp, prog); *need_xdp_flush = true; - if (unlikely(err)) + if (unlikely(err)) { trace_xdp_exception(queue->info->netdev, prog, act); + xdp_return_buff(xdp); + } break; case XDP_PASS: case XDP_DROP:

6 months, 3 weeks

1
0
0 0

GCC 15 and stable kernels

by Chris Clayton

Hi Greg, I've built the four stable kernels that were released on 25 April. I found that to successfully build with GCC-15, each of them required backports of one or both of two upstream commits. Those commits are: Title Commit Author nonstring 9d7a0577c9db35c4cc52db90bc415ea248446472 Linus gnu11 b3bee1e7c3f2b1b77182302c7b2131c804175870 Alexey Dobriyan 6.14.4 and 6.12.25 required only nonstring. 6.6.87 required only gnu11, 6.1.35 required both. Additionally, chasing down why my new Bluetooth mouse doesn't work, I also had cause to build 5.15.180 and found that it needed gnull. I have TO dash out now, but I could send you a zip archive of the patches later today, if that would help. Chris

6 months, 3 weeks

2
3
0 0

Re: FW: Wireless speed regression issue with >6.12.12/6.13.x + firmware update for mediatek MT7925

by Mingyen Hsieh (謝明諺)

Hi, Thanks for reporting this issue. We will conduct testing again. And it is already known that the patch added in 6.12.13 does have some issues, but we have also submitted new patches to fix. Currently, these patches are in the maintainer’s tree. It should soon be included in 6.14 and then ported Back to 6.12.x and 6.13.x. Perhaps you can test the driver from here: https://github.com/nbd168/wireless and apply this patch: https://patchwork.kernel.org/project/linux-wireless/patch/20250317011724.33… Thanks Best Regards, Yen.

6 months, 3 weeks

2
5
0 0

[PATCH 6.6.y] x86/pvh: Call C code via the kernel virtual mapping

by Jason Andryuk

From: Ard Biesheuvel <ardb(a)kernel.org> [ Upstream commit e8fbc0d9cab6c1ee6403f42c0991b0c1d5dbc092 ] Calling C code via a different mapping than it was linked at is problematic, because the compiler assumes that RIP-relative and absolute symbol references are interchangeable. GCC in particular may use RIP-relative per-CPU variable references even when not using -fpic. So call xen_prepare_pvh() via its kernel virtual mapping on x86_64, so that those RIP-relative references produce the correct values. This matches the pre-existing behavior for i386, which also invokes xen_prepare_pvh() via the kernel virtual mapping before invoking startup_32 with paging disabled again. Fixes: 7243b93345f7 ("xen/pvh: Bootstrap PVH guest") Tested-by: Jason Andryuk <jason.andryuk(a)amd.com> Reviewed-by: Jason Andryuk <jason.andryuk(a)amd.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Message-ID: <20241009160438.3884381-8-ardb+git(a)google.com> Signed-off-by: Juergen Gross <jgross(a)suse.com> [ Stable context update ] Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- Stable backport for 6.6. This was added to 6.1, 5.15, and 5.10, but it is also needed for 6.6. Direct cherry-pick needed context fixups, which are made here. This upstream commit was previously included in stable, but with the pre-req of b464b461d27d ("x86/pvh: Set phys_base when calling xen_prepare_pvh()"). Both were subsequently reverted as b464b461d27d caused regressions. This backport, e8fbc0d9cab6, in isolation is correct. This fixes a regression introduced by the backport of upstream commit b4845bb6383821a9516ce30af3a27dc873e37fd4 ("x86/xen: add central hypercall functions") b4845bb63838 adds a comparison between rip-relative xen_hypercall_amd() and kernel virtual address of xen_hypercall_amd() to determine whether to use the AMD or Intel variant. When running from the identity mapped address, the comparison always fail. The leads to calling xen_hypercall_intel(), even on AMD processors, which faults and halts boot. This affects PVH dom0 - domU doesn't seem to be affected. This patch performs the rip-relative mapping from the kernel virtual mapping, so the values can be properly compared. --- arch/x86/platform/pvh/head.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S index c4365a05ab83..fc46b4dfbd74 100644 --- a/arch/x86/platform/pvh/head.S +++ b/arch/x86/platform/pvh/head.S @@ -100,7 +100,12 @@ SYM_CODE_START_LOCAL(pvh_start_xen) xor %edx, %edx wrmsr - call xen_prepare_pvh + /* Call xen_prepare_pvh() via the kernel virtual mapping */ + leaq xen_prepare_pvh(%rip), %rax + subq phys_base(%rip), %rax + addq $__START_KERNEL_map, %rax + ANNOTATE_RETPOLINE_SAFE + call *%rax /* startup_64 expects boot_params in %rsi. */ mov $_pa(pvh_bootparams), %rsi -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH] drm/amdgpu: check a user-provided number of BOs in list

by Alex Deucher

From: Denis Arefev <arefev(a)swemel.ru> The user can set any value to the variable ‘bo_number’, via the ioctl command DRM_IOCTL_AMDGPU_BO_LIST. This will affect the arithmetic expression ‘in->bo_number * in->bo_info_size’, which is prone to overflow. Add a valid value check. Found by Linux Verification Center (linuxtesting.org) with SVACE. v2: drop 0 check as a BO list of 0 is valid (Alex) Fixes: 964d0fbf6301 ("drm/amdgpu: Allow to create BO lists in CS ioctl v3") Cc: stable(a)vger.kernel.org Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Denis Arefev <arefev(a)swemel.ru> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c index 702f6610d0243..81875df6295bb 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c @@ -189,6 +189,9 @@ int amdgpu_bo_create_list_entry_array(struct drm_amdgpu_bo_list_in *in, struct drm_amdgpu_bo_list_entry *info; int r; + if (in->bo_number > USHRT_MAX) + return -EINVAL; + info = kvmalloc_array(in->bo_number, info_size, GFP_KERNEL); if (!info) return -ENOMEM; -- 2.49.0

6 months, 3 weeks

1
0
0 0

[PATCH 2/2] fbdev: Fix fb_ser_var to prevent null-ptr-deref in fb_videomode_to_var

by Murad Masimov

If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ The reason is that fb_info->var is being modified in fb_set_var(), and then fb_videomode_to_var() is called. If it fails to add the mode to fb_info->modelist, fb_set_var() returns error, but does not restore the old value of fb_info->var. Restore fb_info->var on fail the same way it is done earlier in the function. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> --- drivers/video/fbdev/core/fbmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index e1557d80768f..eca2498f2436 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -328,8 +328,10 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) !list_empty(&info->modelist)) ret = fb_add_videomode(&mode, &info->modelist); - if (ret) + if (ret) { + info->var = old_var; return ret; + } event.info = info; event.data = &mode; -- 2.39.2

6 months, 3 weeks

1
0
0 0

[PATCH 1/2] fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var

by Murad Masimov

If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901 Call Trace: display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929 fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071 resize_screen drivers/tty/vt/vt.c:1176 [inline] vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263 fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720 fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776 do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128 fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 ================================================================ Even though fbcon_init() checks beforehand if fb_match_mode() in var_to_display() fails, it can not prevent the panic because fbcon_init() does not return error code. Considering this and the comment in the code about fb_match_mode() returning NULL - "This should not happen" - it is better to prevent registering the fb_info if its mode was not set successfully. Also move fb_add_videomode() closer to the beginning of do_register_framebuffer() to avoid having to do the cleanup on fail. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> --- drivers/video/fbdev/core/fbmem.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 3c568cff2913..e1557d80768f 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -388,7 +388,7 @@ static int fb_check_foreignness(struct fb_info *fi) static int do_register_framebuffer(struct fb_info *fb_info) { - int i; + int i, err = 0; struct fb_videomode mode; if (fb_check_foreignness(fb_info)) @@ -397,10 +397,18 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (num_registered_fb == FB_MAX) return -ENXIO; - num_registered_fb++; for (i = 0 ; i < FB_MAX; i++) if (!registered_fb[i]) break; + + if (!fb_info->modelist.prev || !fb_info->modelist.next) + INIT_LIST_HEAD(&fb_info->modelist); + + fb_var_to_videomode(&mode, &fb_info->var); + err = fb_add_videomode(&mode, &fb_info->modelist); + if (err < 0) + return err; + fb_info->node = i; refcount_set(&fb_info->count, 1); mutex_init(&fb_info->lock); @@ -426,16 +434,12 @@ static int do_register_framebuffer(struct fb_info *fb_info) if (bitmap_empty(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT)) bitmap_fill(fb_info->pixmap.blit_y, FB_MAX_BLIT_HEIGHT); - if (!fb_info->modelist.prev || !fb_info->modelist.next) - INIT_LIST_HEAD(&fb_info->modelist); - if (fb_info->skip_vt_switch) pm_vt_switch_required(fb_info->device, false); else pm_vt_switch_required(fb_info->device, true); - fb_var_to_videomode(&mode, &fb_info->var); - fb_add_videomode(&mode, &fb_info->modelist); + num_registered_fb++; registered_fb[i] = fb_info; #ifdef CONFIG_GUMSTIX_AM200EPD -- 2.39.2

6 months, 3 weeks

1
0
0 0

[PATCH v2] drm/amdgpu: check a user-provided number of BOs in list

by Denis Arefev

The user can set any value to the variable ‘bo_number’, via the ioctl command DRM_IOCTL_AMDGPU_BO_LIST. This will affect the arithmetic expression ‘in->bo_number * in->bo_info_size’, which is prone to overflow. Add a valid value check. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 964d0fbf6301 ("drm/amdgpu: Allow to create BO lists in CS ioctl v3") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- V1 -> V2: Set a reasonable limit 'USHRT_MAX' for 'bo_number' it as Christian König <christian.koenig(a)amd.com> suggested drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c index 702f6610d024..85f7ee1e085d 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c @@ -189,6 +189,9 @@ int amdgpu_bo_create_list_entry_array(struct drm_amdgpu_bo_list_in *in, struct drm_amdgpu_bo_list_entry *info; int r; + if (!in->bo_number || in->bo_number > USHRT_MAX) + return -EINVAL; + info = kvmalloc_array(in->bo_number, info_size, GFP_KERNEL); if (!info) return -ENOMEM; -- 2.43.0

6 months, 3 weeks

5
6
0 0

[PATCH 26/28] drm/amd/display: Fix wrong handling for AUX_DEFER case

by Ray Wu

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why] We incorrectly ack all bytes get written when the reply actually is defer. When it's defer, means sink is not ready for the request. We should retry the request. [How] Only reply all data get written when receive I2C_ACK|AUX_ACK. Otherwise, reply the number of actual written bytes received from the sink. Add some messages to facilitate debugging as well. Fixes: ad6756b4d773 ("drm/amd/display: Shift dc link aux to aux_payload") Cc: stable(a)vger.kernel.org Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> --- .../display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index d8dcfb3efaaa..d19aea595722 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -51,6 +51,9 @@ #define PEAK_FACTOR_X1000 1006 +/* + * This function handles both native AUX and I2C-Over-AUX transactions. + */ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) { @@ -87,15 +90,25 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, if (adev->dm.aux_hpd_discon_quirk) { if (msg->address == DP_SIDEBAND_MSG_DOWN_REQ_BASE && operation_result == AUX_RET_ERROR_HPD_DISCON) { - result = 0; + result = msg->size; operation_result = AUX_RET_SUCCESS; } } - if (payload.write && result >= 0) - result = msg->size; + /* + * result equals to 0 includes the cases of AUX_DEFER/I2C_DEFER + */ + if (payload.write && result >= 0) { + if (result) { + /*one byte indicating partially written bytes. Force 0 to retry*/ + drm_info(adev_to_drm(adev), "amdgpu: AUX partially written\n"); + result = 0; + } else if (!payload.reply[0]) + /*I2C_ACK|AUX_ACK*/ + result = msg->size; + } - if (result < 0) + if (result < 0) { switch (operation_result) { case AUX_RET_SUCCESS: break; @@ -114,6 +127,13 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, break; } + drm_info(adev_to_drm(adev), "amdgpu: DP AUX transfer fail:%d\n", operation_result); + } + + if (payload.reply[0]) + drm_info(adev_to_drm(adev), "amdgpu: AUX reply command not ACK: 0x%02x.", + payload.reply[0]); + return result; } -- 2.43.0

6 months, 3 weeks

1
0
0 0

[PATCH 25/28] drm/amd/display: Copy AUX read reply data whenever length > 0

by Ray Wu

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why] amdgpu_dm_process_dmub_aux_transfer_sync() should return all exact data reply from the sink side. Don't do the analysis job in it. [How] Remove unnecessary check condition AUX_TRANSACTION_REPLY_AUX_ACK. Fixes: ead08b95fa50 ("drm/amd/display: Fix race condition in DPIA AUX transfer") Cc: stable(a)vger.kernel.org Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d9c18e0f7395..88b390609c9f 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -12857,8 +12857,7 @@ int amdgpu_dm_process_dmub_aux_transfer_sync( /* The reply is stored in the top nibble of the command. */ payload->reply[0] = (adev->dm.dmub_notify->aux_reply.command >> 4) & 0xF; - if (!payload->write && p_notify->aux_reply.length && - (payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK)) + if (!payload->write && p_notify->aux_reply.length) memcpy(payload->data, p_notify->aux_reply.data, p_notify->aux_reply.length); -- 2.43.0

6 months, 3 weeks

1
0
0 0

[PATCH 24/28] drm/amd/display: Remove incorrect checking in dmub aux handler

by Ray Wu

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why & How] "Request length != reply length" is expected behavior defined in spec. It's not an invalid reply. Besides, replied data handling logic is not designed to be written in amdgpu_dm_process_dmub_aux_transfer_sync(). Remove the incorrectly handling section. Fixes: ead08b95fa50 ("drm/amd/display: Fix race condition in DPIA AUX transfer") Cc: stable(a)vger.kernel.org Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index ae71ff3d87a7..d9c18e0f7395 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -12858,19 +12858,9 @@ int amdgpu_dm_process_dmub_aux_transfer_sync( payload->reply[0] = (adev->dm.dmub_notify->aux_reply.command >> 4) & 0xF; if (!payload->write && p_notify->aux_reply.length && - (payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK)) { - - if (payload->length != p_notify->aux_reply.length) { - drm_warn(adev_to_drm(adev), "invalid read length %d from DPIA AUX 0x%x(%d)!\n", - p_notify->aux_reply.length, - payload->address, payload->length); - *operation_result = AUX_RET_ERROR_INVALID_REPLY; - goto out; - } - + (payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK)) memcpy(payload->data, p_notify->aux_reply.data, p_notify->aux_reply.length); - } /* success */ ret = p_notify->aux_reply.length; -- 2.43.0

6 months, 3 weeks

1
0
0 0

[PATCH 22/28] drm/amd/display: Shift DMUB AUX reply command if necessary

by Ray Wu

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why] Defined value of dmub AUX reply command field get updated but didn't adjust dm receiving side accordingly. [How] Check the received reply command value to see if it's updated version or not. Adjust it if necessary. Fixes: ead08b95fa50 ("drm/amd/display: Fix race condition in DPIA AUX transfer") Cc: stable(a)vger.kernel.org Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index cd6e7aa91040..a59d0ff999e9 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -12852,8 +12852,11 @@ int amdgpu_dm_process_dmub_aux_transfer_sync( goto out; } + payload->reply[0] = adev->dm.dmub_notify->aux_reply.command & 0xF; + if (adev->dm.dmub_notify->aux_reply.command & 0xF0) + /* The reply is stored in the top nibble of the command. */ + payload->reply[0] = (adev->dm.dmub_notify->aux_reply.command >> 4) & 0xF; - payload->reply[0] = adev->dm.dmub_notify->aux_reply.command; if (!payload->write && p_notify->aux_reply.length && (payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK)) { -- 2.43.0

6 months, 3 weeks

1
0
0 0

[PATCH v3 0/2] media: uvcvideo: Fix Fix deferred probing error

by Ricardo Ribalda

uvc_gpio_parse() can return -EPROBE_DEFER when the GPIOs it depends on have not yet been probed. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v3: - Remove duplicated error messages in uvc_probe() - Link to v2: https://lore.kernel.org/r/20250303-uvc-eprobedefer-v2-0-be7c987cc3ca@chromi… Changes in v2: - Add follow-up patch for using dev_err_probe - Avoid error_retcode style - Link to v1: https://lore.kernel.org/r/20250129-uvc-eprobedefer-v1-1-643b2603c0d2@chromi… --- Ricardo Ribalda (2): media: uvcvideo: Fix deferred probing error media: uvcvideo: Use dev_err_probe for devm_gpiod_get_optional drivers/media/usb/uvc/uvc_driver.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) --- base-commit: f4b211714bcc70effa60c34d9fa613d182e3ef1e change-id: 20250129-uvc-eprobedefer-b5ebb4db63cc Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

6 months, 3 weeks

3
7
0 0

[PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock

by Andrei Kuchynski

This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable(a)vger.kernel.org Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> --- drivers/usb/typec/ucsi/displayport.c | 19 +++++++++------- drivers/usb/typec/ucsi/ucsi.c | 34 ++++++++++++++++++++++++++++ drivers/usb/typec/ucsi/ucsi.h | 2 ++ 3 files changed, 47 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num); -- 2.49.0.805.g082f7c87e0-goog

6 months, 3 weeks

2
1
0 0

[linux-6.6.y bugreport] riscv: kprobe crash as some patchs lost

by Kai Zhang

In most recent linux-6.6.y tree, `arch/riscv/kernel/probes/kprobes.c::arch_prepare_ss_slot` still has the obsolete code: u32 insn = __BUG_INSN_32; unsigned long offset = GET_INSN_LENGTH(p->opcode); p->ainsn.api.restore = (unsigned long)p->addr + offset; patch_text_nosync(p->ainsn.api.insn, &p->opcode, 1); patch_text_nosync((void *)p->ainsn.api.insn + offset, &insn, 1); The last two 1s are wrong size of written instructions , which would lead to kernel crash, like `insmod kprobe_example.ko` gives: [ 509.812815][ T2734] kprobe_init: Planted kprobe at 00000000c5c46130 [ 509.837606][ C5] handler_pre: <kernel_clone> p->addr = 0x00000000c5c46130, pc = 0xffffffff80032ee2, status = 0x200000120 [ 509.839315][ C5] Oops - illegal instruction [#1] I've tried two patchs from torvalds tree and it didn't crash again: 51781ce8f448 riscv: Pass patch_text() the length in bytes (rebased) 13134cc94914 riscv: kprobes: Fix incorrect address calculation Regards, laokz

6 months, 3 weeks

3
10
0 0

FAILED: patch "[PATCH] btrfs: zoned: skip reporting zone for new block group" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 866bafae59ecffcf1840d846cd79740be29f21d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042836-balance-molehill-5c30@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 866bafae59ecffcf1840d846cd79740be29f21d6 Mon Sep 17 00:00:00 2001 From: Naohiro Aota <naohiro.aota(a)wdc.com> Date: Wed, 19 Mar 2025 10:49:17 +0900 Subject: [PATCH] btrfs: zoned: skip reporting zone for new block group There is a potential deadlock if we do report zones in an IO context, detailed in below lockdep report. When one process do a report zones and another process freezes the block device, the report zones side cannot allocate a tag because the freeze is already started. This can thus result in new block group creation to hang forever, blocking the write path. Thankfully, a new block group should be created on empty zones. So, reporting the zones is not necessary and we can set the write pointer = 0 and load the zone capacity from the block layer using bdev_zone_capacity() helper. ====================================================== WARNING: possible circular locking dependency detected 6.14.0-rc1 #252 Not tainted ------------------------------------------------------ modprobe/1110 is trying to acquire lock: ffff888100ac83e0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: __flush_work+0x38f/0xb60 but task is already holding lock: ffff8881205b6f20 (&q->q_usage_counter(queue)#16){++++}-{0:0}, at: sd_remove+0x85/0x130 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&q->q_usage_counter(queue)#16){++++}-{0:0}: blk_queue_enter+0x3d9/0x500 blk_mq_alloc_request+0x47d/0x8e0 scsi_execute_cmd+0x14f/0xb80 sd_zbc_do_report_zones+0x1c1/0x470 sd_zbc_report_zones+0x362/0xd60 blkdev_report_zones+0x1b1/0x2e0 btrfs_get_dev_zones+0x215/0x7e0 [btrfs] btrfs_load_block_group_zone_info+0x6d2/0x2c10 [btrfs] btrfs_make_block_group+0x36b/0x870 [btrfs] btrfs_create_chunk+0x147d/0x2320 [btrfs] btrfs_chunk_alloc+0x2ce/0xcf0 [btrfs] start_transaction+0xce6/0x1620 [btrfs] btrfs_uuid_scan_kthread+0x4ee/0x5b0 [btrfs] kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #2 (&fs_info->dev_replace.rwsem){++++}-{4:4}: down_read+0x9b/0x470 btrfs_map_block+0x2ce/0x2ce0 [btrfs] btrfs_submit_chunk+0x2d4/0x16c0 [btrfs] btrfs_submit_bbio+0x16/0x30 [btrfs] btree_write_cache_pages+0xb5a/0xf90 [btrfs] do_writepages+0x17f/0x7b0 __writeback_single_inode+0x114/0xb00 writeback_sb_inodes+0x52b/0xe00 wb_writeback+0x1a7/0x800 wb_workfn+0x12a/0xbd0 process_one_work+0x85a/0x1460 worker_thread+0x5e2/0xfc0 kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #1 (&fs_info->zoned_meta_io_lock){+.+.}-{4:4}: __mutex_lock+0x1aa/0x1360 btree_write_cache_pages+0x252/0xf90 [btrfs] do_writepages+0x17f/0x7b0 __writeback_single_inode+0x114/0xb00 writeback_sb_inodes+0x52b/0xe00 wb_writeback+0x1a7/0x800 wb_workfn+0x12a/0xbd0 process_one_work+0x85a/0x1460 worker_thread+0x5e2/0xfc0 kthread+0x39d/0x750 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 -> #0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}: __lock_acquire+0x2f52/0x5ea0 lock_acquire+0x1b1/0x540 __flush_work+0x3ac/0xb60 wb_shutdown+0x15b/0x1f0 bdi_unregister+0x172/0x5b0 del_gendisk+0x841/0xa20 sd_remove+0x85/0x130 device_release_driver_internal+0x368/0x520 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 __scsi_remove_device+0x272/0x340 scsi_forget_host+0xf7/0x170 scsi_remove_host+0xd2/0x2a0 sdebug_driver_remove+0x52/0x2f0 [scsi_debug] device_release_driver_internal+0x368/0x520 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 device_unregister+0x13/0xa0 sdebug_do_remove_host+0x1fb/0x290 [scsi_debug] scsi_debug_exit+0x17/0x70 [scsi_debug] __do_sys_delete_module.isra.0+0x321/0x520 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e other info that might help us debug this: Chain exists of: (work_completion)(&(&wb->dwork)->work) --> &fs_info->dev_replace.rwsem --> &q->q_usage_counter(queue)#16 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->q_usage_counter(queue)#16); lock(&fs_info->dev_replace.rwsem); lock(&q->q_usage_counter(queue)#16); lock((work_completion)(&(&wb->dwork)->work)); *** DEADLOCK *** 5 locks held by modprobe/1110: #0: ffff88811f7bc108 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0x8f/0x520 #1: ffff8881022ee0e0 (&shost->scan_mutex){+.+.}-{4:4}, at: scsi_remove_host+0x20/0x2a0 #2: ffff88811b4c4378 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0x8f/0x520 #3: ffff8881205b6f20 (&q->q_usage_counter(queue)#16){++++}-{0:0}, at: sd_remove+0x85/0x130 #4: ffffffffa3284360 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xda/0xb60 stack backtrace: CPU: 0 UID: 0 PID: 1110 Comm: modprobe Not tainted 6.14.0-rc1 #252 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x6a/0x90 print_circular_bug.cold+0x1e0/0x274 check_noncircular+0x306/0x3f0 ? __pfx_check_noncircular+0x10/0x10 ? mark_lock+0xf5/0x1650 ? __pfx_check_irq_usage+0x10/0x10 ? lockdep_lock+0xca/0x1c0 ? __pfx_lockdep_lock+0x10/0x10 __lock_acquire+0x2f52/0x5ea0 ? __pfx___lock_acquire+0x10/0x10 ? __pfx_mark_lock+0x10/0x10 lock_acquire+0x1b1/0x540 ? __flush_work+0x38f/0xb60 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? mark_held_locks+0x94/0xe0 ? __flush_work+0x38f/0xb60 __flush_work+0x3ac/0xb60 ? __flush_work+0x38f/0xb60 ? __pfx_mark_lock+0x10/0x10 ? __pfx___flush_work+0x10/0x10 ? __pfx_wq_barrier_func+0x10/0x10 ? __pfx___might_resched+0x10/0x10 ? mark_held_locks+0x94/0xe0 wb_shutdown+0x15b/0x1f0 bdi_unregister+0x172/0x5b0 ? __pfx_bdi_unregister+0x10/0x10 ? up_write+0x1ba/0x510 del_gendisk+0x841/0xa20 ? __pfx_del_gendisk+0x10/0x10 ? _raw_spin_unlock_irqrestore+0x35/0x60 ? __pm_runtime_resume+0x79/0x110 sd_remove+0x85/0x130 device_release_driver_internal+0x368/0x520 ? kobject_put+0x5d/0x4a0 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 ? __pfx_device_del+0x10/0x10 __scsi_remove_device+0x272/0x340 scsi_forget_host+0xf7/0x170 scsi_remove_host+0xd2/0x2a0 sdebug_driver_remove+0x52/0x2f0 [scsi_debug] ? kernfs_remove_by_name_ns+0xc0/0xf0 device_release_driver_internal+0x368/0x520 ? kobject_put+0x5d/0x4a0 bus_remove_device+0x1f1/0x3f0 device_del+0x3bd/0x9c0 ? __pfx_device_del+0x10/0x10 ? __pfx___mutex_unlock_slowpath+0x10/0x10 device_unregister+0x13/0xa0 sdebug_do_remove_host+0x1fb/0x290 [scsi_debug] scsi_debug_exit+0x17/0x70 [scsi_debug] __do_sys_delete_module.isra.0+0x321/0x520 ? __pfx___do_sys_delete_module.isra.0+0x10/0x10 ? __pfx_slab_free_after_rcu_debug+0x10/0x10 ? kasan_save_stack+0x2c/0x50 ? kasan_record_aux_stack+0xa3/0xb0 ? __call_rcu_common.constprop.0+0xc4/0xfb0 ? kmem_cache_free+0x3a0/0x590 ? __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x180 ? lock_is_held_type+0xd5/0x130 ? __call_rcu_common.constprop.0+0x3c0/0xfb0 ? lockdep_hardirqs_on+0x78/0x100 ? __call_rcu_common.constprop.0+0x3c0/0xfb0 ? __pfx___call_rcu_common.constprop.0+0x10/0x10 ? kmem_cache_free+0x3a0/0x590 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? __pfx___x64_sys_openat+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f436712b68b RSP: 002b:00007ffe9f1a8658 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 RAX: ffffffffffffffda RBX: 00005559b367fd80 RCX: 00007f436712b68b RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005559b367fde8 RBP: 00007ffe9f1a8680 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f43671a5fe0 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ffe9f1a86b0 R14: 0000000000000000 R15: 0000000000000000 </TASK> Reported-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> CC: <stable(a)vger.kernel.org> # 6.13+ Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Naohiro Aota <naohiro.aota(a)wdc.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/zoned.c b/fs/btrfs/zoned.c index 7c502192cd6b..4a3e02b49f29 100644 --- a/fs/btrfs/zoned.c +++ b/fs/btrfs/zoned.c @@ -1277,7 +1277,7 @@ struct zone_info { static int btrfs_load_zone_info(struct btrfs_fs_info *fs_info, int zone_idx, struct zone_info *info, unsigned long *active, - struct btrfs_chunk_map *map) + struct btrfs_chunk_map *map, bool new) { struct btrfs_dev_replace *dev_replace = &fs_info->dev_replace; struct btrfs_device *device; @@ -1307,6 +1307,8 @@ static int btrfs_load_zone_info(struct btrfs_fs_info *fs_info, int zone_idx, return 0; } + ASSERT(!new || btrfs_dev_is_empty_zone(device, info->physical)); + /* This zone will be used for allocation, so mark this zone non-empty. */ btrfs_dev_clear_zone_empty(device, info->physical); @@ -1319,6 +1321,18 @@ static int btrfs_load_zone_info(struct btrfs_fs_info *fs_info, int zone_idx, * to determine the allocation offset within the zone. */ WARN_ON(!IS_ALIGNED(info->physical, fs_info->zone_size)); + + if (new) { + sector_t capacity; + + capacity = bdev_zone_capacity(device->bdev, info->physical >> SECTOR_SHIFT); + up_read(&dev_replace->rwsem); + info->alloc_offset = 0; + info->capacity = capacity << SECTOR_SHIFT; + + return 0; + } + nofs_flag = memalloc_nofs_save(); ret = btrfs_get_dev_zone(device, info->physical, &zone); memalloc_nofs_restore(nofs_flag); @@ -1588,7 +1602,7 @@ int btrfs_load_block_group_zone_info(struct btrfs_block_group *cache, bool new) } for (i = 0; i < map->num_stripes; i++) { - ret = btrfs_load_zone_info(fs_info, i, &zone_info[i], active, map); + ret = btrfs_load_zone_info(fs_info, i, &zone_info[i], active, map, new); if (ret) goto out;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Allocate IR data using atomic allocation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7537deda36521fa8fff9133b39c46e31893606f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042843-headboard-same-531b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7537deda36521fa8fff9133b39c46e31893606f2 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 4 Apr 2025 12:38:16 -0700 Subject: [PATCH] KVM: SVM: Allocate IR data using atomic allocation Allocate SVM's interrupt remapping metadata using GFP_ATOMIC as svm_ir_list_add() is called with IRQs are disabled and irqfs.lock held when kvm_irq_routing_update() reacts to GSI routing changes. Fixes: 411b44ba80ab ("svm: Implements update_pi_irte hook to setup posted interrupt") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-ID: <20250404193923.1413163-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 901d8d2dc169..a961e6e67050 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -820,7 +820,7 @@ static int svm_ir_list_add(struct vcpu_svm *svm, struct amd_iommu_pi_data *pi) * Allocating new amd_iommu_pi_data, which will get * add to the per-vcpu ir_list. */ - ir = kzalloc(sizeof(struct amd_svm_iommu_ir), GFP_KERNEL_ACCOUNT); + ir = kzalloc(sizeof(struct amd_svm_iommu_ir), GFP_ATOMIC | __GFP_ACCOUNT); if (!ir) { ret = -ENOMEM; goto out;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: Handle fp, lsx, lasx and lbt assembly symbols" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2ef174b13344b3b4554d3d28e6f9e2a2c1d3138f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042827-scanner-ripping-3482@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ef174b13344b3b4554d3d28e6f9e2a2c1d3138f Mon Sep 17 00:00:00 2001 From: Tiezhu Yang <yangtiezhu(a)loongson.cn> Date: Thu, 24 Apr 2025 20:15:41 +0800 Subject: [PATCH] LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Like the other relevant symbols, export some fp, lsx, lasx and lbt assembly symbols and put the function declarations in header files rather than source files. While at it, use "asmlinkage" for the other existing C prototypes of assembly functions and also do not use the "extern" keyword with function declarations according to the document coding-style.rst. Cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Tiezhu Yang <yangtiezhu(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/include/asm/fpu.h b/arch/loongarch/include/asm/fpu.h index 3177674228f8..45514f314664 100644 --- a/arch/loongarch/include/asm/fpu.h +++ b/arch/loongarch/include/asm/fpu.h @@ -22,22 +22,29 @@ struct sigcontext; #define kernel_fpu_available() cpu_has_fpu -extern void kernel_fpu_begin(void); -extern void kernel_fpu_end(void); -extern void _init_fpu(unsigned int); -extern void _save_fp(struct loongarch_fpu *); -extern void _restore_fp(struct loongarch_fpu *); +void kernel_fpu_begin(void); +void kernel_fpu_end(void); -extern void _save_lsx(struct loongarch_fpu *fpu); -extern void _restore_lsx(struct loongarch_fpu *fpu); -extern void _init_lsx_upper(void); -extern void _restore_lsx_upper(struct loongarch_fpu *fpu); +asmlinkage void _init_fpu(unsigned int); +asmlinkage void _save_fp(struct loongarch_fpu *); +asmlinkage void _restore_fp(struct loongarch_fpu *); +asmlinkage int _save_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); +asmlinkage int _restore_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern void _save_lasx(struct loongarch_fpu *fpu); -extern void _restore_lasx(struct loongarch_fpu *fpu); -extern void _init_lasx_upper(void); -extern void _restore_lasx_upper(struct loongarch_fpu *fpu); +asmlinkage void _save_lsx(struct loongarch_fpu *fpu); +asmlinkage void _restore_lsx(struct loongarch_fpu *fpu); +asmlinkage void _init_lsx_upper(void); +asmlinkage void _restore_lsx_upper(struct loongarch_fpu *fpu); +asmlinkage int _save_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); +asmlinkage int _restore_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); + +asmlinkage void _save_lasx(struct loongarch_fpu *fpu); +asmlinkage void _restore_lasx(struct loongarch_fpu *fpu); +asmlinkage void _init_lasx_upper(void); +asmlinkage void _restore_lasx_upper(struct loongarch_fpu *fpu); +asmlinkage int _save_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); +asmlinkage int _restore_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); static inline void enable_lsx(void); static inline void disable_lsx(void); diff --git a/arch/loongarch/include/asm/lbt.h b/arch/loongarch/include/asm/lbt.h index e671978bf552..38566574e562 100644 --- a/arch/loongarch/include/asm/lbt.h +++ b/arch/loongarch/include/asm/lbt.h @@ -12,9 +12,13 @@ #include <asm/loongarch.h> #include <asm/processor.h> -extern void _init_lbt(void); -extern void _save_lbt(struct loongarch_lbt *); -extern void _restore_lbt(struct loongarch_lbt *); +asmlinkage void _init_lbt(void); +asmlinkage void _save_lbt(struct loongarch_lbt *); +asmlinkage void _restore_lbt(struct loongarch_lbt *); +asmlinkage int _save_lbt_context(void __user *regs, void __user *eflags); +asmlinkage int _restore_lbt_context(void __user *regs, void __user *eflags); +asmlinkage int _save_ftop_context(void __user *ftop); +asmlinkage int _restore_ftop_context(void __user *ftop); static inline int is_lbt_enabled(void) { diff --git a/arch/loongarch/kernel/fpu.S b/arch/loongarch/kernel/fpu.S index 6ab640101457..28caf416ae36 100644 --- a/arch/loongarch/kernel/fpu.S +++ b/arch/loongarch/kernel/fpu.S @@ -458,6 +458,7 @@ SYM_FUNC_START(_save_fp_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_fp_context) +EXPORT_SYMBOL_GPL(_save_fp_context) /* * a0: fpregs @@ -471,6 +472,7 @@ SYM_FUNC_START(_restore_fp_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_fp_context) +EXPORT_SYMBOL_GPL(_restore_fp_context) /* * a0: fpregs @@ -484,6 +486,7 @@ SYM_FUNC_START(_save_lsx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lsx_context) +EXPORT_SYMBOL_GPL(_save_lsx_context) /* * a0: fpregs @@ -497,6 +500,7 @@ SYM_FUNC_START(_restore_lsx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lsx_context) +EXPORT_SYMBOL_GPL(_restore_lsx_context) /* * a0: fpregs @@ -510,6 +514,7 @@ SYM_FUNC_START(_save_lasx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lasx_context) +EXPORT_SYMBOL_GPL(_save_lasx_context) /* * a0: fpregs @@ -523,6 +528,7 @@ SYM_FUNC_START(_restore_lasx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lasx_context) +EXPORT_SYMBOL_GPL(_restore_lasx_context) .L_fpu_fault: li.w a0, -EFAULT # failure diff --git a/arch/loongarch/kernel/lbt.S b/arch/loongarch/kernel/lbt.S index 001f061d226a..71678912d24c 100644 --- a/arch/loongarch/kernel/lbt.S +++ b/arch/loongarch/kernel/lbt.S @@ -90,6 +90,7 @@ SYM_FUNC_START(_save_lbt_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lbt_context) +EXPORT_SYMBOL_GPL(_save_lbt_context) /* * a0: scr @@ -110,6 +111,7 @@ SYM_FUNC_START(_restore_lbt_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lbt_context) +EXPORT_SYMBOL_GPL(_restore_lbt_context) /* * a0: ftop @@ -120,6 +122,7 @@ SYM_FUNC_START(_save_ftop_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_ftop_context) +EXPORT_SYMBOL_GPL(_save_ftop_context) /* * a0: ftop @@ -150,6 +153,7 @@ SYM_FUNC_START(_restore_ftop_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_ftop_context) +EXPORT_SYMBOL_GPL(_restore_ftop_context) .L_lbt_fault: li.w a0, -EFAULT # failure diff --git a/arch/loongarch/kernel/signal.c b/arch/loongarch/kernel/signal.c index 7a555b600171..4740cb5b2388 100644 --- a/arch/loongarch/kernel/signal.c +++ b/arch/loongarch/kernel/signal.c @@ -51,27 +51,6 @@ #define lock_lbt_owner() ({ preempt_disable(); pagefault_disable(); }) #define unlock_lbt_owner() ({ pagefault_enable(); preempt_enable(); }) -/* Assembly functions to move context to/from the FPU */ -extern asmlinkage int -_save_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern asmlinkage int -_restore_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern asmlinkage int -_save_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_restore_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_save_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_restore_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); - -#ifdef CONFIG_CPU_HAS_LBT -extern asmlinkage int _save_lbt_context(void __user *regs, void __user *eflags); -extern asmlinkage int _restore_lbt_context(void __user *regs, void __user *eflags); -extern asmlinkage int _save_ftop_context(void __user *ftop); -extern asmlinkage int _restore_ftop_context(void __user *ftop); -#endif - struct rt_sigframe { struct siginfo rs_info; struct ucontext rs_uctx;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] LoongArch: Handle fp, lsx, lasx and lbt assembly symbols" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2ef174b13344b3b4554d3d28e6f9e2a2c1d3138f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042827-duo-tweezers-25c2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ef174b13344b3b4554d3d28e6f9e2a2c1d3138f Mon Sep 17 00:00:00 2001 From: Tiezhu Yang <yangtiezhu(a)loongson.cn> Date: Thu, 24 Apr 2025 20:15:41 +0800 Subject: [PATCH] LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Like the other relevant symbols, export some fp, lsx, lasx and lbt assembly symbols and put the function declarations in header files rather than source files. While at it, use "asmlinkage" for the other existing C prototypes of assembly functions and also do not use the "extern" keyword with function declarations according to the document coding-style.rst. Cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Tiezhu Yang <yangtiezhu(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> diff --git a/arch/loongarch/include/asm/fpu.h b/arch/loongarch/include/asm/fpu.h index 3177674228f8..45514f314664 100644 --- a/arch/loongarch/include/asm/fpu.h +++ b/arch/loongarch/include/asm/fpu.h @@ -22,22 +22,29 @@ struct sigcontext; #define kernel_fpu_available() cpu_has_fpu -extern void kernel_fpu_begin(void); -extern void kernel_fpu_end(void); -extern void _init_fpu(unsigned int); -extern void _save_fp(struct loongarch_fpu *); -extern void _restore_fp(struct loongarch_fpu *); +void kernel_fpu_begin(void); +void kernel_fpu_end(void); -extern void _save_lsx(struct loongarch_fpu *fpu); -extern void _restore_lsx(struct loongarch_fpu *fpu); -extern void _init_lsx_upper(void); -extern void _restore_lsx_upper(struct loongarch_fpu *fpu); +asmlinkage void _init_fpu(unsigned int); +asmlinkage void _save_fp(struct loongarch_fpu *); +asmlinkage void _restore_fp(struct loongarch_fpu *); +asmlinkage int _save_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); +asmlinkage int _restore_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern void _save_lasx(struct loongarch_fpu *fpu); -extern void _restore_lasx(struct loongarch_fpu *fpu); -extern void _init_lasx_upper(void); -extern void _restore_lasx_upper(struct loongarch_fpu *fpu); +asmlinkage void _save_lsx(struct loongarch_fpu *fpu); +asmlinkage void _restore_lsx(struct loongarch_fpu *fpu); +asmlinkage void _init_lsx_upper(void); +asmlinkage void _restore_lsx_upper(struct loongarch_fpu *fpu); +asmlinkage int _save_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); +asmlinkage int _restore_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); + +asmlinkage void _save_lasx(struct loongarch_fpu *fpu); +asmlinkage void _restore_lasx(struct loongarch_fpu *fpu); +asmlinkage void _init_lasx_upper(void); +asmlinkage void _restore_lasx_upper(struct loongarch_fpu *fpu); +asmlinkage int _save_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); +asmlinkage int _restore_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); static inline void enable_lsx(void); static inline void disable_lsx(void); diff --git a/arch/loongarch/include/asm/lbt.h b/arch/loongarch/include/asm/lbt.h index e671978bf552..38566574e562 100644 --- a/arch/loongarch/include/asm/lbt.h +++ b/arch/loongarch/include/asm/lbt.h @@ -12,9 +12,13 @@ #include <asm/loongarch.h> #include <asm/processor.h> -extern void _init_lbt(void); -extern void _save_lbt(struct loongarch_lbt *); -extern void _restore_lbt(struct loongarch_lbt *); +asmlinkage void _init_lbt(void); +asmlinkage void _save_lbt(struct loongarch_lbt *); +asmlinkage void _restore_lbt(struct loongarch_lbt *); +asmlinkage int _save_lbt_context(void __user *regs, void __user *eflags); +asmlinkage int _restore_lbt_context(void __user *regs, void __user *eflags); +asmlinkage int _save_ftop_context(void __user *ftop); +asmlinkage int _restore_ftop_context(void __user *ftop); static inline int is_lbt_enabled(void) { diff --git a/arch/loongarch/kernel/fpu.S b/arch/loongarch/kernel/fpu.S index 6ab640101457..28caf416ae36 100644 --- a/arch/loongarch/kernel/fpu.S +++ b/arch/loongarch/kernel/fpu.S @@ -458,6 +458,7 @@ SYM_FUNC_START(_save_fp_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_fp_context) +EXPORT_SYMBOL_GPL(_save_fp_context) /* * a0: fpregs @@ -471,6 +472,7 @@ SYM_FUNC_START(_restore_fp_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_fp_context) +EXPORT_SYMBOL_GPL(_restore_fp_context) /* * a0: fpregs @@ -484,6 +486,7 @@ SYM_FUNC_START(_save_lsx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lsx_context) +EXPORT_SYMBOL_GPL(_save_lsx_context) /* * a0: fpregs @@ -497,6 +500,7 @@ SYM_FUNC_START(_restore_lsx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lsx_context) +EXPORT_SYMBOL_GPL(_restore_lsx_context) /* * a0: fpregs @@ -510,6 +514,7 @@ SYM_FUNC_START(_save_lasx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lasx_context) +EXPORT_SYMBOL_GPL(_save_lasx_context) /* * a0: fpregs @@ -523,6 +528,7 @@ SYM_FUNC_START(_restore_lasx_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lasx_context) +EXPORT_SYMBOL_GPL(_restore_lasx_context) .L_fpu_fault: li.w a0, -EFAULT # failure diff --git a/arch/loongarch/kernel/lbt.S b/arch/loongarch/kernel/lbt.S index 001f061d226a..71678912d24c 100644 --- a/arch/loongarch/kernel/lbt.S +++ b/arch/loongarch/kernel/lbt.S @@ -90,6 +90,7 @@ SYM_FUNC_START(_save_lbt_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_lbt_context) +EXPORT_SYMBOL_GPL(_save_lbt_context) /* * a0: scr @@ -110,6 +111,7 @@ SYM_FUNC_START(_restore_lbt_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_lbt_context) +EXPORT_SYMBOL_GPL(_restore_lbt_context) /* * a0: ftop @@ -120,6 +122,7 @@ SYM_FUNC_START(_save_ftop_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_save_ftop_context) +EXPORT_SYMBOL_GPL(_save_ftop_context) /* * a0: ftop @@ -150,6 +153,7 @@ SYM_FUNC_START(_restore_ftop_context) li.w a0, 0 # success jr ra SYM_FUNC_END(_restore_ftop_context) +EXPORT_SYMBOL_GPL(_restore_ftop_context) .L_lbt_fault: li.w a0, -EFAULT # failure diff --git a/arch/loongarch/kernel/signal.c b/arch/loongarch/kernel/signal.c index 7a555b600171..4740cb5b2388 100644 --- a/arch/loongarch/kernel/signal.c +++ b/arch/loongarch/kernel/signal.c @@ -51,27 +51,6 @@ #define lock_lbt_owner() ({ preempt_disable(); pagefault_disable(); }) #define unlock_lbt_owner() ({ pagefault_enable(); preempt_enable(); }) -/* Assembly functions to move context to/from the FPU */ -extern asmlinkage int -_save_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern asmlinkage int -_restore_fp_context(void __user *fpregs, void __user *fcc, void __user *csr); -extern asmlinkage int -_save_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_restore_lsx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_save_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); -extern asmlinkage int -_restore_lasx_context(void __user *fpregs, void __user *fcc, void __user *fcsr); - -#ifdef CONFIG_CPU_HAS_LBT -extern asmlinkage int _save_lbt_context(void __user *regs, void __user *eflags); -extern asmlinkage int _restore_lbt_context(void __user *regs, void __user *eflags); -extern asmlinkage int _save_ftop_context(void __user *ftop); -extern asmlinkage int _restore_ftop_context(void __user *ftop); -#endif - struct rt_sigframe { struct siginfo rs_info; struct ucontext rs_uctx;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v2m: Prevent use after free of" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3318dc299b072a0511d6dfd8367f3304fb6d9827 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042841-retreat-dividend-28cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3318dc299b072a0511d6dfd8367f3304fb6d9827 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 22 Apr 2025 17:16:16 +0100 Subject: [PATCH] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index c69894861866..dc98c39d2b20 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, #ifdef CONFIG_ACPI static int acpi_num_msi; -static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) +static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) { struct v2m_data *data;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v2m: Prevent use after free of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3318dc299b072a0511d6dfd8367f3304fb6d9827 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042841-rockfish-unwary-c95f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3318dc299b072a0511d6dfd8367f3304fb6d9827 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 22 Apr 2025 17:16:16 +0100 Subject: [PATCH] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index c69894861866..dc98c39d2b20 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, #ifdef CONFIG_ACPI static int acpi_num_msi; -static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) +static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) { struct v2m_data *data;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v2m: Prevent use after free of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3318dc299b072a0511d6dfd8367f3304fb6d9827 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042840-primer-repeater-2b77@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3318dc299b072a0511d6dfd8367f3304fb6d9827 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 22 Apr 2025 17:16:16 +0100 Subject: [PATCH] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index c69894861866..dc98c39d2b20 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, #ifdef CONFIG_ACPI static int acpi_num_msi; -static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) +static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) { struct v2m_data *data;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v2m: Prevent use after free of" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3318dc299b072a0511d6dfd8367f3304fb6d9827 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042839-launch-disgrace-b785@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3318dc299b072a0511d6dfd8367f3304fb6d9827 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Tue, 22 Apr 2025 17:16:16 +0100 Subject: [PATCH] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index c69894861866..dc98c39d2b20 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, #ifdef CONFIG_ACPI static int acpi_num_msi; -static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) +static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) { struct v2m_data *data;

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042852-snowbound-hurling-b72e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042852-shrewdly-dill-2adb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042851-wimp-glandular-c623@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042851-provider-empathy-7c30@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042850-ocelot-oxymoron-bc7b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x f37bb5486ea536c1d61df89feeaeff3f84f0b560 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042850-crown-ample-85db@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f37bb5486ea536c1d61df89feeaeff3f84f0b560 Mon Sep 17 00:00:00 2001 From: Christian Hewitt <christianshewitt(a)gmail.com> Date: Mon, 21 Apr 2025 22:12:59 +0200 Subject: [PATCH] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" This reverts commit bfbc68e. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Fixes: bfbc68e4d869 ("drm/meson: vclk: fix calculation of 59.94 fractional rates") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250421201300.778955-2-martin.blumenstingl@googl… diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq)

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix gpu reset in multidisplay config" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7eb287beeb60be1e4437be2b4e4e9f0da89aab97 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042801-bucktooth-unstopped-52b8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7eb287beeb60be1e4437be2b4e4e9f0da89aab97 Mon Sep 17 00:00:00 2001 From: Roman Li <Roman.Li(a)amd.com> Date: Tue, 1 Apr 2025 17:05:10 -0400 Subject: [PATCH] drm/amd/display: Fix gpu reset in multidisplay config [Why] The indexing of stream_status in dm_gpureset_commit_state() is incorrect. That leads to asserts in multi-display configuration after gpu reset. [How] Adjust the indexing logic to align stream_status with surface_updates. Fixes: cdaae8371aa9 ("drm/amd/display: Handle GPU reset for DC block") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3808 Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Roman Li <Roman.Li(a)amd.com> Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com> Tested-by: Mark Broadworth <mark.broadworth(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d91bc901398741d317d9b55c59ca949d4bc7394b) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 9fed4471405f..8f3a778df646 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -3355,16 +3355,16 @@ static void dm_gpureset_commit_state(struct dc_state *dc_state, for (k = 0; k < dc_state->stream_count; k++) { bundle->stream_update.stream = dc_state->streams[k]; - for (m = 0; m < dc_state->stream_status->plane_count; m++) { + for (m = 0; m < dc_state->stream_status[k].plane_count; m++) { bundle->surface_updates[m].surface = - dc_state->stream_status->plane_states[m]; + dc_state->stream_status[k].plane_states[m]; bundle->surface_updates[m].surface->force_full_update = true; } update_planes_and_stream_adapter(dm->dc, UPDATE_TYPE_FULL, - dc_state->stream_status->plane_count, + dc_state->stream_status[k].plane_count, dc_state->streams[k], &bundle->stream_update, bundle->surface_updates);

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: microchip: force IRQ polling mode for lan88xx" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 30a41ed32d3088cd0d682a13d7f30b23baed7e93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042825-unreal-nature-7581@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30a41ed32d3088cd0d682a13d7f30b23baed7e93 Mon Sep 17 00:00:00 2001 From: Fiona Klute <fiona.klute(a)gmx.de> Date: Wed, 16 Apr 2025 12:24:13 +0200 Subject: [PATCH] net: phy: microchip: force IRQ polling mode for lan88xx With lan88xx based devices the lan78xx driver can get stuck in an interrupt loop while bringing the device up, flooding the kernel log with messages like the following: lan78xx 2-3:1.0 enp1s0u3: kevent 4 may have been dropped Removing interrupt support from the lan88xx PHY driver forces the driver to use polling instead, which avoids the problem. The issue has been observed with Raspberry Pi devices at least since 4.14 (see [1], bug report for their downstream kernel), as well as with Nvidia devices [2] in 2020, where disabling interrupts was the vendor-suggested workaround (together with the claim that phylib changes in 4.9 made the interrupt handling in lan78xx incompatible). Iperf reports well over 900Mbits/sec per direction with client in --dualtest mode, so there does not seem to be a significant impact on throughput (lan88xx device connected via switch to the peer). [1] https://github.com/raspberrypi/linux/issues/2447 [2] https://forums.developer.nvidia.com/t/jetson-xavier-and-lan7800-problem/142… Link: https://lore.kernel.org/0901d90d-3f20-4a10-b680-9c978e04ddda@lunn.ch Fixes: 792aec47d59d ("add microchip LAN88xx phy driver") Signed-off-by: Fiona Klute <fiona.klute(a)gmx.de> Cc: kernel-list(a)raspberrypi.com Cc: stable(a)vger.kernel.org Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Link: https://patch.msgid.link/20250416102413.30654-1-fiona.klute@gmx.de Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/phy/microchip.c b/drivers/net/phy/microchip.c index 0e17cc458efd..93de88c1c8fd 100644 --- a/drivers/net/phy/microchip.c +++ b/drivers/net/phy/microchip.c @@ -37,47 +37,6 @@ static int lan88xx_write_page(struct phy_device *phydev, int page) return __phy_write(phydev, LAN88XX_EXT_PAGE_ACCESS, page); } -static int lan88xx_phy_config_intr(struct phy_device *phydev) -{ - int rc; - - if (phydev->interrupts == PHY_INTERRUPT_ENABLED) { - /* unmask all source and clear them before enable */ - rc = phy_write(phydev, LAN88XX_INT_MASK, 0x7FFF); - rc = phy_read(phydev, LAN88XX_INT_STS); - rc = phy_write(phydev, LAN88XX_INT_MASK, - LAN88XX_INT_MASK_MDINTPIN_EN_ | - LAN88XX_INT_MASK_LINK_CHANGE_); - } else { - rc = phy_write(phydev, LAN88XX_INT_MASK, 0); - if (rc) - return rc; - - /* Ack interrupts after they have been disabled */ - rc = phy_read(phydev, LAN88XX_INT_STS); - } - - return rc < 0 ? rc : 0; -} - -static irqreturn_t lan88xx_handle_interrupt(struct phy_device *phydev) -{ - int irq_status; - - irq_status = phy_read(phydev, LAN88XX_INT_STS); - if (irq_status < 0) { - phy_error(phydev); - return IRQ_NONE; - } - - if (!(irq_status & LAN88XX_INT_STS_LINK_CHANGE_)) - return IRQ_NONE; - - phy_trigger_machine(phydev); - - return IRQ_HANDLED; -} - static int lan88xx_suspend(struct phy_device *phydev) { struct lan88xx_priv *priv = phydev->priv; @@ -528,8 +487,9 @@ static struct phy_driver microchip_phy_driver[] = { .config_aneg = lan88xx_config_aneg, .link_change_notify = lan88xx_link_change_notify, - .config_intr = lan88xx_phy_config_intr, - .handle_interrupt = lan88xx_handle_interrupt, + /* Interrupt handling is broken, do not define related + * functions to force polling. + */ .suspend = lan88xx_suspend, .resume = genphy_resume,

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xen-netfront: handle NULL returned by" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cc3628dcd851ddd8d418bf0c897024b4621ddc92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042800-convene-bless-ce4b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc3628dcd851ddd8d418bf0c897024b4621ddc92 Mon Sep 17 00:00:00 2001 From: Alexey Nepomnyashih <sdl(a)nppct.ru> Date: Thu, 17 Apr 2025 12:21:17 +0000 Subject: [PATCH] xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may lead to a NULL pointer dereference if the result is used later in processing, potentially causing crashes, data corruption, or undefined behavior. On XDP redirect failure, the associated page must be released explicitly if it was previously retained via get_page(). Failing to do so may result in a memory leak, as the pages reference count is not decremented. Cc: stable(a)vger.kernel.org # v5.9+ Fixes: 6c5aa6fc4def ("xen networking: add basic XDP support for xen-netfront") Signed-off-by: Alexey Nepomnyashih <sdl(a)nppct.ru> Link: https://patch.msgid.link/20250417122118.1009824-1-sdl@nppct.ru Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index fc52d5c4c69b..5091e1fa4a0d 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -985,20 +985,27 @@ static u32 xennet_run_xdp(struct netfront_queue *queue, struct page *pdata, act = bpf_prog_run_xdp(prog, xdp); switch (act) { case XDP_TX: - get_page(pdata); xdpf = xdp_convert_buff_to_frame(xdp); - err = xennet_xdp_xmit(queue->info->netdev, 1, &xdpf, 0); - if (unlikely(!err)) - xdp_return_frame_rx_napi(xdpf); - else if (unlikely(err < 0)) + if (unlikely(!xdpf)) { trace_xdp_exception(queue->info->netdev, prog, act); + break; + } + get_page(pdata); + err = xennet_xdp_xmit(queue->info->netdev, 1, &xdpf, 0); + if (unlikely(err <= 0)) { + if (err < 0) + trace_xdp_exception(queue->info->netdev, prog, act); + xdp_return_frame_rx_napi(xdpf); + } break; case XDP_REDIRECT: get_page(pdata); err = xdp_do_redirect(queue->info->netdev, xdp, prog); *need_xdp_flush = true; - if (unlikely(err)) + if (unlikely(err)) { trace_xdp_exception(queue->info->netdev, prog, act); + xdp_return_buff(xdp); + } break; case XDP_PASS: case XDP_DROP:

6 months, 3 weeks

1
0
0 0

stable request: eaaff9b6702e ("netfilter: fib: avoid lookup if socket is available")

by Florian Westphal

Hi Greg, hi Sasha, Could you please queue up eaaff9b6702e ("netfilter: fib: avoid lookup if socket is available") for 6.14 and 6.12? Unfortunately I did not realize that the missing handling of 'input' is not just a missing optimization but an actual bug fix, else I would have split this patch in two. The bug exists since 5.19, but its not a regression ('never worked'). Given noone noticed/reported this until this week (https://lore.kernel.org/netfilter/20250422114352.GA2092@breakpoint.cc/), we think it makes sense to only apply this to the two most recent trees and keep the rest as-is, users of those trees evidently don't use the b0rken configuration or they would have complained long ago. The commit cherry-picks cleanly to both. If you disagree let me know, I could also make a stable-only patch that only contains the bug fix part of the mentioned commit. Thanks!

6 months, 3 weeks

2
1
0 0

Stable request: net: stmmac: resume rx clocking

by Jon Hunter

Hi Greg, Sasha, Updates to the stmmac networking driver in Linux v6.14 exposed some issues with resuming the driver on platforms such as the Tegra186 Jetson TX2 board. This is why the suspend test has been failing on this platform for the linux-6.14.y updates ... Test failures: tegra186-p2771-0000: pm-system-suspend.sh Russell has provided some fixes for this that are now in the mainline and so I would like to integrate the following changes to linux-6.14.y ... f732549eb303 net: stmmac: simplify phylink_suspend() and phylink_resume() calls 367f1854d442 net: phylink: add phylink_prepare_resume() ef43e5132895 net: stmmac: address non-LPI resume failures properly 366aeeba7908 net: stmmac: socfpga: remove phy_resume() call ddf4bd3f7384 net: phylink: add functions to block/unblock rx clock stop dd557266cf5f net: stmmac: block PHY RXC clock-stop I had a quick look to see if we can backport to linux-6.12.y but looks like we need more commits and so for now just target linux-6.14.y. Jon

6 months, 3 weeks

2
1
0 0

Please apply commit d81cadbe1642 to 6.12 stable tree

by Naveen N Rao

Please apply commit d81cadbe1642 ("KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature") to the stable v6.12 tree. This patch prevents a kernel BUG by disabling AVIC on systems without suitable support for AVIC to work when SEV-SNP support is enabled in the host. Thanks, Naveen

6 months, 3 weeks

3
4
0 0

Potential Linux Crash: possible deadlock in do_lock_mount in linux6.12.24(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " possible deadlock in do_lock_mount " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025). (The latest version of 6.12 is 6.12-25 at present. However, after comparison, I found that there seems to be no fix for this bug in the latest version.) Unfortunately, I am unable to reproduce this bug. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 ------------[ cut here ]----------------------------------------- TITLE: possible deadlock in do_lock_mount ------------[ cut here ]------------ ====================================================== ====================================================== WARNING: possible circular locking dependency detected 6.12.24 #3 Not tainted ------------------------------------------------------ syz.6.1765/29153 is trying to acquire lock: ffffffff8e14afc0 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:318 [inline] ffffffff8e14afc0 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slub.c:4058 [inline] ffffffff8e14afc0 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:4136 [inline] ffffffff8e14afc0 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x310 mm/slub.c:4312 but task is already holding lock: ffffffff8e1bfdd0 (namespace_sem){++++}-{3:3}, at: namespace_lock fs/namespace.c:1713 [inline] ffffffff8e1bfdd0 (namespace_sem){++++}-{3:3}, at: do_lock_mount+0x150/0x5b0 fs/namespace.c:2618 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #7 (namespace_sem){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 namespace_lock fs/namespace.c:1713 [inline] do_lock_mount+0x150/0x5b0 fs/namespace.c:2618 lock_mount fs/namespace.c:2654 [inline] do_loopback fs/namespace.c:2777 [inline] path_mount+0xcda/0x1ea0 fs/namespace.c:3833 do_mount fs/namespace.c:3852 [inline] __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x284/0x310 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #6 (&sb->s_type->i_mutex_key#3){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 inode_lock include/linux/fs.h:815 [inline] start_creating.part.0+0xb2/0x370 fs/debugfs/inode.c:374 start_creating fs/debugfs/inode.c:351 [inline] debugfs_create_dir+0x72/0x600 fs/debugfs/inode.c:593 blk_register_queue+0x16a/0x4f0 block/blk-sysfs.c:766 device_add_disk+0x77f/0x12f0 block/genhd.c:489 add_disk include/linux/blkdev.h:741 [inline] brd_alloc.isra.0+0x57a/0x800 drivers/block/brd.c:401 brd_init+0xf5/0x1e0 drivers/block/brd.c:481 do_one_initcall+0x10e/0x6d0 init/main.c:1269 do_initcall_level init/main.c:1331 [inline] do_initcalls init/main.c:1347 [inline] do_basic_setup init/main.c:1366 [inline] kernel_init_freeable+0x5ae/0x8a0 init/main.c:1580 kernel_init+0x1e/0x2d0 init/main.c:1469 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #5 (&q->debugfs_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 blk_mq_init_sched+0x436/0x650 block/blk-mq-sched.c:473 elevator_init_mq+0x2cc/0x420 block/elevator.c:610 device_add_disk+0x10e/0x12f0 block/genhd.c:411 sd_probe+0xa0e/0xf80 drivers/scsi/sd.c:4024 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #4 (&q->q_usage_counter(queue)#51){++++}-{0:0}: blk_queue_enter+0x4d0/0x600 block/blk-core.c:328 blk_mq_alloc_request+0x422/0x9c0 block/blk-mq.c:680 scsi_alloc_request drivers/scsi/scsi_lib.c:1227 [inline] scsi_execute_cmd+0x1fe/0xf20 drivers/scsi/scsi_lib.c:304 read_capacity_16+0x1f2/0xe60 drivers/scsi/sd.c:2655 sd_read_capacity drivers/scsi/sd.c:2824 [inline] sd_revalidate_disk.isra.0+0x1989/0xa440 drivers/scsi/sd.c:3734 sd_probe+0x887/0xf80 drivers/scsi/sd.c:4010 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #3 (&q->limits_lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 queue_limits_start_update include/linux/blkdev.h:935 [inline] loop_reconfigure_limits+0x1f2/0x960 drivers/block/loop.c:1004 loop_set_block_size drivers/block/loop.c:1474 [inline] lo_simple_ioctl drivers/block/loop.c:1497 [inline] lo_ioctl+0xb92/0x1870 drivers/block/loop.c:1560 blkdev_ioctl+0x27b/0x6c0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (&q->q_usage_counter(io)#19){++++}-{0:0}: bio_queue_enter block/blk.h:76 [inline] blk_mq_submit_bio+0x2167/0x2b70 block/blk-mq.c:3090 __submit_bio+0x399/0x630 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:716 [inline] submit_bio_noacct_nocheck+0x6c3/0xd00 block/blk-core.c:745 submit_bio_noacct+0x57a/0x1fa0 block/blk-core.c:868 xfs_buf_ioapply_map fs/xfs/xfs_buf.c:1585 [inline] _xfs_buf_ioapply+0x8a4/0xbe0 fs/xfs/xfs_buf.c:1673 __xfs_buf_submit+0x241/0x840 fs/xfs/xfs_buf.c:1757 xfs_buf_submit fs/xfs/xfs_buf.c:61 [inline] _xfs_buf_read fs/xfs/xfs_buf.c:808 [inline] xfs_buf_read_map+0x3e7/0xb40 fs/xfs/xfs_buf.c:872 xfs_trans_read_buf_map+0x10a/0x9b0 fs/xfs/xfs_trans_buf.c:289 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline] xfs_read_agf+0x2c1/0x5b0 fs/xfs/libxfs/xfs_alloc.c:3367 xfs_alloc_read_agf+0x152/0xb90 fs/xfs/libxfs/xfs_alloc.c:3401 xfs_alloc_fix_freelist+0x925/0xff0 fs/xfs/libxfs/xfs_alloc.c:2863 xfs_alloc_vextent_prepare_ag+0x7c/0x6c0 fs/xfs/libxfs/xfs_alloc.c:3532 xfs_alloc_vextent_iterate_ags.constprop.0+0x1b0/0x970 fs/xfs/libxfs/xfs_alloc.c:3717 xfs_alloc_vextent_start_ag+0x32b/0x800 fs/xfs/libxfs/xfs_alloc.c:3806 xfs_bmap_btalloc_best_length fs/xfs/libxfs/xfs_bmap.c:3731 [inline] xfs_bmap_btalloc+0xbc4/0x17d0 fs/xfs/libxfs/xfs_bmap.c:3776 xfs_bmapi_allocate+0x23d/0xe80 fs/xfs/libxfs/xfs_bmap.c:4189 xfs_bmapi_write+0x686/0xca0 fs/xfs/libxfs/xfs_bmap.c:4518 xfs_dquot_disk_alloc+0x654/0xbb0 fs/xfs/xfs_dquot.c:376 xfs_qm_dqread+0x55d/0x5f0 fs/xfs/xfs_dquot.c:715 xfs_qm_dqget+0x142/0x470 fs/xfs/xfs_dquot.c:927 xfs_qm_quotacheck_dqadjust+0xaa/0x570 fs/xfs/xfs_qm.c:1125 xfs_qm_dqusage_adjust+0x511/0x680 fs/xfs/xfs_qm.c:1248 xfs_iwalk_ag_recs+0x476/0x7c0 fs/xfs/xfs_iwalk.c:213 xfs_iwalk_run_callbacks+0x1fa/0x560 fs/xfs/xfs_iwalk.c:371 xfs_iwalk_ag+0x73a/0x940 fs/xfs/xfs_iwalk.c:477 xfs_iwalk_ag_work+0x14e/0x1c0 fs/xfs/xfs_iwalk.c:619 xfs_pwork_work+0x7f/0x160 fs/xfs/xfs_pwork.c:47 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (&xfs_nondir_ilock_class#3){++++}-{3:3}: down_write_nested+0x96/0x210 kernel/locking/rwsem.c:1693 xfs_ilock+0x198/0x210 fs/xfs/xfs_inode.c:164 xfs_reclaim_inode fs/xfs/xfs_icache.c:981 [inline] xfs_icwalk_process_inode fs/xfs/xfs_icache.c:1675 [inline] xfs_icwalk_ag+0xa5e/0x17b0 fs/xfs/xfs_icache.c:1757 xfs_icwalk fs/xfs/xfs_icache.c:1805 [inline] xfs_reclaim_inodes_nr+0x1bd/0x300 fs/xfs/xfs_icache.c:1047 super_cache_scan+0x412/0x570 fs/super.c:227 do_shrink_slab+0x44b/0x1190 mm/shrinker.c:437 shrink_slab+0x332/0x12a0 mm/shrinker.c:664 shrink_one+0x4ad/0x7c0 mm/vmscan.c:4835 shrink_many mm/vmscan.c:4896 [inline] lru_gen_shrink_node mm/vmscan.c:4974 [inline] shrink_node+0x2420/0x3890 mm/vmscan.c:5954 kswapd_shrink_node mm/vmscan.c:6782 [inline] balance_pgdat+0xbe5/0x18c0 mm/vmscan.c:6974 kswapd+0x702/0xd50 mm/vmscan.c:7243 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4058 [inline] slab_alloc_node mm/slub.c:4136 [inline] __kmalloc_cache_noprof+0x4b/0x310 mm/slub.c:4312 kmalloc_noprof include/linux/slab.h:878 [inline] get_mountpoint+0x14c/0x410 fs/namespace.c:909 do_lock_mount+0x171/0x5b0 fs/namespace.c:2639 lock_mount fs/namespace.c:2654 [inline] do_new_mount_fc fs/namespace.c:3449 [inline] do_new_mount fs/namespace.c:3514 [inline] path_mount+0x1695/0x1ea0 fs/namespace.c:3839 do_mount fs/namespace.c:3852 [inline] __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x284/0x310 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: fs_reclaim --> &sb->s_type->i_mutex_key#3 --> namespace_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(namespace_sem); lock(&sb->s_type->i_mutex_key#3); lock(namespace_sem); lock(fs_reclaim); *** DEADLOCK *** 2 locks held by syz.6.1765/29153: #0: ffff888055a94158 (&sb->s_type->i_mutex_key#29){++++}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #0: ffff888055a94158 (&sb->s_type->i_mutex_key#29){++++}-{3:3}, at: do_lock_mount+0xae/0x5b0 fs/namespace.c:2612 #1: ffffffff8e1bfdd0 (namespace_sem){++++}-{3:3}, at: namespace_lock fs/namespace.c:1713 [inline] #1: ffffffff8e1bfdd0 (namespace_sem){++++}-{3:3}, at: do_lock_mount+0x150/0x5b0 fs/namespace.c:2618 stack backtrace: CPU: 1 UID: 0 PID: 29153 Comm: syz.6.1765 Not tainted 6.12.24 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074 check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4058 [inline] slab_alloc_node mm/slub.c:4136 [inline] __kmalloc_cache_noprof+0x4b/0x310 mm/slub.c:4312 kmalloc_noprof include/linux/slab.h:878 [inline] get_mountpoint+0x14c/0x410 fs/namespace.c:909 do_lock_mount+0x171/0x5b0 fs/namespace.c:2639 lock_mount fs/namespace.c:2654 [inline] do_new_mount_fc fs/namespace.c:3449 [inline] do_new_mount fs/namespace.c:3514 [inline] path_mount+0x1695/0x1ea0 fs/namespace.c:3839 do_mount fs/namespace.c:3852 [inline] __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x284/0x310 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff6353ad5ad Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff6361edf98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007ff6355e5fa0 RCX: 00007ff6353ad5ad RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000000000000000 RBP: 00007ff635446d56 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff6355e5fa0 R15: 00007ff6361ce000 </TASK> ================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

2
1
0 0

[PATCH 6.12 000/223] 6.12.25-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.25 release. There are 223 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.25-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.25-rc1 Jens Axboe <axboe(a)kernel.dk> block: make struct rq_list available for !CONFIG_BLOCK Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extend changes_pkt_data with cases w/o subprograms Eduard Zingerman <eddyz87(a)gmail.com> bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: validate that tail call invalidates packet pointers Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: freplace tests for tracking of changes_packet_data Eduard Zingerman <eddyz87(a)gmail.com> bpf: check changes_pkt_data property for extension programs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: test for changing packet data from global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: track changes_pkt_data property for global functions Eduard Zingerman <eddyz87(a)gmail.com> bpf: add find_containing_subprog() utility function P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Alexander Tsoy <alexander(a)tsoy.me> Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Christoph Hellwig <hch(a)lst.de> block: don't reorder requests in blk_add_rq_to_plug Christoph Hellwig <hch(a)lst.de> block: add a rq_list type Christoph Hellwig <hch(a)lst.de> block: remove rq_list_move WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Temporarily disable hostvm on DCN31 Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Eliminate superfluous get_numa_distances_cnt() Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Shung-Hsi Yu <shung-hsi.yu(a)suse.com> selftests/bpf: Fix raw_tp null handling test Yu Kuai <yukuai3(a)huawei.com> md: fix mddev uaf while iterating all_mddevs list Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Rename "data" variable Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Lukas Fischer <kernel(a)o1oo11oo.de> scripts: generate_rust_analyzer: Add ffi crate Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGWTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGRTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGITR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HDFGWTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HDFGRTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Fix value in <VBLKSTR> register ZhenGuo Yin <zhenguo.yin(a)amd.com> drm/amdgpu: fix warning of drm_mm_clean Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Set LRC addresses before guc load Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix notifier vs folio deadlock Matthew Auld <matthew.auld(a)intel.com> drm/xe/dma_buf: stop relying on placement in unmap Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml2_init()/dml21_init() Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() Christian König <christian.koenig(a)amd.com> drm/amdgpu: immediately use GTT for new allocations Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Fix an out-of-bounds shift when invalidating TLB Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Brendan King <Brendan.King(a)imgtec.com> drm/imagination: take paired job reference Brendan King <Brendan.King(a)imgtec.com> drm/imagination: fix firmware memory leaks Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes11: optimize MES pipe FW version fetching Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml21_copy() Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use local fence in error path of xe_migrate_clear Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes12: optimize MES pipe FW version fetching Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/smu11: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Increase vblank offdelay for PSR panels Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Actually do immediate vblank disable Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Handle being compiled without SI or CIK support better Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: prevent hang on link training fail Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Prefer shadow rom when available Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Haoxiang Li <haoxiang_li2024(a)163.com> drm/msm/dsi: Add check for devm_kstrdup() Jocelyn Falempe <jfalempe(a)redhat.com> drm/ast: Fix ast_dp connection status Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: amd: pmf: Fix STT limits Yazen Ghannam <yazen.ghannam(a)amd.com> RAS/AMD/FMPM: Get masked address Yazen Ghannam <yazen.ghannam(a)amd.com> RAS/AMD/ATL: Include row[13] bit in row retirement Sharath Srinivasan <sharath.srinivasan(a)oracle.com> RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure consistent phy reference counts Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Block zero-length ATA VPD inquiry Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Avoid shared GHCB page for early memory acceptance Sandipan Das <sandipan.das(a)amd.com> x86/cpu/amd: Fix workaround for erratum 1054 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Chunjie Zhu <chunjie.zhu(a)cloud.com> smb3 client: fix open hardlink on deferred close file error Suren Baghdasaryan <surenb(a)google.com> slab: ensure slab->obj_exts is clear in a newly allocated slab page Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: fix TCP timers deadlock after rmmod" Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix the warning from __kernel_write_iter Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb_break_all_levII_oplock() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix dangling pointer in krb_authenticate Miklos Szeredi <mszeredi(a)redhat.com> ovl: don't allow datadir only Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: fix filemap_get_folios_contig returning batches of identical folios Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/compaction: fix bug in hugetlb handling pathway Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Explicitly synchronize limits_changed flag handling Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Kees Cook <kees(a)kernel.org> Bluetooth: vhci: Avoid needless snprintf() calls Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Process valid commands in too long frame Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx+: Don't let IB_SIZE overflow Menglong Dong <menglong8.dong(a)gmail.com> ftrace: fix incorrect hash size in register_ftrace_direct() Christoph Hellwig <hch(a)lst.de> fs: move the bdex_statx call to vfs_getattr_nosec Su Hui <suhui(a)nfschina.com> fs/stat.c: avoid harmless garbage value problem in vfs_statx_path() Stefan Berger <stefanb(a)linux.ibm.com> fs: Simplify getattr interface function checking AT_GETATTR_NOSEC flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: atr: Fix wrong include Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Dan Carpenter <dan.carpenter(a)linaro.org> dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() Maíra Canal <mcanal(a)igalia.com> drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later Martin K. Petersen <martin.petersen(a)oracle.com> block: integrity: Do not call set_page_dirty_lock() Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Herve Codina <herve.codina(a)bootlin.com> ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: use `pound` to support GNU Make < 4.3 Miguel Ojeda <ojeda(a)kernel.org> rust: disable `clippy::needless_continue` Miguel Ojeda <ojeda(a)kernel.org> rust: kasan/kbuild: fix missing flags on first build Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: SH: Respect kunit cmdline Samuel Holland <samuel.holland(a)sifive.com> riscv: module: Allocate PLT entries for R_RISCV_PLT32 Samuel Holland <samuel.holland(a)sifive.com> riscv: module: Fix out-of-bounds relocation access Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Will Pierce <wgpierce17(a)gmail.com> riscv: Use kvmalloc_array on relocation_hashtable Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: reapply mdc divider on reset Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add phase offset configuration for perout signal Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add pwidth configuration for perout signal Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: fix start time alignment in ptp_ocp_signal_set Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: free routing table on probe failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: clean up FDB, MDB, VLAN entries on unbind Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Abdun Nihaal <abdun.nihaal(a)gmail.com> net: txgbe: fix memory leak in txgbe_probe() error path Jonas Gorski <jonas.gorski(a)gmail.com> net: bridge: switchdev: do not notify new brentries as changed Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: adjust mctp attribute naming Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: add an attr layer around alt-ifname Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: make sure we validate subtype of array-nest Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: individually free previous values on double set Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sata: Save all fields from sense data descriptor Christoph Hellwig <hch(a)lst.de> loop: stop using vfs_iter_{read,write} for buffered I/O Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix missing ring index trim on error path Michael Walle <mwalle(a)kernel.org> net: ethernet: ti: am65-cpsw: fix port_np reference counting Abdun Nihaal <abdun.nihaal(a)gmail.com> net: ngbe: fix memory leak in ngbe_probe() error path Weizhao Ouyang <o451686892(a)gmail.com> can: rockchip_canfd: fix broken quirks checks Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Jakub Kicinski <kuba(a)kernel.org> netlink: specs: ovs_vport: align with C codegen capabilities Zheng Qixing <zhengqixing(a)huawei.com> block: fix resource leak in blk_register_queue() error path Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Damodharam Ammepalli <damodharam.ammepalli(a)broadcom.com> ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() Abdun Nihaal <abdun.nihaal(a)gmail.com> pds_core: fix memory leak in pdsc_debugfs_add_qcq() Matthew Wilcox (Oracle) <willy(a)infradead.org> test suite: use %zu to print size_t Kuniyuki Iwashima <kuniyu(a)amazon.com> smc: Fix lockdep false-positive for IPPROTO_SMC. Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry Christopher S M Hall <christopher.s.hall(a)intel.com> igc: add lock preventing multiple simultaneous PTM transactions Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: increase wait time before retrying PTM Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Juergen Gross <jgross(a)suse.com> xen: fix multicall debug feature Xin Long <lucien.xin(a)gmail.com> ipv6: add exception routes to GC list in rt6_insert_exception Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Reset clamp override on jack removal Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ASUS platform headset Mic issue Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Jaroslav Kysela <perex(a)perex.cz> ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA Richard Fitzgerald <rf(a)opensource.cirrus.com> ALSA: hda/cirrus_scodec_test: Don't select dependencies Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Giuseppe Scrivano <gscrivan(a)redhat.com> ovl: remove unused forward declaration Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix IV usage for AES ECB Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Do not use fixed size buffers Colin Ian King <colin.i.king(a)gmail.com> crypto: tegra - remove redundant error check on ret Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Brady Norander <bradynorander(a)gmail.com> ASoC: dwc: always enable/disable i2s irqs Zheng Qixing <zhengqixing(a)huawei.com> md/md-bitmap: fix stats collection for external bitmaps Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Martin Wilck <mwilck(a)suse.com> scsi: smartpqi: Use is_kdump_kernel() to check for kdump Daniel Wagner <wagi(a)kernel.org> scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues Daniel Wagner <wagi(a)kernel.org> blk-mq: introduce blk_mq_map_hw_queues Daniel Wagner <wagi(a)kernel.org> driver core: bus: add irq_get_affinity callback to bus_type Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected ------------- Diffstat: Documentation/arch/arm64/booting.rst | 22 +++ .../bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2 +- Documentation/netlink/specs/ovs_vport.yaml | 4 +- Documentation/netlink/specs/rt_link.yaml | 14 +- Documentation/wmi/devices/msi-wmi-platform.rst | 4 + Makefile | 8 +- arch/arm64/include/asm/el2_setup.h | 25 ++++ arch/arm64/tools/sysreg | 104 ++++++++++++++ arch/loongarch/kernel/acpi.c | 12 -- arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/kernel/cevt-ds1287.c | 1 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/module-sections.c | 13 +- arch/riscv/kernel/module.c | 11 +- arch/riscv/kernel/setup.c | 36 ++++- arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 67 +++------ arch/x86/boot/compressed/sev.h | 2 + arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 ++------------- arch/x86/kernel/cpu/amd.c | 19 ++- arch/x86/kernel/cpu/microcode/amd.c | 9 +- arch/x86/xen/multicalls.c | 26 ++-- arch/x86/xen/smp_pv.c | 1 - arch/x86/xen/xen-ops.h | 3 - block/bdev.c | 3 +- block/bio-integrity.c | 17 +-- block/blk-core.c | 6 +- block/blk-merge.c | 2 +- block/blk-mq-cpumap.c | 37 +++++ block/blk-mq.c | 42 +++--- block/blk-mq.h | 2 +- block/blk-sysfs.c | 2 + drivers/ata/libata-sata.c | 15 +++ drivers/block/loop.c | 121 +++-------------- drivers/block/null_blk/main.c | 9 +- drivers/block/virtio_blk.c | 13 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_vhci.c | 10 +- drivers/cpufreq/cpufreq.c | 40 +++++- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/tegra/tegra-se-aes.c | 131 +++++++++--------- drivers/crypto/tegra/tegra-se-hash.c | 38 ++++-- drivers/crypto/tegra/tegra-se.h | 2 - drivers/dma-buf/sw_sync.c | 19 ++- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 62 ++++++++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6 +- .../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 17 ++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 9 ++ .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- drivers/gpu/drm/ast/ast_dp.c | 6 + drivers/gpu/drm/i915/display/intel_display.c | 4 +- drivers/gpu/drm/i915/gvt/opregion.c | 7 +- drivers/gpu/drm/imagination/pvr_fw.c | 27 +++- drivers/gpu/drm/imagination/pvr_job.c | 7 + drivers/gpu/drm/imagination/pvr_queue.c | 4 + drivers/gpu/drm/mgag200/mgag200_mode.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 +++++------ drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 9 +- .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 + drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/gpu/drm/v3d/v3d_sched.c | 16 ++- drivers/gpu/drm/xe/xe_dma_buf.c | 5 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12 +- drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++++++----- drivers/gpu/drm/xe/xe_hmm.c | 24 ---- drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i2c/i2c-atr.c | 2 +- drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/md/md-bitmap.c | 5 +- drivers/md/md.c | 22 +-- drivers/md/raid10.c | 1 + drivers/misc/pci_endpoint_test.c | 4 + drivers/net/can/rockchip/rockchip_canfd-core.c | 7 +- drivers/net/dsa/b53/b53_common.c | 10 ++ drivers/net/dsa/mv88e6xxx/chip.c | 13 +- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 6 +- drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++++++++------ drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 ++++--- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15 ++- drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++++++------- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3 +- drivers/net/wireless/ath/ath12k/dp_mon.c | 4 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/nvme/host/apple.c | 2 +- drivers/nvme/host/pci.c | 15 +-- drivers/nvme/target/fc.c | 14 -- drivers/pci/pci.c | 4 - drivers/platform/x86/amd/pmf/auto-mode.c | 4 +- drivers/platform/x86/amd/pmf/cnqf.c | 8 +- drivers/platform/x86/amd/pmf/core.c | 14 ++ drivers/platform/x86/amd/pmf/pmf.h | 1 + drivers/platform/x86/amd/pmf/sps.c | 12 +- drivers/platform/x86/amd/pmf/tee-if.c | 6 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/platform/x86/msi-wmi-platform.c | 99 +++++++++----- drivers/ptp/ptp_ocp.c | 1 + drivers/ras/amd/atl/internal.h | 3 + drivers/ras/amd/atl/umc.c | 19 ++- drivers/ras/amd/fmpm.c | 9 +- drivers/scsi/fnic/fnic_main.c | 3 +- drivers/scsi/hisi_sas/hisi_sas.h | 1 - drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 18 ++- drivers/scsi/megaraid/megaraid_sas_base.c | 12 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +- drivers/scsi/mpi3mr/mpi3mr.h | 1 - drivers/scsi/mpi3mr/mpi3mr_os.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3 +- drivers/scsi/pm8001/pm8001_init.c | 2 +- drivers/scsi/pm8001/pm8001_sas.h | 1 - drivers/scsi/qla2xxx/qla_nvme.c | 3 +- drivers/scsi/qla2xxx/qla_os.c | 4 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/smartpqi/smartpqi_init.c | 20 +-- drivers/ufs/host/ufs-exynos.c | 6 + fs/Kconfig | 1 + fs/btrfs/super.c | 3 +- fs/ecryptfs/inode.c | 12 +- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 7 - fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/overlayfs/inode.c | 10 +- fs/overlayfs/overlayfs.h | 10 -- fs/overlayfs/super.c | 5 + fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 34 ++--- fs/smb/client/file.c | 28 ++++ fs/smb/server/oplock.c | 29 ++-- fs/smb/server/oplock.h | 1 - fs/smb/server/smb2pdu.c | 4 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 3 +- fs/stat.c | 39 +++--- include/linux/backing-dev.h | 1 + include/linux/blk-mq.h | 111 +++++++-------- include/linux/blkdev.h | 17 ++- include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + include/linux/device/bus.h | 3 + include/linux/nfs.h | 7 - include/uapi/linux/fcntl.h | 4 - io_uring/rw.c | 4 +- kernel/bpf/verifier.c | 79 +++++++++-- kernel/sched/cpufreq_schedutil.c | 46 ++++++- kernel/trace/ftrace.c | 7 +- kernel/trace/trace_events_filter.c | 4 +- lib/string.c | 13 +- mm/compaction.c | 6 +- mm/filemap.c | 1 + mm/gup.c | 4 +- mm/memory.c | 4 +- mm/slub.c | 10 ++ mm/userfaultfd.c | 13 +- mm/vma.c | 38 +++++- mm/vma.h | 9 +- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 21 ++- net/bridge/br_vlan.c | 4 +- net/dsa/dsa.c | 59 ++++++-- net/dsa/tag_8021q.c | 2 +- net/ethtool/cmis_cdb.c | 2 +- net/ipv6/route.c | 1 + net/mac80211/iface.c | 3 + net/mctp/af_mctp.c | 3 + net/openvswitch/flow_netlink.c | 3 +- net/smc/af_smc.c | 5 + scripts/Makefile.compiler | 4 +- scripts/generate_rust_analyzer.py | 12 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_realtek.c | 55 ++++++-- sound/soc/codecs/cs42l43-jack.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++++++------ sound/soc/dwc/dwc-i2s.c | 13 +- sound/soc/fsl/fsl_qmc_audio.c | 3 + sound/soc/intel/avs/pcm.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 1 + sound/soc/qcom/lpass.h | 3 +- tools/net/ynl/ynl-gen-c.py | 69 +++++++--- tools/objtool/check.c | 1 + tools/testing/kunit/qemu_configs/sh.py | 4 +- .../selftests/bpf/prog_tests/changes_pkt_data.c | 107 +++++++++++++++ .../testing/selftests/bpf/progs/changes_pkt_data.c | 39 ++++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 +++ tools/testing/selftests/bpf/progs/raw_tp_null.c | 19 ++- tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++++++++ .../selftests/mm/charge_reserved_hugetlb.sh | 4 +- .../selftests/mm/hugetlb_reparenting_test.sh | 2 +- tools/testing/shared/linux.c | 4 +- 232 files changed, 2369 insertions(+), 1282 deletions(-)

6 months, 3 weeks

11
234
0 0

[PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()

by Lu Baolu

The idxd driver attaches the default domain to a PASID of the device to perform kernel DMA using that PASID. The domain is attached to the device's PASID through iommu_attach_device_pasid(), which checks if the domain->owner matches the iommu_ops retrieved from the device. If they do not match, it returns a failure. if (ops != domain->owner || pasid == IOMMU_NO_PASID) return -EINVAL; The static identity domain implemented by the intel iommu driver doesn't specify the domain owner. Therefore, kernel DMA with PASID doesn't work for the idxd driver if the device translation mode is set to passthrough. Generally the owner field of static domains are not set because they are already part of iommu ops. Add a helper domain_iommu_ops_compatible() that checks if a domain is compatible with the device's iommu ops. This helper explicitly allows the static blocked and identity domains associated with the device's iommu_ops to be considered compatible. Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031 Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/ Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/iommu/iommu.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) Change log: v3: - Convert all places checking domain->owner to the new helper. v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux… - Make the solution generic for all static domains as suggested by Jason. v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux… diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 4f91a740c15f..b26fc3ed9f01 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain, return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN); } +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops, + struct iommu_domain *domain) +{ + if (domain->owner == ops) + return true; + + /* For static domains, owner isn't set. */ + if (domain == ops->blocked_domain || domain == ops->identity_domain) + return true; + + return false; +} + static int __iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group) { @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain, return -EBUSY; dev = iommu_group_first_dev(group); - if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner) + if (!dev_has_iommu(dev) || + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain)) return -EINVAL; return __iommu_group_set_domain(group, domain); @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, !ops->blocked_domain->ops->set_dev_pasid) return -EOPNOTSUPP; - if (ops != domain->owner || pasid == IOMMU_NO_PASID) + if (!domain_iommu_ops_compatible(ops, domain) || + pasid == IOMMU_NO_PASID) return -EINVAL; mutex_lock(&group->mutex); @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain, if (!domain->ops->set_dev_pasid) return -EOPNOTSUPP; - if (dev_iommu_ops(dev) != domain->owner || + if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) || pasid == IOMMU_NO_PASID || !handle) return -EINVAL; -- 2.43.0

6 months, 3 weeks

6
5
0 0

[PATCH] arm64: dts: qcom: x1e80100: Add GFX power domain to GPU clock controller

by Abel Vesa

According to documentation, the VDD_GFX is powering up the whole GPU subsystem. The VDD_GFX is routed through the RPMh GFX power domain. So tie the RPMh GFX power domain to the GPU clock controller. Cc: stable(a)vger.kernel.org # 6.11 Fixes: 721e38301b79 ("arm64: dts: qcom: x1e80100: Add gpu support") Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 46b79fce92c90d969e3de48bc88e27915d1592bb..96d5ab3c426639b0c0af2458d127e3bbbe41c556 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -3873,6 +3873,7 @@ gpucc: clock-controller@3d90000 { clocks = <&bi_tcxo_div2>, <&gcc GCC_GPU_GPLL0_CPH_CLK_SRC>, <&gcc GCC_GPU_GPLL0_DIV_CPH_CLK_SRC>; + power-domains = <&rpmhpd RPMHPD_GFX>; #clock-cells = <1>; #reset-cells = <1>; #power-domain-cells = <1>; --- base-commit: 2c9c612abeb38aab0e87d48496de6fd6daafb00b change-id: 20250423-x1e80100-add-gpucc-gfx-pd-a51e3ff2d6e1 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

6 months, 3 weeks

4
3
0 0

[PATCH 6.1 000/291] 6.1.135-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.135 release. There are 291 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.135-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.135-rc1 WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: avoid using deprecated ERR_get_error_line() Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: move common SSL helper functions to a header Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Yu Kuai <yukuai3(a)huawei.com> blk-cgroup: support to track if policy is online Xu Kuohai <xukuohai(a)huawei.com> bpf: Prevent tail call between progs attached to different hooks Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Haisu Wang <haisuwang(a)tencent.com> btrfs: fix the length of reserved qgroup to free Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Paulo Alcantara <pc(a)cjr.nz> cifs: use origin fullpath for automounts ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "LoongArch: BPF: Fix off-by-one error in build_prologue()" Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init" Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Boris Burkov <boris(a)bur.io> btrfs: fix qgroup reserve leaks in cow_file_range Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Eliminate superfluous get_numa_distances_cnt() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Alex Williamson <alex.williamson(a)redhat.com> mm: Fix is_zero_page() usage in try_grab_page() Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Arnd Bergmann <arnd(a)arndb.de> media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Eagerly switch ZCR_EL{1,2} Fuad Tabba <tabba(a)google.com> KVM: arm64: Calculate cptr_el2 traps on activating traps Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Mark some header functions as inline Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Refactor exit handlers Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove host FPSIMD saving for non-protected KVM Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Have KVM explicitly say which FP registers to save Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE Mark Brown <broonie(a)kernel.org> KVM: arm64: Discard any SVE state when entering KVM guests Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/smu11: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Handle being compiled without SI or CIK support better Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Sharath Srinivasan <sharath.srinivasan(a)oracle.com> RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure consistent phy reference counts Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Block zero-length ATA VPD inquiry Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Chunjie Zhu <chunjie.zhu(a)cloud.com> smb3 client: fix open hardlink on deferred close file error Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix the warning from __kernel_write_iter Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix dangling pointer in krb_authenticate Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: fix filemap_get_folios_contig returning batches of identical folios Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Jeff Layton <jlayton(a)kernel.org> nfs: move nfs_fhandle_hash to common include file Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: fix start time alignment in ptp_ocp_signal_set Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Jonas Gorski <jonas.gorski(a)gmail.com> net: bridge: switchdev: do not notify new brentries as changed Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Matthew Wilcox (Oracle) <willy(a)infradead.org> test suite: use %zu to print size_t Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Zheng Qixing <zhengqixing(a)huawei.com> md/md-bitmap: fix stats collection for external bitmaps Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: close fd_in before returning in main_loop Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Pedro Tammela <pctammela(a)mojatatu.com> net/sched: cls_api: conditional notification of events Victor Nogueira <victor(a)mojatatu.com> rtnl: add helper to check if a notification is needed Jamal Hadi Salim <jhs(a)mojatatu.com> rtnl: add helper to check if rtnl group has listeners Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail ------------- Diffstat: MAINTAINERS | 1 + Makefile | 7 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/fpsimd.h | 4 +- arch/arm64/include/asm/kvm_host.h | 19 +- arch/arm64/include/asm/kvm_hyp.h | 1 + arch/arm64/include/asm/processor.h | 7 + arch/arm64/include/asm/spectre.h | 1 - arch/arm64/kernel/fpsimd.c | 69 +++++-- arch/arm64/kernel/process.c | 2 + arch/arm64/kernel/proton-pack.c | 208 +++++++++++---------- arch/arm64/kernel/ptrace.c | 3 + arch/arm64/kernel/signal.c | 7 +- arch/arm64/kvm/arm.c | 7 +- arch/arm64/kvm/fpsimd.c | 92 +++------ arch/arm64/kvm/hyp/entry.S | 5 + arch/arm64/kvm/hyp/include/hyp/switch.h | 106 +++++++---- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 +- arch/arm64/kvm/hyp/nvhe/pkvm.c | 17 +- arch/arm64/kvm/hyp/nvhe/switch.c | 91 +++++---- arch/arm64/kvm/hyp/vhe/switch.c | 12 +- arch/arm64/kvm/reset.c | 3 + arch/arm64/mm/mmu.c | 3 +- arch/loongarch/kernel/acpi.c | 12 -- arch/loongarch/net/bpf_jit.c | 2 - arch/loongarch/net/bpf_jit.h | 5 - arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/kernel/cevt-ds1287.c | 1 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/setup.c | 36 +++- arch/sparc/mm/tlb.c | 5 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 +---------- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/intel.c | 20 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kvm/x86.c | 4 + arch/x86/platform/pvh/head.S | 7 +- block/blk-cgroup.c | 24 ++- block/blk-cgroup.h | 1 + block/blk-iocost.c | 7 +- certs/Makefile | 2 +- certs/extract-cert.c | 138 +++++++------- drivers/acpi/platform_profile.c | 20 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/base/devres.c | 7 + drivers/block/loop.c | 7 +- drivers/bluetooth/btqca.c | 13 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/gdsc.c | 61 +++--- drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/cpufreq.c | 40 +++- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/gpio/gpio-tegra186.c | 25 +-- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 +-- drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++++- drivers/gpu/drm/i915/gvt/opregion.c | 7 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 23 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 ++++---- drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/usbhid/hid-pidff.c | 60 ++++-- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/mtk_iommu.c | 26 +-- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 3 + drivers/md/dm-verity-target.c | 8 + drivers/md/md-bitmap.c | 5 +- drivers/md/raid10.c | 1 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ov7251.c | 4 +- .../mediatek/vcodec/vdec/vdec_vp9_req_lat_if.c | 3 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++++++--- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/rc/streamzap.c | 68 ++++--- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 6 +- drivers/mmc/host/dw_mmc.c | 94 +++++++++- drivers/mmc/host/dw_mmc.h | 27 +++ drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 + drivers/net/dsa/mv88e6xxx/chip.c | 30 ++- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/intel/igc/igc_defines.h | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 93 +++++---- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 ++++---- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/vmd.c | 12 +- drivers/pci/pci.c | 4 - drivers/pci/probe.c | 5 +- drivers/perf/arm_pmu.c | 8 +- drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/ptp/ptp_ocp.c | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +-- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +- drivers/scsi/megaraid/megaraid_sas_base.c | 9 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-exynos.c | 6 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/swiotlb-xen.c | 2 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/disk-io.c | 12 ++ fs/btrfs/inode.c | 6 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 6 + fs/ext4/inode.c | 68 +++++-- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 ++ fs/ext4/xattr.c | 11 +- fs/f2fs/inode.c | 4 + fs/f2fs/node.c | 9 +- fs/file.c | 26 ++- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 22 --- fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/smb/client/cifs_dfs_ref.c | 34 +++- fs/smb/client/cifsproto.h | 23 +++ fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 21 ++- fs/smb/client/file.c | 28 +++ fs/smb/client/fs_context.c | 5 + fs/smb/client/smb2misc.c | 9 +- fs/smb/server/oplock.c | 2 +- fs/smb/server/smb2pdu.c | 6 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 3 +- include/linux/backing-dev.h | 1 + include/linux/bpf.h | 1 + include/linux/nfs.h | 13 ++ include/linux/rtnetlink.h | 22 +++ include/linux/tpm.h | 1 + include/net/sctp/structs.h | 3 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/xen/interface/xen-mca.h | 2 +- io_uring/kbuf.c | 2 + io_uring/net.c | 2 + kernel/bpf/core.c | 19 +- kernel/bpf/syscall.c | 17 +- kernel/locking/lockdep.c | 3 + kernel/sched/cpufreq_schedutil.c | 18 +- kernel/trace/ftrace.c | 1 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- lib/sg_split.c | 2 - lib/string.c | 13 +- mm/filemap.c | 1 + mm/gup.c | 6 +- mm/memory-failure.c | 11 +- mm/memory.c | 4 +- mm/rmap.c | 2 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +-- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 3 +- net/bridge/br_vlan.c | 4 +- net/core/filter.c | 80 ++++---- net/core/page_pool.c | 8 +- net/dsa/tag_8021q.c | 2 +- net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mctp/af_mctp.c | 3 + net/mptcp/sockopt.c | 28 +++ net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/act_mirred.c | 20 +- net/sched/cls_api.c | 74 ++++++-- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 +++++-- net/sctp/socket.c | 22 ++- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/sign-file.c | 132 ++++++------- scripts/ssl-common.h | 32 ++++ security/landlock/errata.h | 87 +++++++++ security/landlock/setup.c | 30 +++ security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 ++- sound/pci/hda/hda_intel.c | 44 ++++- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++----- sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/qcom/qdsp6/q6apm-dai.c | 9 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/usb/midi.c | 80 +++++++- tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + tools/testing/radix-tree/linux.c | 4 +- .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 ++++- tools/testing/selftests/net/mptcp/mptcp_connect.c | 7 +- 278 files changed, 2913 insertions(+), 1414 deletions(-)

6 months, 3 weeks

12
303
0 0

[PATCH] LoongArch: Fix MAX_REG_OFFSET calculation

by Huacai Chen

Fix MAX_REG_OFFSET calculation, make it point to the last register in 'struct pt_regs' and not to the marker itself, which could allow regs_get_register() to return an invalid offset. Cc: stable(a)vger.kernel.org Fixes: 803b0fc5c3f2baa6e5 ("LoongArch: Add process management") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/ptrace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/include/asm/ptrace.h b/arch/loongarch/include/asm/ptrace.h index a5b63c84f854..e5d21e836d99 100644 --- a/arch/loongarch/include/asm/ptrace.h +++ b/arch/loongarch/include/asm/ptrace.h @@ -55,7 +55,7 @@ static inline void instruction_pointer_set(struct pt_regs *regs, unsigned long v /* Query offset/name of register from its name/offset */ extern int regs_query_register_offset(const char *name); -#define MAX_REG_OFFSET (offsetof(struct pt_regs, __last)) +#define MAX_REG_OFFSET (offsetof(struct pt_regs, __last) - sizeof(unsigned long)) /** * regs_get_register() - get register value from its offset -- 2.47.1

6 months, 3 weeks

1
0
0 0

[PATCH] LoongArch: Move __arch_cpu_idle() to .cpuidle.text section

by Huacai Chen

Now arch_cpu_idle() is annotated with __cpuidle which means it is in the .cpuidle.text section, but __arch_cpu_idle() isn't. Thus, fix the missing .cpuidle.text section assignment for __arch_cpu_idle() in order to correct backtracing with nmi_backtrace(). The principle is similar to the commit 97c8580e85cf81c ("MIPS: Annotate cpu_wait implementations with __cpuidle") Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kernel/genex.S | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/loongarch/kernel/genex.S b/arch/loongarch/kernel/genex.S index 4f0912141781..733a7665e434 100644 --- a/arch/loongarch/kernel/genex.S +++ b/arch/loongarch/kernel/genex.S @@ -16,6 +16,7 @@ #include <asm/stackframe.h> #include <asm/thread_info.h> + .section .cpuidle.text, "ax" .align 5 SYM_FUNC_START(__arch_cpu_idle) /* start of idle interrupt region */ @@ -31,14 +32,16 @@ SYM_FUNC_START(__arch_cpu_idle) */ idle 0 /* end of idle interrupt region */ -1: jr ra +idle_exit: + jr ra SYM_FUNC_END(__arch_cpu_idle) + .previous SYM_CODE_START(handle_vint) UNWIND_HINT_UNDEFINED BACKUP_T0T1 SAVE_ALL - la_abs t1, 1b + la_abs t1, idle_exit LONG_L t0, sp, PT_ERA /* 3 instructions idle interrupt region */ ori t0, t0, 0b1100 -- 2.47.1

6 months, 3 weeks

1
0
0 0

[PATCH rtw-next v2] wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723

by Mingcong Bai

RTL8723BE found on some ASUSTek laptops, such as F441U and X555UQ with subsystem ID 11ad:1723 are known to output large amounts of PCIe AER errors during and after boot up, causing heavy lags and at times lock-ups: pcieport 0000:00:1c.5: AER: Correctable error message received from 0000:00:1c.5 pcieport 0000:00:1c.5: PCIe Bus Error: severity=Correctable, type=Physical Layer, (Receiver ID) pcieport 0000:00:1c.5: device [8086:9d15] error status/mask=00000001/00002000 pcieport 0000:00:1c.5: [ 0] RxErr Disable ASPM on this combo as a quirk. This patch is a revision of a previous patch (linked below) which attempted to disable ASPM for RTL8723BE on all Intel Skylake and Kaby Lake PCIe bridges. I take a more conservative approach as all known reports point to ASUSTek laptops of these two generations with this particular wireless card. Please note, however, before the rtl8723be finishes probing, the AER errors remained. After the module finishes probing, all AER errors would indeed be eliminated, along with heavy lags, poor network throughput, and/or occasional lock-ups. Cc: <stable(a)vger.kernel.org> Fixes: a619d1abe20c ("rtlwifi: rtl8723be: Add new driver") Reported-by: Liangliang Zou <rawdiamondmc(a)outlook.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218127 Link: https://lore.kernel.org/lkml/05390e0b-27fd-4190-971e-e70a498c8221@lwfinger.… Tested-by: Liangliang Zou <rawdiamondmc(a)outlook.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- drivers/net/wireless/realtek/rtlwifi/pci.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c index 0eafc4d125f9..898f597f70a9 100644 --- a/drivers/net/wireless/realtek/rtlwifi/pci.c +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c @@ -155,6 +155,16 @@ static void _rtl_pci_update_default_setting(struct ieee80211_hw *hw) ((u8)init_aspm) == (PCI_EXP_LNKCTL_ASPM_L0S | PCI_EXP_LNKCTL_ASPM_L1 | PCI_EXP_LNKCTL_CCC)) ppsc->support_aspm = false; + + /* RTL8723BE found on some ASUSTek laptops, such as F441U and + * X555UQ with subsystem ID 11ad:1723 are known to output large + * amounts of PCIe AER errors during and after boot up, causing + * heavy lags, poor network throughput, and occasional lock-ups. + */ + if (rtlpriv->rtlhal.hw_type == HARDWARE_TYPE_RTL8723BE && + (rtlpci->pdev->subsystem_vendor == 0x11ad && + rtlpci->pdev->subsystem_device == 0x1723)) + ppsc->support_aspm = false; } static bool _rtl_pci_platform_switch_device_pci_aspm( -- 2.49.0

6 months, 3 weeks

2
1
0 0

RE: Several questions for backporting fix for CVE-2024-50063 to linux-5.15/5.10

by Ren, Jianqi (Jacky) (CN)

Hello, We are evaluating CVE-2024-50063 for v5.15 and v5.10. But the context of v5.15 and v5.10 is behind current version quite a lot. It seems the suggested fix in https://www.cve.org/CVERecord?id=CVE-2024-50063, https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id…, requires https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… to work. But it seems risky to port so many changes. Is it worth porting commit f45d5b6ce2e8 plus 28ead3eaabc1 to v5.15 and v5.10? Is there any mitigation for this CVE? Is there any reproducer and test case for this CVE so that we could validate the fix if we decide to port it?

6 months, 3 weeks

1
0
0 0

[PATCH rc] iommu: Skip PASID validation for devices without PASID capability

by Tushar Dave

Generally PASID support requires ACS settings that usually create single device groups, but there are some niche cases where we can get multi-device groups and still have working PASID support. The primary issue is that PCI switches are not required to treat PASID tagged TLPs specially so appropriate ACS settings are required to route all TLPs to the host bridge if PASID is going to work properly. pci_enable_pasid() does check that each device that will use PASID has the proper ACS settings to achieve this routing. However, no-PASID devices can be combined with PASID capable devices within the same topology using non-uniform ACS settings. In this case the no-PASID devices may not have strict route to host ACS flags and end up being grouped with the PASID devices. This configuration fails to allow use of the PASID within the iommu core code which wrongly checks if the no-PASID device supports PASID. Fix this by ignoring no-PASID devices during the PASID validation. They will never issue a PASID TLP anyhow so they can be ignored. Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()") Cc: stable(a)vger.kernel.org Signed-off-by: Tushar Dave <tdave(a)nvidia.com> --- drivers/iommu/iommu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 4f91a740c15f..e01df4c3e709 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -3440,7 +3440,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, mutex_lock(&group->mutex); for_each_group_device(group, device) { - if (pasid >= device->dev->iommu->max_pasids) { + /* + * Skip PASID validation for devices without PASID support + * (max_pasids = 0). These devices cannot issue transactions + * with PASID, so they don't affect group's PASID usage. + */ + if ((device->dev->iommu->max_pasids > 0) && + (pasid >= device->dev->iommu->max_pasids)) { ret = -EINVAL; goto out_unlock; } -- 2.34.1

6 months, 3 weeks

5
8
0 0

[PATCH AUTOSEL 6.14 01/31] staging: gpib: Use min for calculating transfer length

by Sasha Levin

From: Dave Penkler <dpenkler(a)gmail.com> [ Upstream commit 76d54fd5471b10ee993c217928a39d7351eaff5c ] In the accel read and write functions the transfer length was being calculated by an if statement setting it to the lesser of the remaining bytes to read/write and the fifo size. Replace both instances with min() which is clearer and more compact. Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Julia Lawall <julia.lawall(a)inria.fr> Closes: https://lore.kernel.org/r/202501182153.qHfL4Fbc-lkp@intel.com/ Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250120145030.29684-1-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c index 3f4f95b7fe34a..0ba592dc98490 100644 --- a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c +++ b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c @@ -66,10 +66,7 @@ int agilent_82350b_accel_read(gpib_board_t *board, uint8_t *buffer, size_t lengt int j; int count; - if (num_fifo_bytes - i < agilent_82350b_fifo_size) - block_size = num_fifo_bytes - i; - else - block_size = agilent_82350b_fifo_size; + block_size = min(num_fifo_bytes - i, agilent_82350b_fifo_size); set_transfer_counter(a_priv, block_size); writeb(ENABLE_TI_TO_SRAM | DIRECTION_GPIB_TO_HOST, a_priv->gpib_base + SRAM_ACCESS_CONTROL_REG); @@ -200,10 +197,7 @@ int agilent_82350b_accel_write(gpib_board_t *board, uint8_t *buffer, size_t leng for (i = 1; i < fifotransferlength;) { clear_bit(WRITE_READY_BN, &tms_priv->state); - if (fifotransferlength - i < agilent_82350b_fifo_size) - block_size = fifotransferlength - i; - else - block_size = agilent_82350b_fifo_size; + block_size = min(fifotransferlength - i, agilent_82350b_fifo_size); set_transfer_counter(a_priv, block_size); for (j = 0; j < block_size; ++j, ++i) { // load data into board's sram -- 2.39.5

6 months, 3 weeks

3
34
0 0

[PATCH AUTOSEL 6.13 01/28] staging: gpib: Use min for calculating transfer length

by Sasha Levin

From: Dave Penkler <dpenkler(a)gmail.com> [ Upstream commit 76d54fd5471b10ee993c217928a39d7351eaff5c ] In the accel read and write functions the transfer length was being calculated by an if statement setting it to the lesser of the remaining bytes to read/write and the fifo size. Replace both instances with min() which is clearer and more compact. Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Julia Lawall <julia.lawall(a)inria.fr> Closes: https://lore.kernel.org/r/202501182153.qHfL4Fbc-lkp@intel.com/ Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250120145030.29684-1-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c index 8e2334fe5c9b8..533cc956b3f6c 100644 --- a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c +++ b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c @@ -69,10 +69,7 @@ int agilent_82350b_accel_read(gpib_board_t *board, uint8_t *buffer, size_t lengt int j; int count; - if (num_fifo_bytes - i < agilent_82350b_fifo_size) - block_size = num_fifo_bytes - i; - else - block_size = agilent_82350b_fifo_size; + block_size = min(num_fifo_bytes - i, agilent_82350b_fifo_size); set_transfer_counter(a_priv, block_size); writeb(ENABLE_TI_TO_SRAM | DIRECTION_GPIB_TO_HOST, a_priv->gpib_base + SRAM_ACCESS_CONTROL_REG); @@ -203,10 +200,7 @@ int agilent_82350b_accel_write(gpib_board_t *board, uint8_t *buffer, size_t leng for (i = 1; i < fifotransferlength;) { clear_bit(WRITE_READY_BN, &tms_priv->state); - if (fifotransferlength - i < agilent_82350b_fifo_size) - block_size = fifotransferlength - i; - else - block_size = agilent_82350b_fifo_size; + block_size = min(fifotransferlength - i, agilent_82350b_fifo_size); set_transfer_counter(a_priv, block_size); for (j = 0; j < block_size; ++j, ++i) { // load data into board's sram -- 2.39.5

6 months, 3 weeks

2
30
0 0

[PATCH AUTOSEL 6.13 01/34] KVM: s390: Don't use %pK through tracepoints

by Sasha Levin

From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> [ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ] Restricted pointers ("%pK") are not meant to be used through TP_format(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704… Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8… Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/s390/kvm/trace-s390.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h index 9ac92dbf680db..9e28f165c114c 100644 --- a/arch/s390/kvm/trace-s390.h +++ b/arch/s390/kvm/trace-s390.h @@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu, __entry->sie_block = sie_block; ), - TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK", + TP_printk("create cpu %d at 0x%p, sie block at 0x%p", __entry->id, __entry->vcpu, __entry->sie_block) ); @@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css, __entry->kvm = kvm; ), - TP_printk("enabling channel I/O support (kvm @ %pK)\n", + TP_printk("enabling channel I/O support (kvm @ %p)\n", __entry->kvm) ); -- 2.39.5

6 months, 3 weeks

2
35
0 0

[PATCH] PCI: dw-rockchip: Fix function call sequence in rockchip_pcie_phy_deinit

by Diederik de Haas

The documentation for the phy_power_off() function explicitly says Must be called before phy_exit(). So let's follow that instruction. Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Diederik de Haas <didi.debian(a)cknow.org> --- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c index c624b7ebd118..4f92639650e3 100644 --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c @@ -410,8 +410,8 @@ static int rockchip_pcie_phy_init(struct rockchip_pcie *rockchip) static void rockchip_pcie_phy_deinit(struct rockchip_pcie *rockchip) { - phy_exit(rockchip->phy); phy_power_off(rockchip->phy); + phy_exit(rockchip->phy); } static const struct dw_pcie_ops dw_pcie_ops = { -- 2.49.0

6 months, 3 weeks

5
6
0 0

[PATCH 6.1.y] jfs: define xtree root and page independently

by Aditya Dutt

From: Dave Kleikamp <dave.kleikamp(a)oracle.com> [ Upstream commit a779ed754e52d582b8c0e17959df063108bd0656 ] In order to make array bounds checking sane, provide a separate definition of the in-inode xtree root and the external xtree page. Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Tested-by: Manas Ghandat <ghandatmanas(a)gmail.com> (cherry picked from commit a779ed754e52d582b8c0e17959df063108bd0656) Closes: https://syzkaller.appspot.com/bug?extid=7cb897779f3c479d0615 Closes: https://syzkaller.appspot.com/bug?extid=6b1d79dad6cc6b3eef41 Closes: https://syzkaller.appspot.com/bug?extid=67f714a53ce18d5b542e Closes: https://syzkaller.appspot.com/bug?extid=e829cfdd0de521302df4 Reported-by: syzbot+7cb897779f3c479d0615(a)syzkaller.appspotmail.com Reported-by: syzbot+6b1d79dad6cc6b3eef41(a)syzkaller.appspotmail.com Reported-by: syzbot+67f714a53ce18d5b542e(a)syzkaller.appspotmail.com Reported-by: syzbot+e829cfdd0de521302df4(a)syzkaller.appspotmail.com Signed-off-by: Aditya Dutt <duttaditya18(a)gmail.com> --- I am sending this as per the suggestion by Greg to submit backports for all the relevant stable trees: https://lore.kernel.org/stable/2025042210-stylized-nearest-ea59@gregkh/ I will send one more mail for 5.15. This patch has been applied in >= 6.12 and has been backported to 6.6: 2ff51719ec615e1b373c1811443efe93594c41a9 syzbot checked the patch against 6.1.y and confirmed that the reproducer did not trigger any issues. check here: https://lore.kernel.org/all/680e4455.050a0220.3b8549.0082.GAE@google.com/ I also tested the patch manually using the C reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=15b291ef680000 (given in the syzkaller dashboard link) fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +++--- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 ++-- fs/jfs/jfs_xtree.c | 4 ++-- fs/jfs/jfs_xtree.h | 37 +++++++++++++++++++++++-------------- 6 files changed, 32 insertions(+), 23 deletions(-) diff --git a/fs/jfs/jfs_dinode.h b/fs/jfs/jfs_dinode.h index 6b231d0d0071..603aae17a693 100644 --- a/fs/jfs/jfs_dinode.h +++ b/fs/jfs/jfs_dinode.h @@ -96,7 +96,7 @@ struct dinode { #define di_gengen u._file._u1._imap._gengen union { - xtpage_t _xtroot; + xtroot_t _xtroot; struct { u8 unused[16]; /* 16: */ dxd_t _dxd; /* 16: */ diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index 155f66812934..9adb29e7862c 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -673,7 +673,7 @@ int diWrite(tid_t tid, struct inode *ip) * This is the special xtree inside the directory for storing * the directory table */ - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; jfs_ip->xtlid = 0; @@ -687,7 +687,7 @@ int diWrite(tid_t tid, struct inode *ip) * copy xtree root from inode to dinode: */ p = &jfs_ip->i_xtroot; - xp = (xtpage_t *) &dp->di_dirtable; + xp = (xtroot_t *) &dp->di_dirtable; lv = ilinelock->lv; for (n = 0; n < ilinelock->index; n++, lv++) { memcpy(&xp->xad[lv->offset], &p->xad[lv->offset], @@ -716,7 +716,7 @@ int diWrite(tid_t tid, struct inode *ip) * regular file: 16 byte (XAD slot) granularity */ if (type & tlckXTREE) { - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; /* diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h index 721def69e732..dd4264aa9bed 100644 --- a/fs/jfs/jfs_incore.h +++ b/fs/jfs/jfs_incore.h @@ -66,7 +66,7 @@ struct jfs_inode_info { lid_t xtlid; /* lid of xtree lock on directory */ union { struct { - xtpage_t _xtroot; /* 288: xtree root */ + xtroot_t _xtroot; /* 288: xtree root */ struct inomap *_imap; /* 4: inode map header */ } file; struct { diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index ce4b4760fcb1..dccc8b3f1045 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -783,7 +783,7 @@ struct tlock *txLock(tid_t tid, struct inode *ip, struct metapage * mp, if (mp->xflag & COMMIT_PAGE) p = (xtpage_t *) mp->data; else - p = &jfs_ip->i_xtroot; + p = (xtpage_t *) &jfs_ip->i_xtroot; xtlck->lwm.offset = le16_to_cpu(p->header.nextindex); } @@ -1676,7 +1676,7 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd, if (tlck->type & tlckBTROOT) { lrd->log.redopage.type |= cpu_to_le16(LOG_BTROOT); - p = &JFS_IP(ip)->i_xtroot; + p = (xtpage_t *) &JFS_IP(ip)->i_xtroot; if (S_ISDIR(ip->i_mode)) lrd->log.redopage.type |= cpu_to_le16(LOG_DIR_XTREE); diff --git a/fs/jfs/jfs_xtree.c b/fs/jfs/jfs_xtree.c index 2d304cee884c..5ee618d17e77 100644 --- a/fs/jfs/jfs_xtree.c +++ b/fs/jfs/jfs_xtree.c @@ -1213,7 +1213,7 @@ xtSplitRoot(tid_t tid, struct xtlock *xtlck; int rc; - sp = &JFS_IP(ip)->i_xtroot; + sp = (xtpage_t *) &JFS_IP(ip)->i_xtroot; INCREMENT(xtStat.split); @@ -2098,7 +2098,7 @@ int xtAppend(tid_t tid, /* transaction id */ */ void xtInitRoot(tid_t tid, struct inode *ip) { - xtpage_t *p; + xtroot_t *p; /* * acquire a transaction lock on the root diff --git a/fs/jfs/jfs_xtree.h b/fs/jfs/jfs_xtree.h index 142caafc73b1..15da4e16d8b2 100644 --- a/fs/jfs/jfs_xtree.h +++ b/fs/jfs/jfs_xtree.h @@ -65,24 +65,33 @@ struct xadlist { #define XTPAGEMAXSLOT 256 #define XTENTRYSTART 2 -/* - * xtree page: - */ -typedef union { - struct xtheader { - __le64 next; /* 8: */ - __le64 prev; /* 8: */ +struct xtheader { + __le64 next; /* 8: */ + __le64 prev; /* 8: */ - u8 flag; /* 1: */ - u8 rsrvd1; /* 1: */ - __le16 nextindex; /* 2: next index = number of entries */ - __le16 maxentry; /* 2: max number of entries */ - __le16 rsrvd2; /* 2: */ + u8 flag; /* 1: */ + u8 rsrvd1; /* 1: */ + __le16 nextindex; /* 2: next index = number of entries */ + __le16 maxentry; /* 2: max number of entries */ + __le16 rsrvd2; /* 2: */ - pxd_t self; /* 8: self */ - } header; /* (32) */ + pxd_t self; /* 8: self */ +}; +/* + * xtree root (in inode): + */ +typedef union { + struct xtheader header; xad_t xad[XTROOTMAXSLOT]; /* 16 * maxentry: xad array */ +} xtroot_t; + +/* + * xtree page: + */ +typedef union { + struct xtheader header; + xad_t xad[XTPAGEMAXSLOT]; /* 16 * maxentry: xad array */ } xtpage_t; /* -- 2.34.1

6 months, 3 weeks

1
0
0 0

[PATCH v4] arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2

by Wojciech Dubowik

Define vqmmc regulator-gpio for usdhc2 with vin-supply coming from LDO5. Without this definition LDO5 will be powered down, disabling SD card after bootup. This has been introduced in commit f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5"). Fixes: 6a57f224f734 ("arm64: dts: freescale: add initial support for verdin imx8m mini") Tested-by: Manuel Traut <manuel.traut(a)mt.com> Reviewed-by: Philippe Schenker <philippe.schenker(a)impulsing.ch> Tested-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Reviewed-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik(a)mt.com> --- v1 -> v2: https://lore.kernel.org/all/20250417112012.785420-1-Wojciech.Dubowik@mt.com/ - define gpio regulator for LDO5 vin controlled by vselect signal v2 -> v3: https://lore.kernel.org/all/20250422130127.GA238494@francesco-nb/ - specify vselect as gpio v3 -> v4: https://lore.kernel.org/all/84dc6fdf295902044d49cafc4479eb75477bba5c.camel@… - add reviewed and tested by tags and changed fixes --- .../boot/dts/freescale/imx8mm-verdin.dtsi | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi index 7251ad3a0017..b46566f3ce20 100644 --- a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi @@ -144,6 +144,19 @@ reg_usdhc2_vmmc: regulator-usdhc2 { startup-delay-us = <20000>; }; + reg_usdhc2_vqmmc: regulator-usdhc2-vqmmc { + compatible = "regulator-gpio"; + pinctrl-names = "default"; + pinctrl-0 = <&pinctrl_usdhc2_vsel>; + gpios = <&gpio1 4 GPIO_ACTIVE_HIGH>; + regulator-max-microvolt = <3300000>; + regulator-min-microvolt = <1800000>; + states = <1800000 0x1>, + <3300000 0x0>; + regulator-name = "PMIC_USDHC_VSELECT"; + vin-supply = <&reg_nvcc_sd>; + }; + reserved-memory { #address-cells = <2>; #size-cells = <2>; @@ -269,7 +282,7 @@ &gpio1 { "SODIMM_19", "", "", - "", + "PMIC_USDHC_VSELECT", "", "", "", @@ -785,6 +798,7 @@ &usdhc2 { pinctrl-2 = <&pinctrl_usdhc2_200mhz>, <&pinctrl_usdhc2_cd>; pinctrl-3 = <&pinctrl_usdhc2_sleep>, <&pinctrl_usdhc2_cd_sleep>; vmmc-supply = <&reg_usdhc2_vmmc>; + vqmmc-supply = <&reg_usdhc2_vqmmc>; }; &wdog1 { @@ -1206,13 +1220,17 @@ pinctrl_usdhc2_pwr_en: usdhc2pwrengrp { <MX8MM_IOMUXC_NAND_CLE_GPIO3_IO5 0x6>; /* SODIMM 76 */ }; + pinctrl_usdhc2_vsel: usdhc2vselgrp { + fsl,pins = + <MX8MM_IOMUXC_GPIO1_IO04_GPIO1_IO4 0x10>; /* PMIC_USDHC_VSELECT */ + }; + /* * Note: Due to ERR050080 we use discrete external on-module resistors pulling-up to the * on-module +V3.3_1.8_SD (LDO5) rail and explicitly disable the internal pull-ups here. */ pinctrl_usdhc2: usdhc2grp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x90>, /* SODIMM 78 */ <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x90>, /* SODIMM 74 */ <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x90>, /* SODIMM 80 */ @@ -1223,7 +1241,6 @@ pinctrl_usdhc2: usdhc2grp { pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x94>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x94>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x94>, @@ -1234,7 +1251,6 @@ pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp { pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x96>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x96>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x96>, @@ -1246,7 +1262,6 @@ pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp { /* Avoid backfeeding with removed card power */ pinctrl_usdhc2_sleep: usdhc2slpgrp { fsl,pins = - <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x0>, <MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x0>, <MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x0>, <MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x0>, -- 2.47.2

6 months, 3 weeks

3
2
0 0

Hope to hear from you soon..

by MRS NORAH JANE

My Dear, I am pleased to find your email address via google search when i was searching for my lost childhood friend which I have not seen for the past 30 years, i have been searching for him on all social media platforms to no avail. Actually I was searching for him because of my health, which started since covid 19, 2020, covid 19 killed every member of my family, I am the only surviving member. I Survived the pandemic through the assistance of the CDC, But my life has never remained the same since ever then. my heart and lungs is Severely affected and damaged, my life is gradually fading away before me. I was searching for my childhood friend to be the beneficiary of my family estate and funds in the bank. When I saw your name there was something fascinating about it. Please can you grant me the opportunity to make you the beneficiary. I shall be awaiting your response for more details. Thanks Mrs Norah Jane

6 months, 3 weeks

1
0
0 0

[PATCH 1/2] drm/dp: Correct Write_Status_Update_Request handling

by Wayne Lin

[Why] Notice few problems under I2C-write-over-Aux with Write_Status_Update_Request flag set cases: - I2C-write-over-Aux request with Write_Status_Update_Request flag set won't get sent upon the reply of I2C_ACK|AUX_ACK followed by “M” Value. Now just set the flag but won't send out - The I2C-over-Aux request command with Write_Status_Update_Request flag set is incorrect. Should be "SYNC->COM3:0 (= 0110)|0000-> 0000|0000-> 0|7-bit I2C address (the same as the last)-> STOP->". Address only transaction without length and data. - Upon I2C_DEFER|AUX_ACK Reply for I2C-read-over-Aux, soure should repeat the identical I2C-read-over-AUX transaction with the same LEN value. Not with Write_Status_Update_Request set. [How] Refer to DP v2.1: 2.11.7.1.5.3 & 2.11.7.1.5.4 - Clean aux msg buffer and size when constructing write status update request. - Send out Write_Status_Update_Request upon reply of I2C_ACK|AUX_ACK followed by “M” - Send Write_Status_Update_Request upon I2C_DEFER|AUX_ACK reply only when the request is I2C-write-over-Aux. Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 27 +++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index 6ee51003de3c..28f0708c3b27 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -1631,6 +1631,12 @@ static void drm_dp_i2c_msg_write_status_update(struct drm_dp_aux_msg *msg) msg->request &= DP_AUX_I2C_MOT; msg->request |= DP_AUX_I2C_WRITE_STATUS_UPDATE; } + + /* + * Address only transaction + */ + msg->buffer = NULL; + msg->size = 0; } #define AUX_PRECHARGE_LEN 10 /* 10 to 16 */ @@ -1797,10 +1803,22 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) case DP_AUX_I2C_REPLY_ACK: /* * Both native ACK and I2C ACK replies received. We - * can assume the transfer was successful. + * can't assume the transfer was completed. Both I2C + * WRITE/READ request may get I2C ack reply with partially + * completion. We have to continue to poll for the + * completion of the request. */ - if (ret != msg->size) - drm_dp_i2c_msg_write_status_update(msg); + if (ret != msg->size) { + drm_dbg_kms(aux->drm_dev, + "%s: I2C partially ack (result=%d, size=%zu)\n", + aux->name, ret, msg->size); + if (!(msg->request & DP_AUX_I2C_READ)) { + usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100); + drm_dp_i2c_msg_write_status_update(msg); + } + + continue; + } return ret; case DP_AUX_I2C_REPLY_NACK: @@ -1819,7 +1837,8 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg) if (defer_i2c < 7) defer_i2c++; usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100); - drm_dp_i2c_msg_write_status_update(msg); + if (!(msg->request & DP_AUX_I2C_READ)) + drm_dp_i2c_msg_write_status_update(msg); continue; -- 2.43.0

6 months, 3 weeks

3
2
0 0

[PATCH] MIPS: CPS: Fix potential NULL pointer dereferences in cps_prepare_cpus()

by Thorsten Blum

Check the return values of kcalloc() and exit early to avoid potential NULL pointer dereferences. Compile-tested only. Cc: stable(a)vger.kernel.org Fixes: 75fa6a583882e ("MIPS: CPS: Introduce struct cluster_boot_config") Fixes: 0856c143e1cd3 ("MIPS: CPS: Boot CPUs in secondary clusters") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- arch/mips/kernel/smp-cps.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/mips/kernel/smp-cps.c b/arch/mips/kernel/smp-cps.c index e85bd087467e..cc26d56f3ab6 100644 --- a/arch/mips/kernel/smp-cps.c +++ b/arch/mips/kernel/smp-cps.c @@ -332,6 +332,8 @@ static void __init cps_prepare_cpus(unsigned int max_cpus) mips_cps_cluster_bootcfg = kcalloc(nclusters, sizeof(*mips_cps_cluster_bootcfg), GFP_KERNEL); + if (!mips_cps_cluster_bootcfg) + goto err_out; if (nclusters > 1) mips_cm_update_property(); @@ -348,6 +350,8 @@ static void __init cps_prepare_cpus(unsigned int max_cpus) mips_cps_cluster_bootcfg[cl].core_power = kcalloc(BITS_TO_LONGS(ncores), sizeof(unsigned long), GFP_KERNEL); + if (!mips_cps_cluster_bootcfg[cl].core_power) + goto err_out; /* Allocate VPE boot configuration structs */ for (c = 0; c < ncores; c++) { -- 2.49.0

6 months, 3 weeks

2
1
0 0

[PATCH v3] mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS

by Khem Raj

GCC 15 changed the default C standard dialect from gnu17 to gnu23, which should not have impacted the kernel because it explicitly requests the gnu11 standard in the main Makefile. However, mips/vdso code uses its own CFLAGS without a '-std=' value, which break with this dialect change because of the kernel's own definitions of bool, false, and true conflicting with the C23 reserved keywords. include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, | ^~~~~ include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards include/linux/types.h:35:33: error: 'bool' cannot be defined via 'typedef' 35 | typedef _Bool bool; | ^~~~ include/linux/types.h:35:33: note: 'bool' is a keyword with '-std=c23' onwards Add -std as specified in KBUILD_CFLAGS to the decompressor and purgatory CFLAGS to eliminate these errors and make the C standard version of these areas match the rest of the kernel. Signed-off-by: Khem Raj <raj.khem(a)gmail.com> Cc: stable(a)vger.kernel.org --- v2: Filter the -std flag from KBUILD_CFLAGS instead of hardcoding v3: Adjust subject and commit message arch/mips/vdso/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/mips/vdso/Makefile b/arch/mips/vdso/Makefile index fb4c493aaffa..69d4593f64fe 100644 --- a/arch/mips/vdso/Makefile +++ b/arch/mips/vdso/Makefile @@ -27,6 +27,7 @@ endif # offsets. cflags-vdso := $(ccflags-vdso) \ $(filter -W%,$(filter-out -Wa$(comma)%,$(KBUILD_CFLAGS))) \ + $(filter -std=%,$(KBUILD_CFLAGS)) \ -O3 -g -fPIC -fno-strict-aliasing -fno-common -fno-builtin -G 0 \ -mrelax-pic-calls $(call cc-option, -mexplicit-relocs) \ -fno-stack-protector -fno-jump-tables -DDISABLE_BRANCH_PROFILING \

6 months, 3 weeks

2
1
0 0

[PATCH 0/3 V2] Fix erroneous ioctl returns

by Dave Penkler

Recent tests with timeouts > INT_MAX produced random error returns with usbtmc_get_stb. This was caused by assigning the return value of wait_event_interruptible_timeout to an int which overflowed to negative values. Also return value on success was the remaining number of jiffies instead of 0. These patches fix all the cases where the return of wait_event_interruptible_timeout was assigned to an int and the case of the remaining jiffies return in usbtmc_get_stb. Patch 1: Fixes usbtmc_get_stb Patch 2: Fixes usbtmc488_ioctl_wait_srq Patch 3: Fixes usbtmc_generic_read Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return drivers/usb/class/usbtmc.c | 53 ++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 22 deletions(-) -- Changes V1 => V2 Add cc to stable line 2.49.0

6 months, 3 weeks

1
3
0 0

BUG：KASAN: slab-use-after-free Read in jfs_lazycommit in linux6.12.24 and linux6.12.25(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " KASAN: slab-use-after-free Read in jfs_lazycommit " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025) and the Linux6.12.25(longterm maintenance, last updated on April 25, 2025) I will put the C language reproduction program for this bug at the end. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 ------------[ cut here ]----------------------------------------- TITLE: KASAN: slab-use-after-free Read in jfs_lazycommit ------------[ cut here ]------------ ================================================================== BUG: KASAN: slab-use-after-free in jfs_lazycommit+0xa1f/0xb10 fs/jfs/jfs_txnmgr.c:2736 Read of size 4 at addr ffff888060f7de94 by task jfsCommit/123 CPU: 1 UID: 0 PID: 123 Comm: jfsCommit Not tainted 6.12.24 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc0/0x5e0 mm/kasan/report.c:488 kasan_report+0xbd/0xf0 mm/kasan/report.c:601 jfs_lazycommit+0xa1f/0xb10 fs/jfs/jfs_txnmgr.c:2736 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 18638: kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394 kmalloc_noprof include/linux/slab.h:878 [inline] kzalloc_noprof include/linux/slab.h:1014 [inline] jfs_fill_super+0xdd/0xd40 fs/jfs/super.c:495 mount_bdev+0x1e9/0x2e0 fs/super.c:1693 legacy_get_tree+0x109/0x220 fs/fs_context.c:662 vfs_get_tree+0x94/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3512 [inline] path_mount+0x6b2/0x1ea0 fs/namespace.c:3839 do_mount fs/namespace.c:3852 [inline] __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x284/0x310 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 9521: kasan_save_stack+0x24/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x54/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2363 [inline] slab_free mm/slub.c:4601 [inline] kfree+0x14b/0x4b0 mm/slub.c:4749 generic_shutdown_super+0x15c/0x3d0 fs/super.c:642 kill_block_super+0x3b/0x90 fs/super.c:1710 deactivate_locked_super+0xbc/0x1a0 fs/super.c:473 deactivate_super+0xb1/0xd0 fs/super.c:506 cleanup_mnt+0x2df/0x430 fs/namespace.c:1373 task_work_run+0x169/0x260 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xd8/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff888060f7de00 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 148 bytes inside of freed 256-byte region [ffff888060f7de00, ffff888060f7df00) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060f7c800 pfn:0x60f7c head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 04fff00000000040 ffff88801ac41b40 0000000000000000 dead000000000001 raw: ffff888060f7c800 000000000010000f 00000001f5000000 0000000000000000 head: 04fff00000000040 ffff88801ac41b40 0000000000000000 dead000000000001 head: ffff888060f7c800 000000000010000f 00000001f5000000 0000000000000000 head: 04fff00000000001 ffffea000183df01 ffffffffffffffff 0000000000000000 head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9543, tgid 9543 (syz-executor), ts 103433205575, free_ts 103378736576 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2e7/0x350 mm/page_alloc.c:1558 prep_new_page mm/page_alloc.c:1566 [inline] get_page_from_freelist+0xe4e/0x2b20 mm/page_alloc.c:3476 __alloc_pages_noprof+0x219/0x21f0 mm/page_alloc.c:4754 alloc_pages_mpol_noprof+0x2b6/0x600 mm/mempolicy.c:2269 alloc_slab_page mm/slub.c:2433 [inline] allocate_slab mm/slub.c:2599 [inline] new_slab+0x2d5/0x420 mm/slub.c:2652 ___slab_alloc+0xbb7/0x1860 mm/slub.c:3840 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3930 __slab_alloc_node mm/slub.c:3983 [inline] slab_alloc_node mm/slub.c:4144 [inline] __do_kmalloc_node mm/slub.c:4285 [inline] __kmalloc_noprof+0x388/0x430 mm/slub.c:4298 kmalloc_noprof include/linux/slab.h:882 [inline] kmalloc_array_noprof include/linux/slab.h:923 [inline] batadv_hash_new+0x6f/0x2f0 net/batman-adv/hash.c:52 batadv_bla_init+0x3ff/0x750 net/batman-adv/bridge_loop_avoidance.c:1567 batadv_mesh_init+0x529/0x9b0 net/batman-adv/main.c:212 batadv_softif_init_late+0xbd6/0xf40 net/batman-adv/soft-interface.c:812 register_netdevice+0x651/0x1bf0 net/core/dev.c:10484 batadv_softif_newlink+0x72/0xa0 net/batman-adv/soft-interface.c:1089 rtnl_newlink_create net/core/rtnetlink.c:3542 [inline] __rtnl_newlink+0x1138/0x18e0 net/core/rtnetlink.c:3762 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3775 page last free pid 26 tgid 26 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_page+0x714/0x10c0 mm/page_alloc.c:2659 vfree+0x172/0x940 mm/vmalloc.c:3378 delayed_vfree_work+0x57/0x70 mm/vmalloc.c:3298 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Memory state around the buggy address: ffff888060f7dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888060f7de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888060f7de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888060f7df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888060f7df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== #define _GNU_SOURCE #include <dirent.h> #include <endian.h> #include <errno.h> #include <fcntl.h> #include <pthread.h> #include <setjmp.h> #include <signal.h> #include <stdarg.h> #include <stdbool.h> #include <stddef.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/mount.h> #include <sys/prctl.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <time.h> #include <unistd.h> #include <linux/futex.h> #include <linux/loop.h> #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler(a)alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; const int umount_flags = MNT_FORCE | UMOUNT_NOFOLLOW; retry: while (umount2(dir, umount_flags) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, umount_flags) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, umount_flags)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, umount_flags)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); if (symlink("/dev/binderfs", "./binderfs")) { } } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 4; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 0 ? 4000 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x200000000000, "jfs\000", 4); memcpy((void*)0x2000000004c0, "./bus\000", 6); memcpy( (void*)0x200000010140, "\x78\x9c\xec\xdd\x4d\x6f\x1d\x57\x19\x07\xf0\xe7\xbe\xf8\xfa\xa5\xb4" "\x8d\x2a\x54\x85\x88\x85\x9b\x42\x69\x29\xcd\x7b\x02\xe5\xad\x29\x0b" "\x16\xb0\x00\x09\x75\x4d\x22\xd7\xad\x02\x29\xa0\x24\x20\x5a\x59\xc4" "\x95\x17\x88\x0d\xf0\x11\x60\xd3\x0d\x8b\x7e\x05\x3e\x40\x3f\x03\xe2" "\x03\x10\xc9\x66\xd5\x05\x65\xd0\xd8\xe7\x24\xe3\xf1\x75\xae\x43\xe2" "\x3b\xd7\x3e\xbf\x9f\x74\x33\xf3\xcc\xb9\x63\x9f\xc9\xdf\xe3\xb9\xd7" "\x33\x73\x4f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\xf1\x83\xef\xff\xe4\x7c\x2f\x22\xae\xfd\x26\x2d\x38\x11\xf1\xb9" "\x18\x44\xf4\x23\x16\xeb\x7a\x39\xea\x99\xab\xf9\xf9\xc3\x88\x38\x19" "\xdb\xcd\xf1\x7c\x44\x0c\xe6\x23\xea\xf5\xb7\xff\x79\x36\xe2\x52\x44" "\x7c\xf2\x4c\xc4\xe6\xd6\xda\x4a\xbd\xf8\xc2\x01\xfb\x71\xf9\xdc\x9d" "\x5b\x9f\xfd\xf0\x7b\xff\xf8\xfd\x9f\x36\x4e\xfe\xec\xed\x9f\x7e\xd4" "\x6e\xff\xf1\xe7\x2f\x7e\xfc\x87\xbb\x11\x27\x7e\xf4\xfa\xc7\x9f\xdd" "\x7d\x32\xdb\x0e\x00\x00\x00\xa5\xa8\xaa\xaa\xea\xa5\xb7\xf9\xa7\xd2" "\xfb\xfb\x7e\xd7\x9d\x02\x00\xa6\x22\x1f\xff\xab\x24\x2f\x57\xab\xd5" "\x6a\xf5\x13\xad\xff\xd8\x9f\xad\xfe\xa8\x0b\xad\x9b\xaa\xf1\xee\x36" "\x8b\x88\x58\x6f\xae\x53\xbf\x66\x70\x3a\x1e\x00\x8e\x98\xf5\xf8\xb4" "\xeb\x2e\xd0\x21\xf9\x17\x6d\x18\x11\x4f\x75\xdd\x09\x60\xa6\xf5\xba" "\xee\x00\x87\x62\x73\x6b\x6d\xa5\x97\xf2\xed\x35\x8f\x07\xcb\x3b\xed" "\xf9\xef\x94\xbb\xf2\x5f\xef\xdd\xbf\xbf\x63\xbf\xe9\x24\xed\x6b\x4c" "\xa6\xf5\xf3\xb5\x11\x83\x78\x6e\x9f\xfe\x2c\x4e\xa9\x0f\xb3\x24\xe7" "\xdf\x6f\xe7\x7f\x6d\xa7\x7d\x94\x9e\x77\xd8\xf9\x4f\xcb\x7e\xf9\x8f" "\x76\x6e\x7d\x2a\x4e\xce\x7f\xd0\xce\xbf\x65\x57\xfe\x7f\x8e\x88\x23" "\x9b\x7f\x7f\x6c\xfe\xa5\xca\xf9\x0f\x1f\x25\xff\xf5\xc1\x11\xde\xff" "\xe5\x0f\x00\x00\x00\x00\xc0\xf1\x97\xff\xfe\x7f\xa2\xe3\xf3\xbf\xf3" "\x8f\xbf\x29\x07\xf2\xb0\xf3\xbf\xcb\x53\xea\x03\x00\x00\x00\x00\x00" "\x00\x00\x3c\x69\x8f\x3b\xfe\xdf\x7d\xc6\xff\x03\x00\x00\x80\x99\x55" "\xbf\x57\xaf\xfd\xe5\x99\x07\xcb\xf6\xfb\x2c\xb6\x7a\xf9\x5b\xbd\x88" "\xa7\x5b\xcf\x07\x0a\xb3\xdc\xf8\x70\x40\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x60\x3a\x86\x11\x4b\xe9\xba\xfe\xb9\x88\x78\x7a\x69\xa9" "\xaa\xaa\xfa\xd1\xd4\xae\x1f\xd5\xe3\xae\x7f\xd4\x95\xbe\xfd\x50\xb2" "\xae\x7f\xc9\x03\x00\xc0\x8e\x4f\x9e\x69\xdd\xcb\xdf\x8b\x58\x88\x88" "\xb7\xd2\x67\xfd\xcd\x2d\x2d\x2d\x55\xd5\xc2\xe2\x52\xb5\x54\x2d\xce" "\xe7\xd7\xb3\xa3\xf9\x85\x6a\xb1\xf1\xbe\x36\x4f\xeb\x65\xf3\xa3\x03" "\xbc\x20\x1e\x8e\xaa\xfa\x8b\x2d\x34\xd6\x6b\x9a\xf4\x7e\x79\x52\x7b" "\xfb\xeb\xd5\xdf\x6b\x54\x0d\x0e\xd0\xb1\xe9\xe8\x30\x70\x00\x88\x88" "\x9d\xa3\xd1\xa6\x23\xd2\x31\x53\x55\xcf\x46\xd7\xaf\x72\x38\x1a\xec" "\xff\xc7\x8f\xfd\x9f\x83\xe8\xfa\xe7\x14\x00\x00\x00\x38\x7c\x55\x55" "\x55\xbd\xf4\x71\xde\xa7\xd2\x39\xff\x7e\xd7\x9d\x02\x00\xa6\x22\x1f" "\xff\xdb\xe7\x05\xd4\x6a\xb5\x5a\xad\x56\x1f\xbf\xba\xa9\x1a\xef\x6e" "\xb3\x88\x88\xf5\xe6\x3a\xf5\x6b\x06\xc3\xf1\x03\xc0\x11\xb3\x1e\x9f" "\x76\xdd\x05\x3a\x24\xff\xa2\x0d\x23\xe2\x64\xd7\x9d\x00\x66\x5a\xaf" "\xeb\x0e\x70\x28\x36\xb7\xd6\x56\x7a\x29\xdf\x5e\xf3\x78\xb0\xbc\xd3" "\x9e\xaf\x05\xd9\x95\xff\x7a\x6f\x7b\xbd\xbc\xfe\xb8\xe9\x24\xed\x6b" "\x4c\xa6\xf5\xf3\xb5\x11\x83\x78\x6e\x9f\xfe\x3c\x3f\xa5\x3e\xcc\x92" "\x9c\x7f\xbf\x9d\xff\xb5\x9d\xf6\x3c\xc4\xff\x61\xe7\x3f\x2d\xfb\xe5" "\x5f\x6f\xe7\x89\x0e\xfa\xd3\xb5\x9c\xff\xa0\x9d\x7f\xcb\xf1\xc9\xbf" "\x3f\x36\xff\x52\xe5\xfc\x87\x8f\x94\xff\x40\xfe\x00\x00\x00\x00\x00" "\x30\xc3\xf2\xdf\xff\x4f\x38\xff\x9b\x37\x19\x00\x00\x00\x00\x00\x00" "\x00\x8e\x9c\xcd\xad\xb5\x95\x7c\xdf\x6b\x3e\xff\xff\xc5\x31\xcf\xeb" "\x35\xe7\xdc\xff\x79\x6c\xe4\xfc\x7b\x07\xce\xdf\xfd\xbf\xc7\x49\xce" "\xbf\xdf\xce\xbf\x75\x41\xce\xa0\x31\x7f\xef\xcd\x07\xf9\xff\x7b\x6b" "\x6d\xe5\xa3\x3b\xff\xfa\x42\x9e\xce\x7c\xfe\x73\x83\x51\xfd\xbd\xe7" "\x7a\xfd\xc1\x30\x5d\xf3\x53\xcd\xbd\x13\x37\xe2\x66\xac\xc6\xb9\x3d" "\xcf\x1f\xee\x6a\x3f\xbf\xa7\x7d\x6e\x57\xfb\x85\x09\xed\x17\xf7\xb4" "\x8f\xea\xf6\xc5\xdc\x7e\x26\x56\xe2\x97\x71\x33\xde\xbe\xdf\x3e\x3f" "\xe1\xc2\xa8\x85\x09\xed\xd5\x84\xf6\x9c\xff\xc0\xfe\x5f\xa4\x9c\xff" "\xb0\xf1\xa8\xf3\x5f\x4a\xed\xbd\xd6\xb4\x76\xef\xc3\xfe\x9e\xfd\xbe" "\x39\x1d\xf7\x7d\xae\xfe\xed\x3f\x2f\xed\xdd\xbb\xa6\x6f\x23\x06\xf7" "\xb7\xad\xa9\xde\xbe\xd3\x1d\xf4\x67\xfb\xff\xe4\xa9\x51\xfc\xfa\xf6" "\xea\xad\x33\xbf\xbd\x7e\xe7\xce\xad\xf3\x91\x26\xbb\x96\x5e\x88\x34" "\x79\xc2\x72\xfe\x73\xe9\x91\xf3\x7f\xf9\xc5\x9d\xf6\xfc\x7b\xbf\xb9" "\xbf\xde\xfb\x70\xf4\xc8\xf9\xcf\x8a\x8d\x18\xee\x9b\xff\x8b\x8d\xf9" "\x7a\x7b\x5f\x99\x72\xdf\xba\x90\xf3\x1f\xa5\x47\xce\x3f\x1f\x81\xc6" "\xef\xff\x47\x39\xff\xfd\xf7\xff\x57\x3b\xe8\x0f\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x3c\x4c\x55\x55\xdb\xb7\x88\x5e\x8d\x88" "\x2b\xe9\xfe\x9f\xae\xee\xcd\x04\x00\xa6\x2b\x1f\xff\xab\x24\x2f\x57" "\xab\xd5\x6a\xb5\x5a\x7d\xfc\xea\xa6\x6a\xbc\x37\x9a\x45\x44\xfc\xbd" "\xb9\x4e\xfd\x9a\xe1\x77\xe3\xbe\x18\x00\x30\xcb\xfe\x1b\x11\xff\xec" "\xba\x13\x74\x46\xfe\x05\xcb\x9f\xf7\x57\x4f\xbf\xd4\x75\x67\x80\xa9" "\xba\xfd\xfe\x07\x3f\xbf\x7e\xf3\xe6\xea\xad\xdb\x5d\xf7\x04\x00\x00" "\x00\x00\x00\x00\x00\xf8\x7f\xe5\xf1\x3f\x97\x1b\xe3\x3f\x6f\x5f\x07" "\xd4\x1a\x37\x7a\xd7\xf8\xaf\x6f\xc6\xf2\x8c\x8f\xff\xb9\xb8\x5f\xc3" "\x46\x7f\x34\xd8\x1e\xeb\x3c\x6d\xd0\x0b\xf1\xf0\xf1\xbf\x4f\xc7\xc3" "\xc7\xff\x1e\x4e\xe8\xc8\xdc\x84\xf6\xd1\x84\xf6\xf9\x09\xed\x0b\x13" "\xda\xc7\xde\xe8\xd1\x90\xf3\x7f\x21\x65\x9c\xf3\x3f\x95\x36\xac\xa4" "\xf1\x5f\x5f\xee\xa0\x3f\x5d\xcb\xf9\x9f\x4e\x63\x3d\xe7\xfc\xbf\xd2" "\x7a\x5e\x33\xff\xea\xaf\x47\x39\xff\xfe\xae\xfc\xcf\xde\x79\xef\x57" "\x67\x6f\xbf\xff\xc1\x6b\x37\xde\xbb\xfe\xee\xea\xbb\xab\xbf\x38\x7f" "\xee\xca\xa5\x8b\x97\x2f\x5d\xbc\x7c\xf9\xec\x3b\x37\x6e\xae\x9e\xdb" "\xf9\xb7\xc3\x1e\x1f\xae\x9c\x7f\x1e\xfb\xda\x75\xa0\x65\xc9\xf9\xe7" "\xcc\xe5\x5f\x96\x9c\xff\x97\x53\x2d\xff\xb2\xe4\xfc\x5f\x4a\xb5\xfc" "\xcb\x92\xf3\xcf\xaf\xf7\xe4\x5f\x96\x9c\x7f\x7e\xef\x23\xff\xb2\xe4" "\xfc\x5f\x49\xb5\xfc\xcb\x92\xf3\xff\x6a\xaa\xe5\x5f\x96\x9c\xff\xab" "\xa9\x96\x7f\x59\x72\xfe\x5f\x4b\xb5\xfc\xcb\x92\xf3\x7f\x2d\xd5\xf2" "\x2f\x4b\xce\xff\x4c\xaa\xe5\x5f\x96\x9c\xff\xd9\x54\xcb\xbf\x2c\x39" "\xff\x7c\x86\x4b\xfe\x65\xc9\xf9\xe7\x2b\x1b\xe4\x5f\x96\x9c\xff\x85" "\x54\xcb\xbf\x2c\x39\xff\x8b\xa9\x96\x7f\x59\x72\xfe\x97\x52\x2d\xff" "\xb2\xe4\xfc\x2f\xa7\x5a\xfe\x65\xc9\xf9\x5f\x49\xb5\xfc\xcb\x92\xf3" "\xff\x7a\xaa\xe5\x5f\x96\x9c\xff\x37\x52\x2d\xff\xb2\xe4\xfc\x5f\x4f" "\xb5\xfc\xcb\x92\xf3\xff\x66\xaa\xe5\x5f\x96\x9c\xff\xb7\x52\x2d\xff" "\xb2\xe4\xfc\xbf\x9d\x6a\xf9\x97\x25\xe7\xff\x9d\x54\xcb\xbf\x2c\x39" "\xff\xef\xa6\x5a\xfe\x65\xc9\xf9\xbf\x91\x6a\xf9\x97\xe5\xc1\xe7\xff" "\x9b\x31\x63\xc6\x4c\x9e\xe9\xfa\x37\x13\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\xd0\x36\x8d\xcb\x89\xbb\xde\x46\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\xf8\x1f\x3b\x70\x20\x00\x00\x00\x00\x00\xe4\xff\xda\x08\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55" "\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\xd8\x81\x03" "\x01\x00\x00\x00\x00\x20\xff\xd7\x46\xa8\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xc2\xde\xdd\xc5\xc8\x55\xde\xf7\x03" "\x3f\xfb\x66\xaf\x0d\x09\xfe\x87\x77\xe2\x80\x6d\xde\x0c\x2c\xec\xae" "\xdf\xc0\x21\x06\x93\x84\xfc\x29\xe9\x0b\x25\x21\x6d\x5a\x52\xe3\xd8" "\x6b\xe3\xc4\x6f\xf5\xee\x12\x40\xa8\xde\x14\xda\x12\x05\xa9\x48\xed" "\x05\xbd\x68\x9a\x44\x69\x14\xa9\xad\x40\x55\xa4\xa6\x12\x8d\x90\x1a" "\xa9\xbd\x6b\xae\x1a\x71\x13\xb5\x52\x2e\x7c\x01\x95\x83\x92\x56\xa9" "\x02\x5b\x9d\x39\xcf\xf3\xec\xcc\xec\xec\xcc\x7a\xed\xf1\xce\x9c\xf3" "\xf9\x20\xfc\xf3\xce\x9c\x99\x79\xe6\xcc\x99\xd9\xfd\xae\xf5\x9d\x01" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x80\x7a\x9b\x3f\x36\xf5\x27\x03\x59\x96\xe5\xff" "\xd7\xfe\xd8\x90\x65\x97\xe6\x7f\x5f\x97\xed\xcd\xbf\x9c\xdb\xb5\xda" "\x2b\x04\x00\x00\x00\xce\xd7\xbb\xb5\x3f\xff\xf6\xb2\x74\xc2\xde\x65" "\x5c\xa8\x6e\x9b\x7f\xb9\xfe\xdf\xbe\x3b\x3f\x3f\x3f\x9f\x7d\xfe\x9d" "\x33\xef\xfd\xd9\xfc\x7c\x3a\x63\x53\x96\x0d\xad\xcd\xb2\xda\x79\xd1" "\xbf\xfe\xe2\xe7\xf3\xf5\xdb\x04\xcf\x67\xa3\x03\x83\x75\x5f\x0f\x76" "\xb8\xf9\xa1\x0e\xe7\x0f\x77\x38\x7f\xa4\xc3\xf9\x6b\x3a\x9c\xbf\xb6" "\xc3\xf9\xa3\x1d\xce\x5f\xb4\x03\x16\x59\x57\xfc\x3e\xa6\x76\x65\x37" "\xd5\xfe\xba\xa1\xd8\xa5\xd9\x15\xd9\x48\xed\xbc\x9b\x5a\x5c\xea\xf9" "\x81\xb5\x83\x83\xf1\x77\x39\x35\x03\xb5\xcb\xcc\x8f\x1c\xca\x8e\x64" "\x47\xb3\xa9\x6c\x62\xd1\x65\x06\x6a\xff\x65\xd9\xeb\x9b\xf3\xdb\x7a" "\x28\x8b\xb7\x35\x58\x77\x5b\x1b\xb3\x2c\x3b\xfb\xd3\xe7\x0e\xc4\x35" "\x0c\x84\x7d\x7c\x53\xd6\x70\x63\x35\xf5\x8f\xdd\xdb\x0f\x64\x9b\xde" "\xf9\xe9\x73\x07\xbe\x3d\xf3\xd6\xb5\xad\x66\xc7\xdd\xb0\x68\xa5\x59" "\xb6\x75\x4b\xbe\xce\x17\xb2\x6c\xe1\xd7\x55\xd9\x40\xb6\x36\xed\x93" "\xb8\xce\xc1\xba\x75\x6e\x6c\xb1\xce\xa1\x86\x75\x0e\xd4\x2e\x97\xff" "\xbd\x79\x9d\x67\x97\xb9\xce\x78\xbf\x47\xc3\x3a\x7f\xd8\x66\x9d\x1b" "\xc3\x69\x4f\xdf\x98\x65\xd9\x5c\xb6\xe4\x36\xcd\x9e\xcf\x06\xb3\xf5" "\x4d\xb7\x9a\xf6\xf7\x68\x71\x44\xe4\xd7\x91\x3f\x94\x1f\xc8\x86\xcf" "\xe9\x38\xd9\xbc\x8c\xe3\x24\xbf\xcc\x4f\x6e\x6c\x3c\x4e\x9a\x8f\xc9" "\xb8\xff\x37\x87\x7d\x32\xbc\xc4\x1a\xea\x1f\x8e\xb7\xbf\xbc\x66\xd1" "\x7e\x5f\xe9\x71\x92\xdf\xeb\x5e\x38\x56\xf3\xeb\x7e\x24\xbf\xd1\xd1" "\xd1\xfa\x5f\xad\x36\x1c\xab\xf9\x36\xcf\xdd\xbc\xf4\x31\xd0\xf2\xb1" "\x6b\x71\x0c\xa4\x63\xb9\xee\x18\xd8\xd2\xe9\x18\x18\x5c\x33\x54\x3b" "\x06\x06\x17\xd6\xbc\xa5\xe1\x18\x98\x5c\x74\x99\xc1\x6c\xa0\x76\x5b" "\x67\x6e\x6e\x7f\x0c\x8c\xcf\x1c\x3b\x39\x3e\xfd\xcc\xb3\x77\x1e\x39" "\xb6\xff\xf0\xd4\xe1\xa9\xe3\x93\x13\xbb\x76\x6c\xdf\xb9\x63\xfb\xce" "\x9d\xe3\x87\x8e\x1c\x9d\x9a\x28\xfe\x3c\xb7\x5d\xda\x47\xd6\x67\x83" "\xe9\x18\xdc\x12\x5e\x6b\xe2\x31\x78\x6b\xd3\xb6\xf5\x87\xe4\xfc\x37" "\x2e\xdc\xf3\x60\xb4\x47\x9e\x07\xf9\x7d\xff\xf4\x2d\xf9\x82\x2e\x1d" "\xcc\x96\x38\xc6\xf3\x6d\x5e\xd8\x7a\xfe\xcf\x83\xf4\x7d\xbf\xee\x79" "\x30\x5c\xf7\x3c\x68\xf9\x9a\xda\xe2\x79\x30\xbc\x8c\xe7\x41\xbe\xcd" "\xd9\xad\xcb\xfb\x9e\x39\x5c\xf7\x7f\xab\x35\x74\xeb\xb5\x70\x43\xdd" "\x31\xb0\x9a\xdf\x0f\xf3\xdb\x7c\xfc\xb6\xa5\x5f\x0b\x37\x86\x75\xbd" "\x78\xfb\xb9\x7e\x3f\x1c\x5a\x74\x0c\xc4\xbb\x35\x10\x9e\x7b\xf9\x29" "\xe9\xe7\xbd\xd1\x7b\xc2\x7e\x59\x7c\x5c\x5c\x97\x9f\x71\xc9\x9a\x6c" "\x76\x7a\xea\xd4\x5d\x4f\xef\x9f\x99\x39\x35\x99\x85\x71\x51\x5c\x5e" "\xf7\x58\x35\x1f\x2f\xeb\xeb\xee\x53\xb6\xe8\x78\x19\x3c\xe7\xe3\x65" "\xef\xdf\xfc\xf2\x96\xeb\x5a\x9c\xbe\x21\xec\xab\xd1\x3b\xda\x3f\x56" "\xf9\x36\x3b\xc6\xda\x3f\x56\xb5\x57\xf7\xd6\xfb\xb3\xe1\xd4\x6d\x59" "\x18\x17\xd8\xc5\xde\x9f\xad\xbe\x9b\xe5\xfb\x33\x65\x89\x36\xfb\x33" "\xdf\xe6\x85\x3b\xcf\xff\x67\xc1\x94\x4b\xea\x5e\xff\x46\x3a\xbd\xfe" "\x0d\x8d\x0c\x17\xaf\x7f\x43\x69\x6f\x8c\x34\xbc\xfe\x2d\x7e\x68\x86" "\x6a\x2b\xcb\xb2\xb3\x77\x2e\xef\xf5\x6f\x24\xfc\x7f\xb1\x5f\xff\xae" "\xe8\x91\xd7\xbf\x7c\x5f\x3d\x7e\x57\xfb\x63\x20\xdf\xe6\xc5\xf1\x73" "\x3d\x06\x86\xdb\xbe\xfe\xdd\x18\xe6\x40\x58\xcf\x6d\x21\x31\x8c\xd6" "\xe5\xfe\xf7\x6a\xe7\xcf\x15\x87\x69\xdd\x63\xd9\xf1\xb8\x19\x1e\x1e" "\x09\xc7\xcd\x70\xbc\xc5\xc6\xe3\x66\xfb\xa2\xcb\xe4\xd7\x96\xdf\xf6" "\xd6\x89\x95\x1d\x37\x5b\x6f\x6c\x7c\xac\x1a\x7e\x6e\x29\xe1\x71\x93" "\xef\xab\x3f\x9f\x68\x7f\xdc\xe4\xdb\xbc\x31\x79\xfe\xaf\x1d\xeb\xe2" "\x5f\xeb\x5e\x3b\xd6\x74\x3a\x06\x46\x86\xd6\xe4\xeb\x1d\x49\x07\x41" "\xf1\x7a\x37\xbf\x2e\x1e\x03\x77\x65\x07\xb2\x13\xd9\xd1\xec\x60\xba" "\x4c\xfe\x28\xe7\xb7\x35\xb6\x6d\x79\xc7\xc0\x9a\xf0\xff\xc5\x7e\xed" "\xb8\xa6\x47\x8e\x81\x7c\x5f\xbd\xb2\xad\xfd\x31\x90\x6f\xf3\x83\xed" "\x17\xf6\x67\xa7\xad\xe1\x94\xb4\x4d\xdd\xcf\x4e\xcd\xbf\x5f\x58\x2a" "\xf3\x5f\x37\xbc\x70\x7d\xcd\xbb\xed\x42\x67\xfe\x7c\x9d\x1f\xdf\xd1" "\xfe\x77\x43\xf9\x36\x6f\xed\x38\xd7\x9c\xd1\x7e\x3f\xdd\x11\x4e\xb9" "\xa4\xc5\x7e\x6a\x7e\xfe\x2c\x75\x4c\x1f\xcc\x2e\xce\x7e\xba\x26\xac" "\xf3\xe8\xce\xf6\xbf\x9b\xca\xb7\xb9\x62\xd7\x32\x8f\xa7\xbd\x59\x96" "\xbd\x39\xf9\x66\xed\xf7\x5d\xe1\xf7\xbb\x7f\x3f\xfb\xef\xdf\x6d\xf8" "\xbd\x6f\xab\xdf\x29\xbf\x39\xf9\xe6\xc3\xe3\x8f\xfe\xe8\x5c\xd6\x0f" "\x00\xc0\xca\xbd\x57\xfb\x73\x6e\x4d\xf1\xb3\x66\xdd\xbf\x58\x2f\xe7" "\xdf\xff\x01\x00\x00\x80\xbe\x10\x73\xff\x60\x98\x89\xfc\x0f\x00\x00" "\x00\xa5\x11\x73\xff\x50\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff" "\x70\x98\x49\x45\xf2\xff\x93\xf7\xec\x7e\xf5\xdd\xd3\x59\x7a\x37\xc0" "\xf9\x20\x9e\x1f\x77\xc3\x23\xf7\x15\xdb\xc5\x8e\xf7\x5c\xf8\x7a\xd3" "\xfc\x82\xfc\xf4\x8f\x7e\x6b\xe4\xd5\xaf\x9c\x5e\xde\x6d\x0f\x66\x59" "\xf6\xcb\x87\x3f\xd8\x72\xfb\x27\xef\x8b\xeb\x2a\x9c\x8c\xeb\xfc\x70" "\xe3\xe9\x8b\x5c\x73\xc3\xb2\x6e\xff\x89\xc7\x16\xb6\xab\x7f\xff\x84" "\xb3\xbb\x8b\xeb\x8f\xf7\x67\xb9\x87\x41\xec\x2a\xbf\x3e\xbe\xad\x76" "\xbd\x9b\x9e\x99\xac\xcd\x37\x1e\xce\x6a\xf3\xd1\xb9\x17\x9f\x2f\xae" "\xbf\xf8\x3a\x6e\x7f\x66\x7b\xb1\xfd\x5f\x86\x37\x2d\xd9\x7b\x68\xa0" "\xe1\xf2\x5b\xc3\x7a\x6e\x0a\x73\x53\x78\x4f\x99\x47\xf6\x2e\xec\x87" "\x7c\xc6\xcb\xbd\xba\xf1\xfa\x7f\xbe\xfc\x33\x0b\xb7\x17\x2f\x37\xb0" "\xe5\xfd\xb5\xbb\xf9\xca\x1f\x14\xd7\x1b\xdf\x23\xea\xe5\xcb\x8b\xed" "\xe3\xfd\x5e\x6a\xfd\xff\xf4\xd5\xef\xbc\x9a\x6f\xff\xf4\xcd\xad\xd7" "\x7f\x7a\xb0\xf5\xfa\xcf\x84\xeb\xfd\x49\x98\xbf\xd8\x53\x6c\x5f\xbf" "\xcf\xbf\x52\xb7\xfe\x3f\x0a\xeb\x8f\xb7\x17\x2f\x77\xd7\x37\xbf\xdf" "\x72\xfd\xaf\x5d\x5d\x6c\xff\x5a\x38\x2e\xbe\x1e\x66\xf3\xfa\x1f\xf8" "\xd3\x0f\xbd\xdb\xea\xf1\x8a\xb7\xb3\xf7\xde\xe2\x72\xf1\xf6\x27\xfe" "\x7b\x47\xed\x72\xf1\xfa\xe2\xf5\x37\xaf\x7f\xf4\xf4\x64\xc3\xfe\x68" "\xbe\xfe\x37\xde\x29\xae\x67\xcf\x53\x3f\x1b\xaa\xdf\x3e\x9e\x1e\x6f" "\x27\x7a\xe2\xde\xc6\xe3\x7b\x20\x3c\xbe\x0d\x3d\xf2\x2c\xcb\xbe\xf3" "\xc7\x59\xc3\x7e\xce\x3e\x52\x5c\xee\x1f\x9b\xd6\x1f\xaf\xef\xe4\xbd" "\xad\xd7\x7f\x47\xd3\x3a\x4f\x0e\xdc\x50\xbb\xfc\xc2\xfd\xd9\xd0\x70" "\xbf\xbe\xf6\xd7\xdb\x5a\xde\xdf\xb8\x9e\xbd\x7f\xb7\xa1\xe1\xfe\xbc" "\xfc\x60\xd8\x7f\xef\x8c\xff\x20\xbf\xde\x33\x8f\x86\xe3\x31\x9c\xff" "\xbf\x3f\x2c\xae\xaf\xf9\xbd\x4c\x5f\x7b\xb0\xf1\xf5\x26\x6e\xff\xf5" "\x0d\xc5\xf3\x36\x5e\xdf\x78\xd3\xfa\x5f\x6e\x5a\xff\xdc\x0d\xf9\xbe" "\xeb\xbc\xfe\x87\xde\x29\xd6\xff\xda\xfd\x6b\x1b\xd6\xbf\xf7\x13\xe1" "\x78\x7a\xa8\x98\x9d\xd6\x7f\xf8\xaf\x2e\x6b\xb8\xfc\x37\xbe\x5d\x3c" "\x1e\xa7\xbe\x34\x76\xfc\xc4\xf4\xec\x91\x83\x75\x7b\xb5\xfe\x79\xbc" "\x76\x74\xdd\xfa\x4b\x2e\x7d\xdf\xfb\x2f\x0b\xaf\xa5\xcd\x5f\xef\x3b" "\x31\xf3\xe4\xd4\xa9\x4d\x13\x9b\x26\xb2\x6c\x53\x1f\xbe\x65\x60\xb7" "\xd7\xff\xcd\x30\xff\xab\x18\x73\x17\xfe\x16\x0a\x3f\xfa\x59\x71\xdc" "\xbd\xf4\xc9\xe2\xfb\xd6\xad\x3f\x2f\xbe\x7e\x39\x9c\xfe\x44\x78\x3c" "\xe3\xf7\xc7\xaf\xfd\xc5\x48\xc3\xf1\xda\xfc\xb8\xcf\xdd\x5f\xcc\xf3" "\x5d\xff\xed\x61\x1d\xcb\x75\xf5\x57\xff\xf3\x86\x65\x6d\x78\xe6\x73" "\xaf\xcf\xfe\xc3\x1f\xbe\xd5\xfc\x73\x41\xbc\x3f\x27\xaf\x1c\xad\xdd" "\xbf\x57\x36\x5f\x55\x3b\x6f\xe0\x8d\xe2\xfc\xe6\xd7\xab\x4e\xfe\xe3" "\xca\xc6\xe7\xf5\x8f\x87\x27\x6a\xf3\x7b\x61\xbf\xce\x87\x77\x66\xde" "\x72\x55\x71\x7b\xcd\xd7\x1f\xdf\x9b\xe4\xa5\x4f\x15\xcf\xdf\xf8\x93" "\x5c\xbc\x7c\xd6\xf4\x7e\x22\x1b\x86\x1a\xef\xc7\xf9\xae\xff\xc7\xe1" "\xe7\x98\xef\x5f\xd3\xf8\xfa\x17\x8f\x8f\xef\x9d\x6e\x7a\x37\xe7\x0d" "\xd9\x40\xbe\x84\xb9\xf0\xfa\x90\xcd\x15\xe7\xc7\xad\xe2\xfe\x7e\xe9" "\xec\x55\x2d\x6f\x2f\xbe\x0f\x4f\x36\x77\xed\xb9\x2c\x73\x49\xd3\xcf" "\x4c\x8f\x1f\x3d\x72\x7c\xf6\xe9\xf1\x99\xa9\xe9\x99\xf1\xe9\x67\x9e" "\xdd\x77\xec\xc4\xec\xf1\x99\x7d\xb5\xf7\x2e\xdd\xf7\x85\x4e\x97\x5f" "\x78\x7e\xaf\xaf\x3d\xbf\x0f\x4e\xed\xda\x91\xd5\x9e\xed\x27\x8a\xd1" "\x65\xab\xbd\xfe\x93\x8f\x1d\x38\x78\xf7\xc4\x2d\x07\xa7\x0e\xed\x9f" "\x3d\x34\xf3\xd8\xc9\xa9\x53\x87\x0f\x4c\x4f\x1f\x98\x3a\x38\x7d\xcb" "\xfe\x43\x87\xa6\xbe\xd4\xe9\xf2\x47\x0e\xee\x99\xdc\xb6\x7b\xfb\xdd" "\xdb\xc6\x0e\x1f\x39\xb8\xe7\x9e\xdd\xbb\xb7\xef\x1e\x3b\x72\xfc\x44" "\xbe\x8c\x62\x51\x1d\xec\x9a\xf8\xe2\xd8\xf1\x53\xfb\x6a\x17\x99\xde" "\xb3\x63\xf7\xe4\xce\x9d\x3b\x26\xc6\x8e\x9d\x38\x38\xb5\xe7\xee\x89" "\x89\xb1\xd9\x4e\x97\xaf\x7d\x6f\x1a\xcb\x2f\xfd\xd4\xd8\xa9\xa9\xa3" "\xfb\x67\x8e\x1c\x9b\x1a\x9b\x3e\xf2\xec\xd4\x9e\xc9\xdd\xbb\x76\x6d" "\xeb\xf8\xee\x8f\xc7\x4e\x1e\x9a\xde\x34\x7e\x6a\xf6\xf8\xf8\xec\xf4" "\xd4\xa9\xf1\xe2\xbe\x6c\x9a\xa9\x9d\x9c\x7f\xef\xeb\x74\x79\xaa\x61" "\xfa\x44\x78\xbd\x6b\x32\x10\x7e\x3a\xff\xec\x1d\xbb\xd2\xfb\xe3\xe6" "\xbe\xf5\xe5\x25\xaf\xaa\xd8\xa4\xf1\xc7\xd3\xec\xed\xf0\x5e\x50\xf1" "\xfb\x5b\xa7\xaf\x63\xee\x1f\x09\x33\xa9\x48\xfe\x07\x00\x00\x80\x2a" "\x88\xb9\x3f\xbc\xf1\xff\xc2\x19\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd" "\x6b\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x47\xc3\x4c\x2a\x92" "\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xbb\x49\xff\x5f" "\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a" "\xff\x3f\xe6\xfe\x75\x59\x56\xc9\xfc\x0f\x00\x00\x00\x55\x10\x73\xff" "\xfa\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x4b\xc2\x4c\xe4\x7f" "\x00\x00\x00\x28\x8d\x98\xfb\x2f\x0d\x33\xa9\x46\xfe\x1f\x59\xb8\xc7" "\xfa\xff\x99\xfe\xbf\xfe\xff\xa2\xfe\x7f\xdc\x56\xff\x3f\xd3\xff\xd7" "\xff\x5f\x21\xfd\x7f\xfd\xff\x76\xf4\xff\xf5\xff\xfb\x79\xfd\x3d\xd8" "\xff\x5f\xa7\xff\x4f\xaf\xe9\xb5\xfe\x7f\xcc\xfd\xef\x0b\x33\xa9\x46" "\xfe\x07\x00\x00\x80\x4a\x88\xb9\xff\xfd\x61\x26\xf2\x3f\x00\x00\x00" "\x94\x46\xcc\xfd\x97\x85\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\x6f" "\x08\x33\xa9\x48\xfe\xf7\xf9\xff\xfa\xff\xfa\xff\x3e\xff\x5f\xff\x5f" "\xff\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xf7\x60" "\xff\xdf\xe7\xff\xd3\x73\x7a\xad\xff\x1f\x73\xff\xff\x0b\x33\xa9\x48" "\xfe\x07\x00\x00\x80\x2a\x88\xb9\xff\x03\x61\x26\xf2\x3f\x00\x00\x00" "\x94\x46\xcc\xfd\x97\x87\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\x5f" "\x11\x66\x52\x91\xfc\xaf\xff\xaf\xff\xaf\xff\xaf\xff\xaf\xff\xaf\xff" "\xdf\x4d\xfa\xff\xfa\xff\xed\xe8\xff\xeb\xff\xf7\xf3\xfa\x2f\x74\xff" "\x3f\x1e\xab\xfa\xff\x94\x49\xaf\xf5\xff\x63\xee\xbf\x32\xcc\xa4\x22" "\xf9\x1f\x00\x00\x00\xaa\x20\xe6\xfe\xab\xc2\x4c\xe4\x7f\x00\x00\x00" "\x28\x8d\x98\xfb\xaf\x0e\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee\xbf" "\x26\xcc\xa4\x22\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff" "\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xfb\xfc\x7f" "\xfd\x7f\x3a\xeb\xb5\xfe\x7f\xcc\xfd\xd7\x86\x99\x54\x24\xff\x03\x00" "\x00\x40\x15\xc4\xdc\x7f\x5d\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73" "\xff\x07\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x37\x86\x99\x54" "\x24\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\x77\x53\x7f" "\xf5\xff\x07\x97\x3c\x47\xff\xbf\xa0\xff\xdf\x48\xff\x5f\xff\x5f\xff" "\x5f\xff\x9f\xf6\x7a\xad\xff\x1f\x73\xff\x87\xc2\x4c\x2a\x92\xff\x01" "\x00\x00\xa0\x0a\x62\xee\xbf\x3e\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88" "\xb9\xff\x86\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x4d\x61\x26" "\x15\xc9\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xdd\xd4" "\x5f\xfd\xff\xa5\xe9\xff\x17\xf4\xff\x1b\xe9\xff\xeb\xff\xeb\xff\xeb" "\xff\xd3\x5e\xaf\xf5\xff\x63\xee\xdf\x1c\x66\x52\x91\xfc\x0f\x00\x00" "\x00\x55\x10\x73\xff\x96\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe" "\x1b\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x6f\x0a\x33\xa9\x48" "\xfe\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xef\x26\xfd\xff" "\x32\xf6\xff\xff\x67\x5e\xff\xbf\xa0\xff\xaf\xff\xaf\xff\xdf\xb9\xff" "\xbf\xa6\xd3\x15\x51\x6a\xbd\xd6\xff\x8f\xb9\xff\xe6\x30\x93\x8a\xe4" "\x7f\x00\x00\x00\xa8\x82\x98\xfb\x6f\x09\x33\x91\xff\x01\x00\x00\xa0" "\x34\x62\xee\xbf\x35\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\x7f\x6b" "\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\x7f" "\x37\xe9\xff\x97\xb1\xff\xef\xf3\xff\x23\xfd\x7f\xfd\x7f\xfd\x7f\x9f" "\xff\x4f\x7b\xbd\xd6\xff\x8f\xb9\xff\xb6\x30\x93\x8a\xe4\x7f\x00\x00" "\x00\xa8\x82\x98\xfb\x6f\x0f\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee" "\xbf\x23\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\x7f\x2c\xcc\xa4\x22" "\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xca\xda" "\xff\x4f\xaf\xa3\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\x2c" "\xa9\xd7\xfa\xff\x31\xf7\xdf\x19\x66\x52\x91\xfc\x0f\x00\x00\x00\x55" "\x10\x73\xff\x5d\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd\xe3\x61" "\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd\x13\x61\x26\xcd\xf9\x7f\xf4" "\x62\xae\xea\xe2\xd1\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xef" "\xa6\xb2\xf6\xff\x57\xfb\xf3\xff\xd7\x85\xa9\xff\x5f\xd0\xff\x5f\x99" "\xd5\xee\xcf\xf7\xfb\xfa\xf5\xff\xf5\xff\xe9\xac\xd7\xfa\xff\x31\xf7" "\x4f\x86\x99\xf8\xf7\x7f\x00\x00\x00\x28\x8d\x98\xfb\xb7\x85\x99\xc8" "\xff\x00\x00\x00\x50\x1a\x31\xf7\x6f\x0f\x33\x91\xff\x01\x00\x00\xa0" "\x34\x62\xee\xdf\x11\x66\x52\x91\xfc\xaf\xff\xaf\xff\xaf\xff\xaf\xff" "\xaf\xff\xaf\xff\xdf\x4d\xfa\xff\x3e\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e" "\x5e\xbf\xfe\xbf\xfe\x3f\x8d\x06\x5b\x9c\xd6\x6b\xfd\xff\x98\xfb\x77" "\x86\x99\x54\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xbf\x2b\xcc\x44\xfe" "\x07\x00\x00\x80\xd2\x88\xb9\xff\xee\x30\x13\xf9\x1f\x00\x00\x00\x4a" "\x23\xe6\xfe\x7b\xc2\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff" "\xf5\xff\xf5\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e" "\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xdd\x61\x26\x15\xc9" "\xff\x00\x00\x00\x50\x05\x31\xf7\x7f\x38\xcc\x44\xfe\x07\x00\x00\x80" "\xd2\x88\xb9\xff\xde\x30\x13\xf9\x1f\x00\x00\x00\xfa\x4a\xab\xcf\x21" "\x8c\x62\xee\xff\x48\x98\x49\x45\xf2\xbf\xfe\x7f\xd9\xfb\xff\xf3\x6b" "\xf5\xff\xf5\xff\xf5\xff\xdb\xaf\xbf\x67\xfa\xff\xe1\x25\x58\xff\xff" "\xdc\xe8\xff\xeb\xff\x67\xfa\xff\x2b\xb6\xda\xfd\xf9\x7e\x5f\xbf\xfe" "\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\x3d\x61\x26\x15\xc9\xff\x00" "\x00\x00\x50\x05\x31\xf7\xdf\x17\x66\x22\xff\x03\x00\x00\x40\x69\xc4" "\xdc\x7f\x7f\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff\xde\x30\x93" "\x8a\xe4\x7f\xfd\xff\xb2\xf7\xff\x7d\xfe\xbf\xfe\x7f\x9f\xf6\xff\x47" "\x2b\xd8\xff\xf7\xf9\xff\x2b\xa2\xff\xaf\xff\x9f\xe9\xff\xaf\xd8\x4a" "\xfb\xf3\xe1\xc7\x16\xfd\xff\x1e\xea\xff\xe7\xc7\x90\xfe\x3f\xbd\xa8" "\xd7\xfa\xff\x31\xf7\x3f\x10\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10" "\x73\xff\x47\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x3f\x16\x66" "\x22\xff\x03\x00\x00\x40\x69\xc4\xdc\xff\xf1\x30\x93\x8a\xe4\x7f\xfd" "\x7f\xfd\x7f\xfd\x7f\xfd\xff\x9e\xec\xff\x57\xf1\xf3\xff\xf5\xff\x57" "\x44\xff\x5f\xff\x3f\xd3\xff\x5f\xb1\xd5\xee\xcf\xf7\xfb\xfa\x7b\xa9" "\xff\xef\xf3\xff\xe9\x55\xbd\xd6\xff\x8f\xb9\xff\xc1\x30\x93\x8a\xe4" "\x7f\x00\x00\x00\xa8\x82\x98\xfb\x3f\x11\x66\x22\xff\x03\x00\x00\x40" "\x69\xc4\xdc\xff\xff\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x1f" "\x0a\x33\xa9\x48\xfe\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xaf\x70\xff\x7f" "\x5d\xb6\xaa\xfd\xff\xe2\x9a\xf4\xff\xcf\x4f\xdf\xf7\xff\x4f\x9f\xdf" "\xfa\xf5\xff\x0b\xfa\xff\x2b\xb3\xda\xfd\xf9\x7e\x5f\xbf\xfe\xbf\xfe" "\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\x5f\x09\x33\xa9\x48\xfe\x07\x00\x00" "\x80\x2a\x88\xb9\xff\xe1\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe" "\x4f\x86\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\xff\x6a\x98\x49\x45" "\xf2\xbf\xfe\xff\xc5\xe9\xff\x0f\xa6\xeb\xd7\xff\xd7\xff\xaf\x6a\xff" "\xff\x92\x5e\xec\xff\xd7\x9c\x7f\xff\x7f\x20\xb4\xb6\x7d\xfe\x7f\x2b" "\xfa\xff\x3e\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf\xfe\x3f" "\x9d\xf5\x5a\xff\x3f\xe6\xfe\x5f\x0b\x33\xa9\x48\xfe\x07\x00\x00\x80" "\x2a\x88\xb9\xff\xd7\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x7f" "\x23\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\xff\x91\x30\x93\x8a\xe4" "\x7f\xfd\x7f\x9f\xff\xaf\xff\xaf\xff\x5f\xe1\xcf\xff\xaf\x59\xbd\xcf" "\xff\xd7\xff\xbf\x10\xf4\xff\xf5\xff\x33\xfd\xff\x15\x5b\xed\xfe\x7c" "\xbf\xaf\x5f\xff\x5f\xff\x9f\xce\x7a\xad\xff\x1f\x73\xff\x6f\x86\x99" "\x54\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xff\x68\x98\x49\xca\xff\x83" "\xab\xb0\x2a\x00\x00\x00\xe0\x42\x8a\xb9\xff\x53\x61\x26\xfe\xfd\x1f" "\x00\x00\x00\x4a\x23\xe6\xfe\x4f\x87\x99\x54\x24\xff\xeb\xff\xeb\xff" "\xeb\xff\xeb\xff\x77\xa1\xff\x5f\xdb\x44\xff\x5f\xff\x3f\xd3\xff\xd7" "\xff\xef\x40\xff\x5f\xff\xbf\x9f\xd7\xaf\xff\xaf\xff\x4f\x67\xbd\xd6" "\xff\x8f\xb9\xff\xb1\x30\x93\x8a\xe4\x7f\x00\x00\x00\xa8\x82\x98\xfb" "\x3f\x13\x66\x22\xff\x03\x00\x00\x40\x69\xc4\xdc\xff\x5b\x61\x26\xf2" "\x3f\x00\x00\x00\x94\x46\xcc\xfd\xbf\x1d\x66\x52\x91\xfc\xaf\xff\xaf" "\xff\xaf\xff\xaf\xff\xef\xf3\xff\xf5\xff\xbb\x49\xff\x7f\x71\xff\x3f" "\x7f\x0d\x5b\xcd\xfe\xff\x9a\xe5\x6c\xa8\xff\xbf\x2c\xfa\xff\xfa\xff" "\xfa\xff\xfa\xff\xb4\xd7\x6b\xfd\xff\x98\xfb\x3f\x1b\x66\x52\x91\xfc" "\x0f\x00\x00\x00\x55\x10\x73\xff\xef\x84\x99\xc8\xff\x00\x00\x00\x50" "\x1a\x31\xf7\xff\x6e\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff\xe3" "\x61\x26\x15\xc9\xff\xfa\xff\xfa\xff\xfa\xff\xe7\xde\xff\x0f\x0f\x97" "\xfe\x7f\xd3\x7a\xf4\xff\xf5\xff\x5b\xd1\xff\xf7\xf9\xff\xed\xe8\xff" "\xeb\xff\xf7\xf3\xfa\xf5\xff\xf5\xff\xe9\xac\xd7\xfa\xff\x31\xf7\x7f" "\x2e\xcc\xa4\x22\xf9\x1f\x00\x00\x00\xaa\x20\xe6\xfe\xdf\x0b\x33\x91" "\xff\x01\x00\x00\xa0\x34\x62\xee\xdf\x17\x66\x22\xff\x03\x00\x00\x40" "\x69\xc4\xdc\xff\x44\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xcf" "\xff\xd7\xff\xd7\xff\xef\x26\xfd\x7f\xfd\xff\x76\xf4\xff\xf5\xff\xfb" "\x79\xfd\xfa\xff\xfa\xff\x74\xd6\x6b\xfd\xff\x98\xfb\xf7\x87\x99\x54" "\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xff\xf9\x30\x13\xf9\x1f\x00\x00" "\x00\x4a\x23\xe6\xfe\x03\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd" "\x07\xc3\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5" "\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf" "\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xa9\x30\x93\x8a\xe4\x7f\x00\x00" "\x00\xa8\x82\x98\xfb\x0f\x85\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7" "\x1f\x0e\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee\x7f\x32\xcc\xa4\x22" "\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xf4\xff" "\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xeb\xff\xeb\xff\xd3\x59\xaf" "\xf5\xff\x63\xee\x3f\x12\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10\x73" "\xff\x17\xc2\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\xbf\x18\x66\x22" "\xff\x03\x00\x00\x40\x69\xc4\xdc\x7f\x34\xcc\xa4\x22\xf9\x5f\xff\x5f" "\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1" "\xff\xd7\xff\xef\xe7\xf5\xeb\xff\xeb\xff\xd3\x59\xaf\xf5\xff\x63\xee" "\x3f\x16\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10\x73\xff\xf1\x30\x13" "\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x13\x61\x26\xf2\x3f\x00\x00\x00" "\x94\x46\xcc\xfd\x27\xc3\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5" "\xff\xf5\xff\xf5\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e" "\x5e\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xdf\x0f\x33\xa9" "\x48\xfe\x07\x00\x00\x80\x2a\x88\xb9\xff\x54\x98\x89\xfc\x0f\x00\x00" "\x00\xa5\x11\x73\xff\x74\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff" "\x4c\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe" "\x7f\x37\xe9\xff\xeb\xff\xb7\xa3\xff\xaf\xff\xdf\xcf\xeb\xd7\xff\xd7" "\xff\xa7\xb3\x5e\xeb\xff\xc7\xdc\x3f\x1b\x66\x52\x91\xfc\x0f\x00\x00" "\x00\x55\x10\x73\xff\x53\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd" "\xff\xc7\xde\x7d\xed\xe8\x75\x56\x71\x1c\xfe\x02\x84\x04\x21\xc4\xb5" "\x70\x05\x5c\x02\xc7\x1c\x72\x15\x74\x42\x87\xd0\x7b\xef\xbd\xf7\xde" "\x7b\xef\x35\xf4\xde\x09\x84\x5e\x82\x64\x14\xcf\x5a\x2b\x91\x3d\xde" "\xdb\x33\x9e\xcf\xdf\xbb\xdf\xf5\x3c\x07\x59\xb2\x30\xf6\x2b\x46\x08" "\xfd\x85\x7e\xda\xf7\x8f\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x07" "\xc4\x2d\x4d\xf6\xbf\xfe\x5f\xff\xaf\xff\x1f\xa6\xff\x3f\xea\xfc\xf4" "\xff\xfa\x7f\xfd\xff\x89\xe8\xff\xf5\xff\xbb\x89\xfb\xff\xeb\x2f\xf8" "\xfb\xf4\xff\x63\xbd\x5f\xff\xaf\xff\x67\xdd\x68\xfd\x7f\xee\xfe\x07" "\xc6\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x41\x71\x8b\xfd\x0f" "\x00\x00\x00\xd3\xc8\xdd\xff\xe0\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4" "\xee\x7f\x48\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\xff\x61\xfa\x7f\xdf" "\xff\xcf\x9f\xab\xfe\x5f\xff\x7f\x02\xfa\x7f\xfd\xff\x6e\xe2\xfe\xff" "\x42\xfa\xff\xb1\xde\xbf\xe1\xfe\xff\x6e\x3b\xfd\x3f\x57\xc9\x68\xfd" "\x7f\xee\xfe\x87\xc6\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x61" "\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\x7f\x43\xdc\x62\xff\x03\x00" "\x00\xc0\x34\x72\xf7\x3f\x3c\x6e\x69\xb2\xff\xf5\xff\xfa\x7f\xfd\xbf" "\xfe\x5f\xff\xaf\xff\xdf\x27\xfd\xbf\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5" "\xf7\x6f\xb8\xff\x3f\x4f\xff\xcf\xd5\x30\x5a\xff\x9f\xbb\xff\x11\x71" "\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee\x7f\x64\xdc\x62\xff\x03\x00" "\x00\xc0\x34\x72\xf7\x3f\x2a\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb" "\x1f\x1d\xb7\x34\xd9\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff" "\xef\x93\xfe\x5f\xff\xbf\x44\xff\xaf\xff\xdf\xf2\xfb\xf5\xff\xfa\x7f" "\xd6\x8d\xd6\xff\xe7\xee\x7f\x4c\xdc\xd2\x64\xff\x03\x00\x00\x40\x07" "\xb9\xfb\x1f\x1b\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\x8f\x8b\x5b" "\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\xc7\xc7\x2d\x4d\xf6\xbf\xfe\x5f" "\xff\xbf\x95\xfe\xff\x2e\xfa\xff\xa2\xff\xd7\xff\x6f\x89\xfe\x5f\xff" "\xbf\x44\xff\xaf\xff\xdf\xf2\xfb\xf5\xff\xfa\x7f\xd6\xed\xbd\xff\xbf" "\xcf\x8d\xe7\xef\xe5\xf6\xff\xb9\xfb\x6f\x8c\x5b\x9a\xec\x7f\x00\x00" "\x00\xe8\x20\x77\xff\x13\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff" "\x89\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xa4\xb8\xa5\xc9\xfe" "\xd7\xff\xeb\xff\x6f\xef\xff\xcf\x5d\x33\x72\xff\x7f\xdc\xfb\xf5\xff" "\xfa\xff\x9d\xfe\x7f\x78\x0b\xef\xbf\xee\x2c\xfe\x7c\xfd\xbf\xfe\x7f" "\xa7\xff\x3f\xb5\x4b\xf7\xf3\x97\xf7\x9f\x84\xfe\x5f\xff\xaf\xff\x67" "\xcd\xde\xfb\xff\x95\xde\xff\xc2\x5f\xe7\xee\x7f\x72\xdc\xd2\x64\xff" "\x03\x00\x00\x40\x07\xb9\xfb\x9f\x12\xb7\xd8\xff\x00\x00\x00\x30\x8d" "\xdc\xfd\x4f\x8d\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\xa7\xc5\x2d" "\x4d\xf6\xbf\xfe\x5f\xff\xbf\x95\xef\xff\x1f\xf7\xfe\xd9\xfa\xff\x73" "\x37\x1c\xfd\x3c\xef\xf8\xe7\xe8\xff\xf5\xff\x13\xf7\xff\x67\x42\xff" "\xaf\xff\xdf\xe9\xff\x4f\xed\xd0\xfd\xfc\xd6\xdf\xbf\xd4\xff\xdf\xfb" "\x32\xde\xaf\xff\xa7\x83\xd1\xfa\xff\xdc\xfd\x4f\x8f\x5b\x9a\xec\x7f" "\x00\x00\x00\xe8\x20\x77\xff\x33\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91" "\xbb\xff\x99\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xac\xb8\xa5" "\xc9\xfe\xd7\xff\xeb\xff\xf5\xff\xe3\xf4\xff\xbe\xff\x1f\x3f\x57\xfd" "\xbf\xfe\xff\x04\xf4\xff\xfa\xff\xdd\x69\xfb\xff\xbb\xea\xff\x0f\xdd" "\xcf\x6f\xfd\xfd\xbe\xff\xaf\xff\x67\xdd\x68\xfd\x7f\xee\xfe\x67\xc7" "\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x39\x71\x8b\xfd\x0f\x00" "\x00\x00\xd3\xc8\xdd\xff\xdc\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee" "\x7f\x5e\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xff\x15\xf5\xff" "\x77\xd6\xff\xeb\xff\x97\xe9\xff\xf5\xff\x4b\x7c\xff\x5f\xff\xbf\xe5" "\xf7\xeb\xff\xf5\xff\xac\x3b\x4c\xff\x7f\xdb\xb8\x3a\xbe\xff\xcf\xdd" "\xff\xfc\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x20\x6e\xb1" "\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x18\xb7\xd8\xff\x00\x00\x00\x30" "\x8d\xdc\xfd\x2f\x8a\x5b\x9a\xec\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xf7" "\xfd\x7f\xfd\xff\x3e\xe9\xff\xa7\xeb\xff\xaf\xd1\xff\xdf\x4e\xff\xaf" "\xff\xd7\xff\xeb\xff\x59\x76\x98\xfe\xff\xd2\xbf\xce\xdd\xff\xe2\xb8" "\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x24\x6e\xb1\xff\x01\x00" "\x00\x60\x1a\xb9\xfb\x5f\x1a\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd" "\x2f\x8b\x5b\x9a\xec\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff" "\xf7\x49\xff\x3f\x5d\xff\xef\xfb\xff\x77\xa0\xff\xd7\xff\xeb\xff\xf5" "\xff\x2c\x1b\xad\xff\xcf\xdd\xff\xf2\xb8\xa5\xc9\xfe\x07\x00\x00\x80" "\x0e\x72\xf7\xbf\x22\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x19" "\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xaf\x8a\x5b\x9a\xec\x7f\xfd" "\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf7\x49\xff\xaf\xff\x5f\xa2" "\xff\x3f\xbe\xff\xbf\xfe\x12\x7f\x9f\xfe\x7f\xac\xf7\xeb\xff\xf5\xff" "\xac\x1b\xad\xff\xcf\xdd\xff\xea\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e" "\x72\xf7\xbf\x26\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x1b\xb7" "\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xaf\x8b\x5b\x9a\xec\xff\x4b\xf5" "\xff\xb7\xdc\xfd\xe8\x5f\xd7\xff\x5f\x1e\xfd\xff\xf1\xef\xd7\xff\xeb" "\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x7f\x89\xfe\xdf\xf7\xff\xb7\xfc\x7e" "\xfd\xbf\xfe\x9f\x75\xa7\xef\xff\x6f\xbd\xe0\x7f\x81\xce\xa6\xff\xcf" "\xdd\xff\xfa\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x21\x6e" "\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\xdf\x18\xb7\xd8\xff\x00\x00\x00" "\x30\x8d\xdc\xfd\x6f\x8a\x5b\x9a\xec\x7f\xdf\xff\xd7\xff\xeb\xff\xf5" "\xff\xfa\x7f\xfd\xff\x3e\xe9\xff\xf5\xff\x4b\xf4\xff\xfa\xff\x2d\xbf" "\x5f\xff\xaf\xff\x67\xdd\xe9\xfb\xff\x8b\xff\x2d\xe7\xff\x79\x85\xfd" "\x7f\xee\xfe\x37\xc7\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x2d" "\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xd6\xb8\xc5\xfe\x07\x00" "\x00\x80\x69\xe4\xee\x7f\x5b\xdc\xd2\x64\xff\xeb\xff\xf5\xff\x07\xef" "\xff\xef\xa4\xff\x4f\xfa\xff\xf8\xb9\xea\xff\xf5\xff\x27\xa0\xff\xd7" "\xff\xef\xf4\xff\xa7\x76\xe8\x7e\x7e\xeb\xef\xd7\xff\xeb\xff\x59\x37" "\x5a\xff\x9f\xbb\xff\xed\x71\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee" "\x7f\x47\xdc\x62\xff\x03\x00\x00\xc0\x34\xce\xef\xfe\x6b\xf3\x57\xf6" "\x3f\x00\x00\x00\xcc\xe8\x9d\xe7\xff\x79\xfd\xee\x5d\x71\x4b\x93\xfd" "\xaf\xff\xd7\xff\x1f\xbc\xff\xf7\xfd\xff\xa2\xff\x8f\x9f\xab\xfe\x5f" "\xff\x7f\x02\xfa\x7f\xfd\xff\x4e\xff\x7f\x6a\x87\xee\xe7\xb7\xfe\x7e" "\xfd\xbf\xfe\x9f\x75\xa3\xf5\xff\xb9\xfb\xdf\x1d\xb7\x34\xd9\xff\x00" "\x00\x00\xd0\x41\xee\xfe\xf7\xc4\x2d\xf6\x3f\x00\x00\x00\x4c\x23\x77" "\xff\x7b\xe3\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\x7d\x71\x4b\x93" "\xfd\xaf\xff\xd7\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xff\x3e\xe9\xff\xf5" "\xff\x4b\xf4\xff\xfa\xff\x2d\xbf\x5f\xff\xaf\xff\x67\xdd\x68\xfd\x7f" "\xee\xfe\xf7\xc7\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x03\x71" "\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xc1\xb8\xc5\xfe\x07\x00\x00" "\x80\x69\xe4\xee\xff\x50\xdc\xd2\x64\xff\xeb\xff\xb7\xde\xff\xdf\xef" "\xe6\x78\x81\xfe\x5f\xff\xaf\xff\xd7\xff\x0f\x49\xff\xaf\xff\x5f\xa2" "\xff\xd7\xff\x6f\xf9\xfd\xfa\x7f\xfd\x3f\xeb\x46\xeb\xff\x73\xf7\x7f" "\x38\x6e\x69\xb2\xff\x01\x00\x00\xa0\x83\xdc\xfd\x1f\x89\x5b\xec\x7f" "\x00\x00\x00\x98\x46\xee\xfe\x8f\xc6\x2d\xf6\x3f\x00\x00\x00\x4c\x23" "\x77\xff\xc7\xe2\x96\x26\xfb\xbf\x47\xff\x7f\xed\x45\xbf\x6d\x9e\xfe" "\xdf\xf7\xff\xf5\xff\xfa\x7f\xfd\xff\xd8\xf4\xff\xfa\xff\x25\xfa\x7f" "\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff\xc7\xe3" "\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\x89\xb8\xc5\xfe\x07\x00" "\x00\x80\x69\xe4\xee\xff\x64\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7" "\x7f\x2a\x6e\x69\xb2\xff\x7b\xf4\xff\x17\xd3\xff\x1f\x39\xf3\xfe\xff" "\xdc\x3d\xf5\xff\xfa\xff\xa2\xff\xd7\xff\xef\xf4\xff\xfa\xff\x15\xfa" "\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff\xa7" "\xe3\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\x99\xb8\xc5\xfe\x07" "\x00\x00\x80\x69\xe4\xee\xff\x6c\xdc\x62\xff\x03\x00\x00\xc0\x34\x72" "\xf7\x7f\x2e\x6e\xb8\xd7\x3d\x0e\xf7\xa4\xab\x4a\xff\xaf\xff\xf7\xfd" "\x7f\xfd\xbf\xfe\x5f\xff\xbf\x4f\xfa\x7f\xfd\xff\x12\xfd\xbf\xfe\x7f" "\xcb\xef\xd7\xff\xeb\xff\x59\x37\x5a\xff\x9f\xbb\xff\xf3\x71\x8b\xff" "\xff\x1f\x00\x00\x00\xa6\x91\xbb\xff\x0b\x71\x8b\xfd\x0f\x00\x00\x00" "\xd3\xc8\xdd\xff\xc5\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xff\x52" "\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff\xbf\x4f" "\xfa\x7f\xfd\xff\x12\xfd\xbf\xfe\x7f\xcb\xef\xd7\xff\xeb\xff\x59\x37" "\x5a\xff\x9f\xbb\xff\xcb\x71\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee" "\xff\x4a\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7\x7f\x35\x6e\xb1\xff" "\x01\x00\x00\x60\x1a\xb9\xfb\xbf\x16\xb7\x34\xd9\xff\xfa\x7f\xfd\xbf" "\xfe\x5f\xff\xaf\xff\xd7\xff\xef\x93\xfe\x5f\xff\xbf\x44\xff\xaf\xff" "\xdf\xf2\xfb\xf5\xff\xfa\x7f\xd6\x8d\xd6\xff\xe7\xee\xff\x7a\xdc\xd2" "\x64\xff\x03\x00\x00\x40\x07\xb9\xfb\xbf\x11\xb7\xd8\xff\x00\x00\x00" "\x30\x8d\xdc\xfd\xdf\x8c\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x6f" "\xc5\x2d\x4d\xf6\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf5\xff\xfb" "\xa4\xff\xd7\xff\x2f\xd1\xff\xeb\xff\xb7\xfc\x7e\xfd\xbf\xfe\x9f\x75" "\xa3\xf5\xff\xb9\xfb\xbf\x1d\xb7\x34\xd9\xff\x00\x00\x00\xd0\x41\xee" "\xfe\xef\xc4\x2d\xf6\x3f\x00\x00\x00\x4c\x23\x77\xff\x77\xe3\x16\xfb" "\x1f\x00\x00\x00\xa6\x91\xbb\xff\xa6\xb8\xa5\xc9\xfe\x9f\xb9\xff\x5f" "\xfa\x6d\xfa\xff\x23\xfa\x7f\xfd\xff\x4e\xff\xaf\xff\xdf\x33\xfd\xbf" "\xfe\x7f\xc9\xa9\xfb\xff\xf8\x2f\x9e\xfe\xff\xca\x1c\xba\x9f\xdf\xfa" "\xfb\xf5\xff\xfa\x7f\xd6\x8d\xd6\xff\xe7\xee\xff\x5e\xdc\xd2\x64\xff" "\x03\x00\x00\x40\x07\xb9\xfb\xbf\x1f\xb7\xd8\xff\x00\x00\x00\x30\x8d" "\xdc\xfd\x3f\x88\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x1f\xc6\x2d" "\x4d\xf6\xff\xcc\xfd\xff\x12\xfd\xff\x11\xfd\xbf\xfe\x7f\xa7\xff\xd7" "\xff\xef\x99\xfe\x5f\xff\xbf\xc4\xf7\xff\xf5\xff\x5b\x7e\xbf\xfe\x5f" "\xff\xcf\xba\xd1\xfa\xff\xdc\xfd\x3f\x8a\x5b\x9a\xec\x7f\x00\x00\x00" "\xe8\x20\x77\xff\x8f\xe3\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\x27" "\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xd3\xb8\xa5\xc9\xfe\xd7" "\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x7f\x9f\xf4\xff\xfa\xff\x25" "\xfa\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff" "\xcf\xe2\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\xf3\xb8\xc5\xfe" "\x07\x00\x00\x80\x69\xe4\xee\xff\x45\xdc\x62\xff\x03\x00\x00\xc0\x34" "\x72\xf7\xff\x32\x6e\x69\xb2\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff" "\xaf\xff\xdf\x27\xfd\xbf\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5\xf7\xeb\xff" "\xf5\xff\xac\x1b\xad\xff\xcf\xdd\xff\xab\xb8\xa5\xc9\xfe\x07\x00\x00" "\x80\x0e\x72\xf7\xff\x3a\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x7f" "\x13\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xbf\x8d\x5b\x9a\xec\x7f" "\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf7\x49\xff\xaf\xff\x5f" "\xa2\xff\xd7\xff\x6f\xf9\xfd\xfa\x7f\xfd\x3f\xeb\x46\xeb\xff\x73\xf7" "\xff\x2e\x6e\x69\xb2\xff\x01\x00\x00\xa0\x83\xdc\xfd\xbf\x8f\x5b\xec" "\x7f\x00\x00\x00\x98\x46\xee\xfe\x3f\xc4\x2d\xf6\x3f\x00\x00\x00\x4c" "\x23\x77\xff\x1f\xe3\x96\x26\xfb\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf5" "\xff\xfa\xff\x7d\xd2\xff\xeb\xff\x97\xe8\xff\xf5\xff\x5b\x7e\xbf\xfe" "\x5f\xff\xcf\xba\xd1\xfa\xff\xdc\xfd\x37\xc7\x2d\x4d\xf6\x3f\x00\x00" "\x00\x74\x90\xbb\xff\x4f\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff" "\xe7\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xbf\x25\x6e\x69\xb2\xff" "\xf5\xff\xfa\xff\x29\xfb\xff\xeb\xf4\xff\xfa\x7f\xfd\xff\x28\xf4\xff" "\xfa\xff\x25\xfa\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe" "\x3f\x77\xff\x5f\xe2\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\xd7" "\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xff\x5b\xdc\x62\xff\x03\x00" "\x00\xc0\x34\x72\xf7\xff\x3d\x6e\x69\xb2\xff\xf5\xff\xfa\xff\x29\xfb" "\x7f\xdf\xff\xd7\xff\xeb\xff\x87\xa1\xff\xd7\xff\x2f\xd1\xff\xeb\xff" "\xb7\xfc\x7e\xfd\xbf\xfe\x9f\x75\xa3\xf5\xff\xb9\xfb\xff\x11\xb7\x34" "\xd9\xff\x00\x00\x00\xd0\x41\xee\xfe\x7f\xc6\x2d\xf6\x3f\x00\x00\x00" "\x4c\x23\x77\xff\xbf\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\xdf" "\x71\x4b\x93\xfd\xaf\xff\xbf\xec\xfe\x7f\xb1\xc9\xd4\xff\x1f\xff\x7e" "\xfd\xff\x6d\x7f\xce\x4d\xf7\xdd\x5d\xf0\xfb\xf5\xff\x47\xf4\xff\xfa" "\xff\xb3\xa0\xff\xd7\xff\xef\xf4\xff\xa7\x76\xe8\x7e\x7e\xeb\xef\xd7" "\xff\xeb\xff\x59\x37\x5a\xff\x9f\xbb\xff\x3f\x71\x4b\x93\xfd\x0f\x00" "\x00\x00\x1d\xe4\xee\xff\x6f\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7" "\xdf\x1a\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xff\x8b\x5b\x9a\xec" "\x7f\xfd\xbf\xef\xff\xeb\xff\x7d\xff\x5f\xff\xaf\xff\xdf\x27\xfd\xbf" "\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5\xf7\xeb\xff\xf5\xff\xac\x1b\xad\xff" "\xcf\xdd\xff\xff\x00\x00\x00\xff\xff\xfd\x4a\x32\xe9", 24306); syz_mount_image(/*fs=*/0x200000000000, /*dir=*/0x2000000004c0, /*flags=MS_LAZYTIME|MS_REC|MS_NODEV*/ 0x2004004, /*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x5ef2, /*img=*/0x200000010140); break; case 1: memcpy((void*)0x200000000300, "./file1\000", 8); res = syscall( __NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000300ul, /*flags=O_NOATIME|O_DIRECT|O_CREAT|O_CLOEXEC|0x2*/ 0xc4042, /*mode=S_IXOTH|S_IWOTH|S_IROTH|S_IXGRP|S_IWGRP|S_IRGRP|S_IXUSR|S_IWUSR|0x100*/ 0x1ff); if (res != -1) r[0] = res; break; case 2: memcpy((void*)0x200000000040, "/dev/nullb0\000", 12); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000040ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[1] = res; break; case 3: syscall(__NR_sendfile, /*fdout=*/r[0], /*fdin=*/r[1], /*off=*/0ul, /*count=*/0xfffe82ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; for (procid = 0; procid < 5; procid++) { if (fork() == 0) { use_temporary_dir(); loop(); } } sleep(1000000); return 0; } =================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
0
0 0

Potential Linux Crash: possible deadlock in kernfs_unlink_sibling in linux6.12.24(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " possible deadlock in kernfs_unlink_sibling " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025). (The latest version of 6.12 is 6.12-25 at present. However, after comparison, I found that there seems to be no fix for this bug in the latest version.) Unfortunately, I am unable to reproduce this bug. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com> The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 ------------[ cut here ]----------------------------------------- TITLE: possible deadlock in kernfs_unlink_sibling ------------[ cut here ]------------ ====================================================== ====================================================== WARNING: possible circular locking dependency detected 6.12.24 #3 Not tainted ------------------------------------------------------ syz-executor/42274 is trying to acquire lock: ffff88801bae51e0 (&root->kernfs_iattr_rwsem){++++}-{3:3}, at: kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413 but task is already holding lock: ffff88801bae5148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x89/0x130 fs/kernfs/dir.c:1689 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #13 (&root->kernfs_rwsem){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 kernfs_add_one+0xac/0x530 fs/kernfs/dir.c:778 kernfs_create_dir_ns+0xfa/0x160 fs/kernfs/dir.c:1071 internal_create_group+0x338/0xeb0 fs/sysfs/group.c:167 cpuhp_invoke_callback+0x3d2/0x9d0 kernel/cpu.c:194 cpuhp_issue_call+0x1c1/0x8d0 kernel/cpu.c:2370 __cpuhp_setup_state_cpuslocked+0x400/0x700 kernel/cpu.c:2516 __cpuhp_setup_state+0x106/0x320 kernel/cpu.c:2545 do_one_initcall+0x10e/0x6d0 init/main.c:1269 do_initcall_level init/main.c:1331 [inline] do_initcalls init/main.c:1347 [inline] do_basic_setup init/main.c:1366 [inline] kernel_init_freeable+0x5ae/0x8a0 init/main.c:1580 kernel_init+0x1e/0x2d0 init/main.c:1469 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #12 (cpuhp_state_mutex){+.+.}-{3:3}: -> #11 (cpu_hotplug_lock){++++}-{0:0}: percpu_down_read include/linux/percpu-rwsem.h:51 [inline] cpus_read_lock+0x42/0x160 kernel/cpu.c:490 __static_call_update+0x8b/0x630 kernel/static_call_inline.c:139 tracepoint_update_call kernel/tracepoint.c:317 [inline] tracepoint_add_func+0xa18/0xe50 kernel/tracepoint.c:358 tracepoint_probe_register_prio kernel/tracepoint.c:511 [inline] tracepoint_probe_register+0xa5/0xf0 kernel/tracepoint.c:531 register_trace_sched_wakeup include/trace/events/sched.h:178 [inline] tracing_sched_register kernel/trace/trace_sched_switch.c:56 [inline] tracing_start_sched_switch+0x97/0x1e0 kernel/trace/trace_sched_switch.c:110 __ftrace_event_enable_disable+0x68b/0x8a0 kernel/trace/trace_events.c:831 ftrace_event_enable_disable kernel/trace/trace_events.c:871 [inline] __ftrace_set_clr_event_nolock+0x29b/0x390 kernel/trace/trace_events.c:1200 __ftrace_set_clr_event kernel/trace/trace_events.c:1222 [inline] trace_set_clr_event+0xec/0x150 kernel/trace/trace_events.c:1287 __set_printk_clr_event kernel/trace/bpf_trace.c:416 [inline] bpf_get_trace_printk_proto+0x22/0x90 kernel/trace/bpf_trace.c:422 bpf_base_func_proto+0x9d6/0xbb0 kernel/bpf/helpers.c:2024 bpf_sk_base_func_proto+0x167/0x190 net/core/filter.c:11925 tc_cls_act_func_proto+0x506/0x510 net/core/filter.c:8289 get_helper_proto kernel/bpf/verifier.c:10430 [inline] mark_fastcall_pattern_for_call+0x242/0xd50 kernel/bpf/verifier.c:16305 mark_fastcall_patterns kernel/bpf/verifier.c:16416 [inline] bpf_check+0x85e6/0xb370 kernel/bpf/verifier.c:22458 bpf_prog_load+0x14d9/0x25d0 kernel/bpf/syscall.c:2847 __sys_bpf+0x1711/0x4f20 kernel/bpf/syscall.c:5667 __do_sys_bpf kernel/bpf/syscall.c:5774 [inline] __se_sys_bpf kernel/bpf/syscall.c:5772 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5772 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #10 (tracepoints_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 tracepoint_probe_register_prio kernel/tracepoint.c:507 [inline] tracepoint_probe_register+0x7c/0xf0 kernel/tracepoint.c:531 register_trace_block_rq_insert include/trace/events/block.h:238 [inline] blk_register_tracepoints+0x1b/0x3c0 kernel/trace/blktrace.c:1094 get_probe_ref kernel/trace/blktrace.c:337 [inline] do_blk_trace_setup+0x98a/0xbc0 kernel/trace/blktrace.c:611 __blk_trace_setup+0xca/0x180 kernel/trace/blktrace.c:630 blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648 sg_ioctl_common drivers/scsi/sg.c:1114 [inline] sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #9 (blk_probe_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 get_probe_ref kernel/trace/blktrace.c:335 [inline] do_blk_trace_setup+0x797/0xbc0 kernel/trace/blktrace.c:611 __blk_trace_setup+0xca/0x180 kernel/trace/blktrace.c:630 blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648 sg_ioctl_common drivers/scsi/sg.c:1114 [inline] sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #8 (&q->debugfs_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 blk_mq_init_sched+0x436/0x650 block/blk-mq-sched.c:473 elevator_init_mq+0x2cc/0x420 block/elevator.c:610 device_add_disk+0x10e/0x12f0 block/genhd.c:411 sd_probe+0xa0e/0xf80 drivers/scsi/sd.c:4024 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #7 (&q->q_usage_counter(queue)#51){++++}-{0:0}: blk_queue_enter+0x4d0/0x600 block/blk-core.c:328 blk_mq_alloc_request+0x422/0x9c0 block/blk-mq.c:680 scsi_alloc_request drivers/scsi/scsi_lib.c:1227 [inline] scsi_execute_cmd+0x1fe/0xf20 drivers/scsi/scsi_lib.c:304 read_capacity_16+0x1f2/0xe60 drivers/scsi/sd.c:2655 sd_read_capacity drivers/scsi/sd.c:2824 [inline] sd_revalidate_disk.isra.0+0x1989/0xa440 drivers/scsi/sd.c:3734 sd_probe+0x887/0xf80 drivers/scsi/sd.c:4010 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #6 (&q->limits_lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 queue_limits_start_update include/linux/blkdev.h:935 [inline] loop_reconfigure_limits+0x1f2/0x960 drivers/block/loop.c:1004 loop_set_block_size drivers/block/loop.c:1474 [inline] lo_simple_ioctl drivers/block/loop.c:1497 [inline] lo_ioctl+0xb92/0x1870 drivers/block/loop.c:1560 blkdev_ioctl+0x27b/0x6c0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #5 (&q->q_usage_counter(io)#19){++++}-{0:0}: bio_queue_enter block/blk.h:76 [inline] blk_mq_submit_bio+0x2167/0x2b70 block/blk-mq.c:3090 __submit_bio+0x399/0x630 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:716 [inline] submit_bio_noacct_nocheck+0x6c3/0xd00 block/blk-core.c:745 submit_bio_noacct+0x57a/0x1fa0 block/blk-core.c:868 nilfs_btnode_submit_block+0x58a/0x6e0 fs/nilfs2/btnode.c:139 __nilfs_btree_get_block+0x10b/0x6b0 fs/nilfs2/btree.c:481 nilfs_btree_do_lookup+0x3ea/0x8e0 fs/nilfs2/btree.c:579 nilfs_btree_lookup+0x4b/0x110 fs/nilfs2/btree.c:696 nilfs_bmap_lookup_at_level+0xd4/0x460 fs/nilfs2/bmap.c:69 nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline] nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141 nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175 nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250 nilfs_palloc_get_block+0xc0/0x310 fs/nilfs2/alloc.c:217 nilfs_palloc_get_entry_block+0x16b/0x1d0 fs/nilfs2/alloc.c:319 nilfs_dat_translate+0x82/0x3b0 fs/nilfs2/dat.c:413 nilfs_bmap_lookup_at_level+0x250/0x460 fs/nilfs2/bmap.c:74 nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline] nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141 nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175 nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250 nilfs_sufile_read+0x20f/0x5f0 fs/nilfs2/sufile.c:1254 nilfs_load_super_root fs/nilfs2/the_nilfs.c:128 [inline] load_nilfs+0x69d/0x1300 fs/nilfs2/the_nilfs.c:299 nilfs_fill_super fs/nilfs2/super.c:1067 [inline] nilfs_get_tree+0xa62/0x10d0 fs/nilfs2/super.c:1220 vfs_get_tree+0x94/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3512 [inline] path_mount+0x6b2/0x1ea0 fs/namespace.c:3839 do_mount fs/namespace.c:3852 [inline] __do_sys_mount fs/namespace.c:4062 [inline] __se_sys_mount fs/namespace.c:4039 [inline] __x64_sys_mount+0x284/0x310 fs/namespace.c:4039 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #4 (&nilfs_bmap_dat_lock_key){++++}-{3:3}: down_read+0x9a/0x330 kernel/locking/rwsem.c:1524 nilfs_bmap_lookup_at_level+0x7f/0x460 fs/nilfs2/bmap.c:68 nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline] nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141 nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175 nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250 nilfs_palloc_get_block+0xc0/0x310 fs/nilfs2/alloc.c:217 nilfs_palloc_get_entry_block+0x16b/0x1d0 fs/nilfs2/alloc.c:319 nilfs_dat_translate+0x82/0x3b0 fs/nilfs2/dat.c:413 nilfs_direct_lookup_contig+0x294/0x330 fs/nilfs2/direct.c:67 nilfs_bmap_lookup_contig+0x89/0x190 fs/nilfs2/bmap.c:100 nilfs_get_block+0x1fc/0xa70 fs/nilfs2/inode.c:82 do_mpage_readpage+0x6e2/0x16a0 fs/mpage.c:225 mpage_readahead+0x344/0x580 fs/mpage.c:374 read_pages+0x19b/0xd50 mm/readahead.c:160 page_cache_ra_unbounded+0x3ac/0x680 mm/readahead.c:290 do_page_cache_ra mm/readahead.c:320 [inline] page_cache_ra_order+0x8ee/0xb70 mm/readahead.c:519 page_cache_sync_ra+0x4e3/0x9e0 mm/readahead.c:607 page_cache_sync_readahead include/linux/pagemap.h:1394 [inline] filemap_get_pages+0x327/0x19f0 mm/filemap.c:2558 filemap_read+0x3a2/0xc70 mm/filemap.c:2656 generic_file_read_iter+0x349/0x450 mm/filemap.c:2844 __kernel_read+0x3c6/0xb20 fs/read_write.c:527 integrity_kernel_read+0x7f/0xb0 security/integrity/iint.c:28 ima_calc_file_hash_tfm+0x2bd/0x3c0 security/integrity/ima/ima_crypto.c:480 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline] ima_calc_file_hash+0x1b5/0x490 security/integrity/ima/ima_crypto.c:568 ima_collect_measurement+0x86c/0xa20 security/integrity/ima/ima_api.c:293 process_measurement+0xff9/0x1fb0 security/integrity/ima/ima_main.c:383 ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:583 security_file_post_open+0x95/0x230 security/security.c:3129 do_open fs/namei.c:3776 [inline] path_openat+0x14d8/0x2960 fs/namei.c:3933 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x140/0x1f0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #3 (&bmap->b_sem){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 nilfs_bmap_clear+0x1c/0xa0 fs/nilfs2/bmap.c:319 nilfs_clear_inode+0x21c/0x330 fs/nilfs2/inode.c:869 nilfs_evict_inode+0x3c1/0x530 fs/nilfs2/inode.c:889 evict+0x3ef/0x940 fs/inode.c:725 dispose_list+0x117/0x1e0 fs/inode.c:774 prune_icache_sb+0xeb/0x150 fs/inode.c:963 super_cache_scan+0x37f/0x570 fs/super.c:223 do_shrink_slab+0x44b/0x1190 mm/shrinker.c:437 shrink_slab_memcg mm/shrinker.c:550 [inline] shrink_slab+0xb61/0x12a0 mm/shrinker.c:628 shrink_one+0x4ad/0x7c0 mm/vmscan.c:4835 shrink_many mm/vmscan.c:4896 [inline] lru_gen_shrink_node mm/vmscan.c:4974 [inline] shrink_node+0x2420/0x3890 mm/vmscan.c:5954 kswapd_shrink_node mm/vmscan.c:6782 [inline] balance_pgdat+0xbe5/0x18c0 mm/vmscan.c:6974 kswapd+0x702/0xd50 mm/vmscan.c:7243 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #2 (fs_reclaim){+.+.}-{0:0}: __fs_reclaim_acquire mm/page_alloc.c:3853 [inline] fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867 might_alloc include/linux/sched/mm.h:318 [inline] slab_pre_alloc_hook mm/slub.c:4058 [inline] slab_alloc_node mm/slub.c:4136 [inline] kmem_cache_alloc_noprof+0x4e/0x2f0 mm/slub.c:4163 __kernfs_iattrs+0xbc/0x3f0 fs/kernfs/inode.c:37 kernfs_iattrs fs/kernfs/inode.c:60 [inline] kernfs_xattr_set fs/kernfs/inode.c:309 [inline] kernfs_vfs_xattr_set+0x5d/0xe0 fs/kernfs/inode.c:340 __vfs_setxattr+0x173/0x1e0 fs/xattr.c:200 __vfs_setxattr_noperm+0x129/0x670 fs/xattr.c:234 __vfs_setxattr_locked+0x1d7/0x260 fs/xattr.c:295 vfs_setxattr+0x143/0x360 fs/xattr.c:321 do_setxattr+0x171/0x1e0 fs/xattr.c:629 path_setxattr+0x202/0x260 fs/xattr.c:658 __do_sys_setxattr fs/xattr.c:676 [inline] __se_sys_setxattr fs/xattr.c:672 [inline] __x64_sys_setxattr+0xc4/0x160 fs/xattr.c:672 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (iattr_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 __kernfs_iattrs+0x2b/0x3f0 fs/kernfs/inode.c:32 kernfs_iattrs fs/kernfs/inode.c:60 [inline] __kernfs_setattr+0x4d/0x3d0 fs/kernfs/inode.c:73 kernfs_iop_setattr+0x12b/0x190 fs/kernfs/inode.c:127 notify_change+0x6d3/0x1280 fs/attr.c:503 do_truncate+0x143/0x200 fs/open.c:65 handle_truncate fs/namei.c:3395 [inline] do_open fs/namei.c:3778 [inline] path_openat+0x22b6/0x2960 fs/namei.c:3933 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x140/0x1f0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&root->kernfs_iattr_rwsem){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 down_write+0x92/0x200 kernel/locking/rwsem.c:1577 kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413 __kernfs_remove+0x2b3/0x670 fs/kernfs/dir.c:1492 kernfs_remove_by_name_ns+0xb4/0x130 fs/kernfs/dir.c:1694 kernfs_remove_by_name include/linux/kernfs.h:625 [inline] remove_files+0x96/0x1c0 fs/sysfs/group.c:28 sysfs_remove_group+0x8b/0x180 fs/sysfs/group.c:319 sysfs_remove_groups fs/sysfs/group.c:343 [inline] sysfs_remove_groups+0x60/0xa0 fs/sysfs/group.c:335 __kobject_del+0x89/0x1f0 lib/kobject.c:595 kobject_cleanup lib/kobject.c:680 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2e5/0x4c0 lib/kobject.c:737 net_rx_queue_update_kobjects+0x4d4/0x640 net/core/net-sysfs.c:1178 remove_queue_kobjects net/core/net-sysfs.c:1953 [inline] netdev_unregister_kobject+0x150/0x270 net/core/net-sysfs.c:2107 unregister_netdevice_many_notify+0x1202/0x1ce0 net/core/dev.c:11503 unregister_netdevice_many net/core/dev.c:11531 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11405 unregister_netdevice include/linux/netdevice.h:3126 [inline] nsim_destroy+0x102/0x6c0 drivers/net/netdevsim/netdev.c:778 __nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428 nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline] nsim_dev_reload_destroy+0x105/0x490 drivers/net/netdevsim/dev.c:1661 nsim_drv_remove+0x52/0x1d0 drivers/net/netdevsim/dev.c:1676 device_remove+0xc8/0x170 drivers/base/dd.c:567 __device_release_driver drivers/base/dd.c:1273 [inline] device_release_driver_internal+0x443/0x620 drivers/base/dd.c:1296 bus_remove_device+0x22f/0x420 drivers/base/bus.c:576 device_del+0x395/0x9d0 drivers/base/core.c:3855 device_unregister+0x1e/0xc0 drivers/base/core.c:3896 nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline] del_device_store+0x34e/0x4b0 drivers/net/netdevsim/bus.c:226 bus_attr_store+0x71/0xb0 drivers/base/bus.c:172 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x335/0x500 fs/kernfs/file.c:334 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xbfc/0x10d0 fs/read_write.c:683 ksys_write+0x122/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&root->kernfs_rwsem); lock(cpuhp_state_mutex); lock(&root->kernfs_rwsem); lock(&root->kernfs_iattr_rwsem); *** DEADLOCK *** 8 locks held by syz-executor/42274: #0: ffff8880454fe420 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x122/0x250 fs/read_write.c:736 #1: ffff88806a42d488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x27a/0x500 fs/kernfs/file.c:325 #2: ffff888043faf0f8 (kn->active#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326 #3: ffffffff8f280da8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xc9/0x4b0 drivers/net/netdevsim/bus.c:216 #4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline] #4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline] #4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x620 drivers/base/dd.c:1293 #5: ffff88801fc9d250 (&devlink->lock_key#42){+.+.}-{3:3}, at: nsim_drv_remove+0x4a/0x1d0 drivers/net/netdevsim/dev.c:1675 #6: ffffffff8fce93a8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x6b/0x6c0 drivers/net/netdevsim/netdev.c:773 #7: ffff88801bae5148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x89/0x130 fs/kernfs/dir.c:1689 stack backtrace: CPU: 1 UID: 0 PID: 42274 Comm: syz-executor Not tainted 6.12.24 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074 check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 down_write+0x92/0x200 kernel/locking/rwsem.c:1577 kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413 __kernfs_remove+0x2b3/0x670 fs/kernfs/dir.c:1492 kernfs_remove_by_name_ns+0xb4/0x130 fs/kernfs/dir.c:1694 kernfs_remove_by_name include/linux/kernfs.h:625 [inline] remove_files+0x96/0x1c0 fs/sysfs/group.c:28 sysfs_remove_group+0x8b/0x180 fs/sysfs/group.c:319 sysfs_remove_groups fs/sysfs/group.c:343 [inline] sysfs_remove_groups+0x60/0xa0 fs/sysfs/group.c:335 __kobject_del+0x89/0x1f0 lib/kobject.c:595 kobject_cleanup lib/kobject.c:680 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2e5/0x4c0 lib/kobject.c:737 net_rx_queue_update_kobjects+0x4d4/0x640 net/core/net-sysfs.c:1178 remove_queue_kobjects net/core/net-sysfs.c:1953 [inline] netdev_unregister_kobject+0x150/0x270 net/core/net-sysfs.c:2107 unregister_netdevice_many_notify+0x1202/0x1ce0 net/core/dev.c:11503 unregister_netdevice_many net/core/dev.c:11531 [inline] unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11405 unregister_netdevice include/linux/netdevice.h:3126 [inline] nsim_destroy+0x102/0x6c0 drivers/net/netdevsim/netdev.c:778 __nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428 nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline] nsim_dev_reload_destroy+0x105/0x490 drivers/net/netdevsim/dev.c:1661 nsim_drv_remove+0x52/0x1d0 drivers/net/netdevsim/dev.c:1676 device_remove+0xc8/0x170 drivers/base/dd.c:567 __device_release_driver drivers/base/dd.c:1273 [inline] device_release_driver_internal+0x443/0x620 drivers/base/dd.c:1296 bus_remove_device+0x22f/0x420 drivers/base/bus.c:576 device_del+0x395/0x9d0 drivers/base/core.c:3855 device_unregister+0x1e/0xc0 drivers/base/core.c:3896 nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline] del_device_store+0x34e/0x4b0 drivers/net/netdevsim/bus.c:226 bus_attr_store+0x71/0xb0 drivers/base/bus.c:172 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x335/0x500 fs/kernfs/file.c:334 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xbfc/0x10d0 fs/read_write.c:683 ksys_write+0x122/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb2b1ac01f Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 79 0d 03 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 bc 0d 03 00 48 RSP: 002b:00007ffdd4ed8e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007feb2b1ac01f RDX: 0000000000000001 RSI: 00007ffdd4ed8ec0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000000 R09: 00007ffdd4ed8e10 R10: 0000000000000000 R11: 0000000000000293 R12: 00007feb2b247e34 R13: 00007ffdd4ed8ec0 R14: 0000000000000000 R15: 00007ffdd4ed9aa0 </TASK> netdevsim netdevsim4 netdevsim0: renamed from eth0 netdevsim netdevsim4 netdevsim1: renamed from eth1 netdevsim netdevsim4 netdevsim2: renamed from eth2 netdevsim netdevsim4 netdevsim3: renamed from eth3 8021q: adding VLAN 0 to HW filter on device bond0 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device batadv0 veth0_vlan: entered promiscuous mode veth1_vlan: entered promiscuous mode veth0_macvtap: entered promiscuous mode veth1_macvtap: entered promiscuous mode batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: batadv0: Interface activated: batadv_slave_0 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: batadv0: Interface activated: batadv_slave_1 netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 ieee80211 phy54: Selected rate control algorithm 'minstrel_ht' ieee80211 phy55: Selected rate control algorithm 'minstrel_ht' ================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
0
0 0

Re: Patch "lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP" has been added to the 6.14-stable tree

by Kees Cook

On April 26, 2025 6:25:09 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP > >to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > >The filename of the patch is: > lib-kconfig.ubsan-remove-default-ubsan-from-ubsan_in.patch >and it can be found in the queue-6.14 subdirectory. > >If you, or anyone else, feels it should not be added to the stable tree, >please let <stable(a)vger.kernel.org> know about it. Please drop this; it's fixing the other patch that should not be backported. :) -Kees -- Kees Cook

6 months, 3 weeks

3
5
0 0

[PATCH] securityfs: fix missing of d_delete() in securityfs_remove()

by alexjlzheng＠gmail.com

From: Jinliang Zheng <alexjlzheng(a)tencent.com> Consider the following module code: static struct dentry *dentry; static int __init securityfs_test_init(void) { dentry = securityfs_create_dir("standon", NULL); return PTR_ERR(dentry); } static void __exit securityfs_test_exit(void) { securityfs_remove(dentry); } module_init(securityfs_test_init); module_exit(securityfs_test_exit); and then: insmod /path/to/thismodule cd /sys/kernel/security/standon <- we hold 'standon' rmmod thismodule <- 'standon' don't go away insmod /path/to/thismodule <- Failed: File exists! Fix this by adding d_delete() in securityfs_remove(). Fixes: b67dbf9d4c198 ("[PATCH] add securityfs for all LSMs to use") Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com> Cc: <stable(a)vger.kernel.org> --- security/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/inode.c b/security/inode.c index da3ab44c8e57..d99baf26350a 100644 --- a/security/inode.c +++ b/security/inode.c @@ -306,6 +306,7 @@ void securityfs_remove(struct dentry *dentry) simple_rmdir(dir, dentry); else simple_unlink(dir, dentry); + d_delete(dentry); dput(dentry); } inode_unlock(dir); -- 2.49.0

6 months, 3 weeks

4
4
0 0

Re: Patch "lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP" has been added to the 6.12-stable tree

by Kees Cook

On April 26, 2025 6:27:11 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP > >to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > >The filename of the patch is: > lib-kconfig.ubsan-remove-default-ubsan-from-ubsan_in.patch >and it can be found in the queue-6.12 subdirectory. > >If you, or anyone else, feels it should not be added to the stable tree, >please let <stable(a)vger.kernel.org> know about it. And this too; please drop. :) -Kees -- Kees Cook

6 months, 3 weeks

1
0
0 0

Re: Patch "ubsan/overflow: Rework integer overflow sanitizer option to turn on everything" has been added to the 6.12-stable tree

by Kees Cook

On April 26, 2025 6:27:07 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > ubsan/overflow: Rework integer overflow sanitizer option to turn on everything > >to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > >The filename of the patch is: > ubsan-overflow-rework-integer-overflow-sanitizer-opt.patch >and it can be found in the queue-6.12 subdirectory. > >If you, or anyone else, feels it should not be added to the stable tree, >please let <stable(a)vger.kernel.org> know about it. Same as the other email; please drop. -Kees -- Kees Cook

6 months, 3 weeks

1
0
0 0

Re: Patch "ubsan/overflow: Rework integer overflow sanitizer option to turn on everything" has been added to the 6.14-stable tree

by Kees Cook

On April 26, 2025 6:25:06 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > ubsan/overflow: Rework integer overflow sanitizer option to turn on everything > >to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > >The filename of the patch is: > ubsan-overflow-rework-integer-overflow-sanitizer-opt.patch >and it can be found in the queue-6.14 subdirectory. > >If you, or anyone else, feels it should not be added to the stable tree, >please let <stable(a)vger.kernel.org> know about it. Please drop this; it is a config change and should not be backported. -Kees -- Kees Cook

6 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041736-abrasion-yonder-b301@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 2 Apr 2025 22:36:21 +0200 Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5..4904b831c0a7 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags);

6 months, 3 weeks

3
2
0 0

[PATCH stable 6.12 0/4] Fix xdp_devmap_attach failure in BPF selftests

by Shung-Hsi Yu

This patchset backport commit to fix BPF selftests failure in stable 6.12 since commit 972bafed67ca ("bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()"), which is backport of upstream commit 6b3d638ca897. The fix needed is upstream commit c7f2188d68c1 ("selftests/bpf: Adjust data size to have ETH_HLEN"), which in turn depends on upstream commit d5fbcf46ee82 "selftests/bpf: make xdp_cpumap_attach keep redirect prog attached". Latter is part of "selftests/bpf: add coverage for xdp_features in test_progs"[1], and I opt to backport the series entirely since it adds coverage. With these patches the xdp_devmap_attach no longer fails[2]. BPF selftests failure log below for completeness. See [3] for the raw log. Error: #566 xdp_devmap_attach Error: #566/1 xdp_devmap_attach/DEVMAP with programs in entries test_xdp_with_devmap_helpers:PASS:ip netns add devmap_attach_ns 0 nsec test_xdp_with_devmap_helpers:PASS:open_netns 0 nsec test_xdp_with_devmap_helpers:PASS:ip link set dev lo up 0 nsec test_xdp_with_devmap_helpers:PASS:test_xdp_with_devmap_helpers__open_and_load 0 nsec test_xdp_with_devmap_helpers:PASS:Generic attach of program with 8-byte devmap 0 nsec test_xdp_with_devmap_helpers:PASS:bpf_prog_get_info_by_fd 0 nsec test_xdp_with_devmap_helpers:PASS:Add program to devmap entry 0 nsec test_xdp_with_devmap_helpers:PASS:Read devmap entry 0 nsec test_xdp_with_devmap_helpers:PASS:Match program id to devmap entry prog_id 0 nsec test_xdp_with_devmap_helpers:FAIL:XDP test run unexpected error: -22 (errno 22) test_xdp_with_devmap_helpers:PASS:XDP program detach 0 nsec libbpf: Kernel error message: BPF_XDP_DEVMAP programs can not be attached to a device test_xdp_with_devmap_helpers:PASS:Attach of BPF_XDP_DEVMAP program 0 nsec test_xdp_with_devmap_helpers:PASS:Add non-BPF_XDP_DEVMAP program to devmap entry 0 nsec test_xdp_with_devmap_helpers:PASS:Add BPF_XDP program with frags to devmap entry 0 nsec Error: #566/4 xdp_devmap_attach/DEVMAP with programs in entries on veth test_xdp_with_devmap_helpers_veth:PASS:ip netns add devmap_attach_ns 0 nsec test_xdp_with_devmap_helpers_veth:PASS:open_netns 0 nsec test_xdp_with_devmap_helpers_veth:PASS:ip link add veth_src type veth peer name veth_dst 0 nsec test_xdp_with_devmap_helpers_veth:PASS:ip link set dev veth_src up 0 nsec test_xdp_with_devmap_helpers_veth:PASS:ip link set dev veth_dst up 0 nsec test_xdp_with_devmap_helpers_veth:PASS:val.ifindex 0 nsec test_xdp_with_devmap_helpers_veth:PASS:ifindex_dst 0 nsec test_xdp_with_devmap_helpers_veth:PASS:test_xdp_with_devmap_helpers__open_and_load 0 nsec test_xdp_with_devmap_helpers_veth:PASS:Attach of program with 8-byte devmap 0 nsec test_xdp_with_devmap_helpers_veth:PASS:bpf_prog_get_info_by_fd 0 nsec test_xdp_with_devmap_helpers_veth:PASS:Add program to devmap entry 0 nsec test_xdp_with_devmap_helpers_veth:PASS:Read devmap entry 0 nsec test_xdp_with_devmap_helpers_veth:PASS:Match program id to devmap entry prog_id 0 nsec test_xdp_with_devmap_helpers_veth:PASS:Attach of dummy XDP 0 nsec test_xdp_with_devmap_helpers_veth:FAIL:XDP test run unexpected error: -22 (errno 22) test_xdp_with_devmap_helpers_veth:PASS:XDP program detach 0 nsec test_xdp_with_devmap_helpers_veth:PASS:XDP program detach 0 nsec 1: https://lore.kernel.org/all/20241009-convert_xdp_tests-v3-0-51cea913710c@bo… 2: https://github.com/shunghsiyu/libbpf/actions/runs/14569651139/job/408644287… 3: https://github.com/shunghsiyu/libbpf/actions/runs/14562221313/job/408469275… Alexis Lothoré (eBPF Foundation) (3): selftests/bpf: fix bpf_map_redirect call for cpu map test selftests/bpf: make xdp_cpumap_attach keep redirect prog attached selftests/bpf: check program redirect in xdp_cpumap_attach Shigeru Yoshida (1): selftests/bpf: Adjust data size to have ETH_HLEN .../bpf/prog_tests/xdp_cpumap_attach.c | 44 +++++++++++++++---- .../bpf/prog_tests/xdp_devmap_attach.c | 8 ++-- .../bpf/progs/test_xdp_with_cpumap_helpers.c | 7 ++- 3 files changed, 46 insertions(+), 13 deletions(-) -- 2.49.0

6 months, 3 weeks

2
8
0 0

FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041737-impart-slacker-8722@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 2 Apr 2025 22:36:21 +0200 Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5..4904b831c0a7 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags);

6 months, 3 weeks

3
2
0 0

[PATCH stable 6.12 6.14 1/1] selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure

by Shung-Hsi Yu

From: Ihor Solodrai <ihor.solodrai(a)linux.dev> commit 5071a1e606b30c0c11278d3c6620cd6a24724cf6 upstream. "sockmap_ktls disconnect_after_delete" test has been failing on BPF CI after recent merges from netdev: * https://github.com/kernel-patches/bpf/actions/runs/14458537639 * https://github.com/kernel-patches/bpf/actions/runs/14457178732 It happens because disconnect has been disabled for TLS [1], and it renders the test case invalid. Removing all the test code creates a conflict between bpf and bpf-next, so for now only remove the offending assert [2]. The test will be removed later on bpf-next. [1] https://lore.kernel.org/netdev/20250404180334.3224206-1-kuba@kernel.org/ [2] https://lore.kernel.org/bpf/cfc371285323e1a3f3b006bfcf74e6cf7ad65258@linux.… Signed-off-by: Ihor Solodrai <ihor.solodrai(a)linux.dev> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Reviewed-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Link: https://lore.kernel.org/bpf/20250416170246.2438524-1-ihor.solodrai@linux.dev [ shung-hsi.yu: needed because upstream commit 5071a1e606b3 ("net: tls: explicitly disallow disconnect") is backported ] Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c b/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c index 2d0796314862..0a99fd404f6d 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c @@ -68,7 +68,6 @@ static void test_sockmap_ktls_disconnect_after_delete(int family, int map) goto close_cli; err = disconnect(cli); - ASSERT_OK(err, "disconnect"); close_cli: close(cli); -- 2.49.0

6 months, 3 weeks

3
5
0 0

[PATCH 5.10.y] perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> [ Upstream commit 96a720db59ab330c8562b2437153faa45dac705f ] (The existing patch in queue-5.10 was wrong. queue-5.10/perf-x86-intel-uncore-fix-the-scale-of-iio-free-running-counters-on-snr.patch It's supposed to change the array snr_uncore_iio_freerunning_events[] rather than icx_uncore_iio_freerunning_events[]. Send the patch to replace the wrong one. With this fix the https://lore.kernel.org/stable/2025042139-protector-rickety-a72d@gregkh/ can be applied then.) There was a mistake in the SNR uncore spec. The counter increments for every 32 bytes of data sent from the IO agent to the SOC, not 4 bytes which was documented in the spec. The event list has been updated: "EventName": "UNC_IIO_BANDWIDTH_IN.PART0_FREERUN", "BriefDescription": "Free running counter that increments for every 32 bytes of data sent from the IO agent to the SOC", Update the scale of the IIO bandwidth in free running counters as well. Fixes: 210cc5f9db7a ("perf/x86/intel/uncore: Add uncore support for Snow Ridge server") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Peter Zijlstra <a.p.zijlstra(a)chello.nl> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250416142426.3933977-1-kan.liang@linux.intel.com --- arch/x86/events/intel/uncore_snbep.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index ad084a5a1463..dd70a6b7879b 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -4487,28 +4487,28 @@ static struct uncore_event_desc snr_uncore_iio_freerunning_events[] = { INTEL_UNCORE_EVENT_DESC(ioclk, "event=0xff,umask=0x10"), /* Free-Running IIO BANDWIDTH IN Counters */ INTEL_UNCORE_EVENT_DESC(bw_in_port0, "event=0xff,umask=0x20"), - INTEL_UNCORE_EVENT_DESC(bw_in_port0.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port0.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port0.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port1, "event=0xff,umask=0x21"), - INTEL_UNCORE_EVENT_DESC(bw_in_port1.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port1.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port1.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port2, "event=0xff,umask=0x22"), - INTEL_UNCORE_EVENT_DESC(bw_in_port2.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port2.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port2.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port3, "event=0xff,umask=0x23"), - INTEL_UNCORE_EVENT_DESC(bw_in_port3.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port3.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port3.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port4, "event=0xff,umask=0x24"), - INTEL_UNCORE_EVENT_DESC(bw_in_port4.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port4.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port4.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port5, "event=0xff,umask=0x25"), - INTEL_UNCORE_EVENT_DESC(bw_in_port5.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port5.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port5.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port6, "event=0xff,umask=0x26"), - INTEL_UNCORE_EVENT_DESC(bw_in_port6.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port6.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port6.unit, "MiB"), INTEL_UNCORE_EVENT_DESC(bw_in_port7, "event=0xff,umask=0x27"), - INTEL_UNCORE_EVENT_DESC(bw_in_port7.scale, "3.814697266e-6"), + INTEL_UNCORE_EVENT_DESC(bw_in_port7.scale, "3.0517578125e-5"), INTEL_UNCORE_EVENT_DESC(bw_in_port7.unit, "MiB"), { /* end: all zeroes */ }, }; -- 2.38.1

6 months, 3 weeks

2
1
0 0

[PATCH 6.1.y] of: module: add buffer overflow check in of_modalias()

by Uwe Kleine-König

From: Sergey Shtylyov <s.shtylyov(a)omp.ru> [ Upstream commit cf7385cb26ac4f0ee6c7385960525ad534323252 ] In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings") Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru> Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org> --- Hello, commit cf7385cb26ac4f0ee6c7385960525ad534323252 was already backported to stable/linux-6.6.y as commit 0b0d5701a8bf02f8fee037e81aacf6746558bfd6. In 6.1 the function to fix is in a different file and differently named since v6.1 lacks commits 5c3d15e127eb ("of: Update of_device_get_modalias()") and bd7a7ed774af ("of: Move of_modalias() to module.c") This is the respective backport to 6.1. Looking into that commit was triggered by https://bugs.debian.org/1103277 and my backport is identical to this bug's reporter's. Thanks for considering it for the next 6.1.y update. Best regards Uwe drivers/of/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/of/device.c b/drivers/of/device.c index ce225d2590b5..91d92bfe5735 100644 --- a/drivers/of/device.c +++ b/drivers/of/device.c @@ -264,14 +264,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T', of_node_get_device_type(dev->of_node)); tsize = csize; + if (csize >= len) + csize = len > 0 ? len - 1 : 0; len -= csize; - if (str) - str += csize; + str += csize; of_property_for_each_string(dev->of_node, "compatible", p, compat) { csize = strlen(compat) + 1; tsize += csize; - if (csize > len) + if (csize >= len) continue; csize = snprintf(str, len, "C%s", compat); base-commit: 535ec20c50273d81b2cc7985fed2108dee0e65d7 -- 2.47.2

6 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041733-cosmetics-brigade-9ed7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 2 Apr 2025 22:36:21 +0200 Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5..4904b831c0a7 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags);

6 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041734-deport-antennae-d763@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 2 Apr 2025 22:36:21 +0200 Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5..4904b831c0a7 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags);

6 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041731-release-charity-8e70@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 2 Apr 2025 22:36:21 +0200 Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues If we finds a vq without a name in our input array in virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq. Consequently, we create only a queue if it actually exists (name != NULL) and assign an incremental queue index to each such existing queue. However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we will not ignore these "non-existing queues", but instead assign an airq indicator to them. Besides never releasing them in virtio_ccw_drop_indicators() (because there is no virtqueue), the bigger issue seems to be that there will be a disagreement between the device and the Linux guest about the airq indicator to be used for notifying a queue, because the indicator bit for adapter I/O interrupt is derived from the queue index. The virtio spec states under "Setting Up Two-Stage Queue Indicators": ... indicator contains the guest address of an area wherein the indicators for the devices are contained, starting at bit_nr, one bit per virtqueue of the device. And further in "Notification via Adapter I/O Interrupts": For notifying the driver of virtqueue buffers, the device sets the bit in the guest-provided indicator area at the corresponding offset. For example, QEMU uses in virtio_ccw_notify() the queue index (passed as "vector") to select the relevant indicator bit. If a queue does not exist, it does not have a corresponding indicator bit assigned, because it effectively doesn't have a queue index. Using a virtio-balloon-ccw device under QEMU with free-page-hinting disabled ("free-page-hint=off") but free-page-reporting enabled ("free-page-reporting=on") will result in free page reporting not working as expected: in the virtio_balloon driver, we'll be stuck forever in virtballoon_free_page_report()->wait_event(), because the waitqueue will not be woken up as the notification from the device is lost: it would use the wrong indicator bit. Free page reporting stops working and we get splats (when configured to detect hung wqs) like: INFO: task kworker/1:3:463 blocked for more than 61 seconds. Not tainted 6.14.0 #4 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 [...] Workqueue: events page_reporting_process Call Trace: [<000002f404e6dfb2>] __schedule+0x402/0x1640 [<000002f404e6f22e>] schedule+0x3e/0xe0 [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon] [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740 [<000002f403fd3ee2>] process_one_work+0x1c2/0x400 [<000002f403fd4b96>] worker_thread+0x296/0x420 [<000002f403fe10b4>] kthread+0x124/0x290 [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60 [<000002f404e77272>] ret_from_fork+0xa/0x38 There was recently a discussion [1] whether the "holes" should be treated differently again, effectively assigning also non-existing queues a queue index: that should also fix the issue, but requires other workarounds to not break existing setups. Let's fix it without affecting existing setups for now by properly ignoring the non-existing queues, so the indicator bits will match the queue indexes. [1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/ Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL") Reported-by: Chandra Merla <cmerla(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: David Hildenbrand <david(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index 21fa7ac849e5..4904b831c0a7 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index) static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, u64 *first, void **airq_info) { - int i, j; + int i, j, queue_idx, highest_queue_idx = -1; struct airq_info *info; unsigned long *indicator_addr = NULL; unsigned long bit, flags; + /* Array entries without an actual queue pointer must be ignored. */ + for (i = 0; i < nvqs; i++) { + if (vqs[i]) + highest_queue_idx++; + } + for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) { mutex_lock(&airq_areas_lock); if (!airq_areas[i]) @@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, if (!info) return NULL; write_lock_irqsave(&info->lock, flags); - bit = airq_iv_alloc(info->aiv, nvqs); + bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1); if (bit == -1UL) { /* Not enough vacancies. */ write_unlock_irqrestore(&info->lock, flags); @@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs, *first = bit; *airq_info = info; indicator_addr = info->aiv->vector; - for (j = 0; j < nvqs; j++) { - airq_iv_set_ptr(info->aiv, bit + j, + for (j = 0, queue_idx = 0; j < nvqs; j++) { + if (!vqs[j]) + continue; + airq_iv_set_ptr(info->aiv, bit + queue_idx++, (unsigned long)vqs[j]); } write_unlock_irqrestore(&info->lock, flags);

6 months, 3 weeks

3
2
0 0

[tip: irq/urgent] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()

by tip-bot2 for Suzuki K Poulose

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 3318dc299b072a0511d6dfd8367f3304fb6d9827 Gitweb: https://git.kernel.org/tip/3318dc299b072a0511d6dfd8367f3304fb6d9827 Author: Suzuki K Poulose <suzuki.poulose(a)arm.com> AuthorDate: Tue, 22 Apr 2025 17:16:16 +01:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Sat, 26 Apr 2025 10:17:24 +02:00 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support") Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-gic-v2m.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index c698948..dc98c39 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, #ifdef CONFIG_ACPI static int acpi_num_msi; -static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) +static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev) { struct v2m_data *data;

6 months, 3 weeks

1
0
0 0

Re: G R A N T

by U N

Dear, Send your Ref: FSG2025 / Name / Phone Number / Country to Mr. Andrej Mahecic on un.grant(a)socialworker.net, +1 888 673 0430 for your £100,000.00 payment. Sincerely Mr. C. Gunness On behalf of the UN.

6 months, 3 weeks

1
0
0 0

[PATCH] Revert "rndis_host: Flag RNDIS modems as WWAN devices"

by Christian Heusel

This reverts commit 67d1a8956d2d62fe6b4c13ebabb57806098511d8. Since this commit has been proven to be problematic for the setup of USB-tethered ethernet connections and the related breakage is very noticeable for users it should be reverted until a fixed version of the change can be rolled out. Closes: https://lore.kernel.org/all/e0df2d85-1296-4317-b717-bd757e3ab928@heusel.eu/ Link: https://chaos.social/@gromit/114377862699921553 Link: https://bugzilla.kernel.org/show_bug.cgi?id=220002 Link: https://bugs.gentoo.org/953555 Link: https://bbs.archlinux.org/viewtopic.php?id=304892 Cc: stable(a)vger.kernel.org Acked-by: Lubomir Rintel <lkundrak(a)v3.sk> Signed-off-by: Christian Heusel <christian(a)heusel.eu> --- drivers/net/usb/rndis_host.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c index bb0bf1415872745aea177ce0ba7d6eb578cb4a47..7b3739b29c8f72b7b108c5f4ae11fdfcf243237d 100644 --- a/drivers/net/usb/rndis_host.c +++ b/drivers/net/usb/rndis_host.c @@ -630,16 +630,6 @@ static const struct driver_info zte_rndis_info = { .tx_fixup = rndis_tx_fixup, }; -static const struct driver_info wwan_rndis_info = { - .description = "Mobile Broadband RNDIS device", - .flags = FLAG_WWAN | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT, - .bind = rndis_bind, - .unbind = rndis_unbind, - .status = rndis_status, - .rx_fixup = rndis_rx_fixup, - .tx_fixup = rndis_tx_fixup, -}; - /*-------------------------------------------------------------------------*/ static const struct usb_device_id products [] = { @@ -676,11 +666,9 @@ static const struct usb_device_id products [] = { USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3), .driver_info = (unsigned long) &rndis_info, }, { - /* Mobile Broadband Modem, seen in Novatel Verizon USB730L and - * Telit FN990A (RNDIS) - */ + /* Novatel Verizon USB730L */ USB_INTERFACE_INFO(USB_CLASS_MISC, 4, 1), - .driver_info = (unsigned long)&wwan_rndis_info, + .driver_info = (unsigned long) &rndis_info, }, { }, // END }; --- base-commit: 9c32cda43eb78f78c73aee4aa344b777714e259b change-id: 20250424-usb-tethering-fix-398688b32dad Best regards, -- Christian Heusel <christian(a)heusel.eu>

6 months, 3 weeks

4
3
0 0

+ mm-vmalloc-support-more-granular-vrealloc-sizing.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: vmalloc: support more granular vrealloc() sizing has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-support-more-granular-vrealloc-sizing.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kees Cook <kees(a)kernel.org> Subject: mm: vmalloc: support more granular vrealloc() sizing Date: Fri, 25 Apr 2025 17:11:07 -0700 Introduce struct vm_struct::requested_size so that the requested (re)allocation size is retained separately from the allocated area size. This means that KASAN will correctly poison the correct spans of requested bytes. This also means we can support growing the usable portion of an allocation that can already be supported by the existing area's existing allocation. Link: https://lkml.kernel.org/r/20250426001105.it.679-kees@kernel.org Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()") Signed-off-by: Kees Cook <kees(a)kernel.org> Reported-by: Erhard Furtner <erhard_f(a)mailbox.org> Closes: https://lore.kernel.org/all/20250408192503.6149a816@outsider.home/ Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/vmalloc.h | 1 + mm/vmalloc.c | 31 ++++++++++++++++++++++++------- 2 files changed, 25 insertions(+), 7 deletions(-) --- a/include/linux/vmalloc.h~mm-vmalloc-support-more-granular-vrealloc-sizing +++ a/include/linux/vmalloc.h @@ -61,6 +61,7 @@ struct vm_struct { unsigned int nr_pages; phys_addr_t phys_addr; const void *caller; + unsigned long requested_size; }; struct vmap_area { --- a/mm/vmalloc.c~mm-vmalloc-support-more-granular-vrealloc-sizing +++ a/mm/vmalloc.c @@ -1940,7 +1940,7 @@ static inline void setup_vmalloc_vm(stru { vm->flags = flags; vm->addr = (void *)va->va_start; - vm->size = va_size(va); + vm->size = vm->requested_size = va_size(va); vm->caller = caller; va->vm = vm; } @@ -3133,6 +3133,7 @@ struct vm_struct *__get_vm_area_node(uns area->flags = flags; area->caller = caller; + area->requested_size = requested_size; va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area); if (IS_ERR(va)) { @@ -4063,6 +4064,8 @@ EXPORT_SYMBOL(vzalloc_node_noprof); */ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) { + struct vm_struct *vm = NULL; + size_t alloced_size = 0; size_t old_size = 0; void *n; @@ -4072,15 +4075,17 @@ void *vrealloc_noprof(const void *p, siz } if (p) { - struct vm_struct *vm; - vm = find_vm_area(p); if (unlikely(!vm)) { WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p); return NULL; } - old_size = get_vm_area_size(vm); + alloced_size = get_vm_area_size(vm); + old_size = vm->requested_size; + if (WARN(alloced_size < old_size, + "vrealloc() has mismatched area vs requested sizes (%p)\n", p)) + return NULL; } /* @@ -4088,14 +4093,26 @@ void *vrealloc_noprof(const void *p, siz * would be a good heuristic for when to shrink the vm_area? */ if (size <= old_size) { - /* Zero out spare memory. */ - if (want_init_on_alloc(flags)) + /* Zero out "freed" memory. */ + if (want_init_on_free()) memset((void *)p + size, 0, old_size - size); + vm->requested_size = size; kasan_poison_vmalloc(p + size, old_size - size); - kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); return (void *)p; } + /* + * We already have the bytes available in the allocation; use them. + */ + if (size <= alloced_size) { + kasan_unpoison_vmalloc(p + old_size, size - old_size, + KASAN_VMALLOC_PROT_NORMAL); + /* Zero out "alloced" memory. */ + if (want_init_on_alloc(flags)) + memset((void *)p + old_size, 0, size - old_size); + vm->requested_size = size; + } + /* TODO: Grow the vm_area, i.e. allocate and map additional pages. */ n = __vmalloc_noprof(size, flags); if (!n) _ Patches currently in -mm which might be from kees(a)kernel.org are mm-vmalloc-support-more-granular-vrealloc-sizing.patch

6 months, 3 weeks

1
0
0 0

[PATCH v2] usb: dwc3: Abort suspend on soft disconnect failure

by Kuen-Han Tsai

When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps going with the suspend, resulting in a period where the power domain is off, but the gadget driver remains connected. Within this time frame, invoking vbus_event_work() will cause an error as it attempts to access DWC3 registers for endpoint disabling after the power domain has been completely shut down. Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the controller and proceeds with a soft connect. Fixes: c8540870af4c ("usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()") CC: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- Kernel panic - not syncing: Asynchronous SError Interrupt Workqueue: events vbus_event_work Call trace: dump_backtrace+0xf4/0x118 show_stack+0x18/0x24 dump_stack_lvl+0x60/0x7c dump_stack+0x18/0x3c panic+0x16c/0x390 nmi_panic+0xa4/0xa8 arm64_serror_panic+0x6c/0x94 do_serror+0xc4/0xd0 el1h_64_error_handler+0x34/0x48 el1h_64_error+0x68/0x6c readl+0x4c/0x8c __dwc3_gadget_ep_disable+0x48/0x230 dwc3_gadget_ep_disable+0x50/0xc0 usb_ep_disable+0x44/0xe4 ffs_func_eps_disable+0x64/0xc8 ffs_func_set_alt+0x74/0x368 ffs_func_disable+0x18/0x28 composite_disconnect+0x90/0xec configfs_composite_disconnect+0x64/0x88 usb_gadget_disconnect_locked+0xc0/0x168 vbus_event_work+0x3c/0x58 process_one_work+0x1e4/0x43c worker_thread+0x25c/0x430 kthread+0x104/0x1d4 ret_from_fork+0x10/0x20 --- Changelog: v2: - move declarations in separate lines - add the Fixes tag drivers/usb/dwc3/core.c | 9 +++++++-- drivers/usb/dwc3/gadget.c | 22 +++++++++------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 66a08b527165..1cf1996ae1fb 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2388,6 +2388,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) { u32 reg; int i; + int ret; if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) { dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & @@ -2406,7 +2407,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) break; - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret synchronize_irq(dwc->irq_gadget); dwc3_core_exit(dwc); break; @@ -2441,7 +2444,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) { - dwc3_gadget_suspend(dwc); + ret = dwc3_gadget_suspend(dwc); + if (ret) + return ret; synchronize_irq(dwc->irq_gadget); } diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89a4dc8ebf94..316c1589618e 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4776,26 +4776,22 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) int ret; ret = dwc3_gadget_soft_disconnect(dwc); - if (ret) - goto err; - - spin_lock_irqsave(&dwc->lock, flags); - if (dwc->gadget_driver) - dwc3_disconnect_gadget(dwc); - spin_unlock_irqrestore(&dwc->lock, flags); - - return 0; - -err: /* * Attempt to reset the controller's state. Likely no * communication can be established until the host * performs a port reset. */ - if (dwc->softconnect) + if (ret && dwc->softconnect) { dwc3_gadget_soft_connect(dwc); + return ret; + } - return ret; + spin_lock_irqsave(&dwc->lock, flags); + if (dwc->gadget_driver) + dwc3_disconnect_gadget(dwc); + spin_unlock_irqrestore(&dwc->lock, flags); + + return 0; } int dwc3_gadget_resume(struct dwc3 *dwc) -- 2.49.0.395.g12beb8f557-goog

6 months, 3 weeks

3
4
0 0

+ tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: tools/testing/selftests: fix guard region test tmpfs assumption has been added to the -mm mm-hotfixes-unstable branch. Its filename is tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: tools/testing/selftests: fix guard region test tmpfs assumption Date: Fri, 25 Apr 2025 17:24:36 +0100 The current implementation of the guard region tests assume that /tmp is mounted as tmpfs, that is shmem. This isn't always the case, and at least one instance of a spurious test failure has been reported as a result. This assumption is unsafe, rushed and silly - and easily remedied by simply using memfd, so do so. We also have to fixup the readonly_file test to explicitly only be applicable to file-backed cases. Link: https://lkml.kernel.org/r/20250425162436.564002-1-lorenzo.stoakes@oracle.com Fixes: 272f37d3e99a ("tools/selftests: expand all guard region tests to file-backed") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Closes: https://lore.kernel.org/linux-mm/a2d2766b-0ab4-437b-951a-8595a7506fe9@arm.c… Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/guard-regions.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) --- a/tools/testing/selftests/mm/guard-regions.c~tools-testing-selftests-fix-guard-region-test-tmpfs-assumption +++ a/tools/testing/selftests/mm/guard-regions.c @@ -271,12 +271,16 @@ FIXTURE_SETUP(guard_regions) self->page_size = (unsigned long)sysconf(_SC_PAGESIZE); setup_sighandler(); - if (variant->backing == ANON_BACKED) + switch (variant->backing) { + case ANON_BACKED: return; - - self->fd = open_file( - variant->backing == SHMEM_BACKED ? "/tmp/" : "", - self->path); + case LOCAL_FILE_BACKED: + self->fd = open_file("", self->path); + break; + case SHMEM_BACKED: + self->fd = memfd_create(self->path, 0); + break; + } /* We truncate file to at least 100 pages, tests can modify as needed. */ ASSERT_EQ(ftruncate(self->fd, 100 * self->page_size), 0); @@ -1696,7 +1700,7 @@ TEST_F(guard_regions, readonly_file) char *ptr; int i; - if (variant->backing == ANON_BACKED) + if (variant->backing != LOCAL_FILE_BACKED) SKIP(return, "Read-only test specific to file-backed"); /* Map shared so we can populate with pattern, populate it, unmap. */ _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are maintainers-add-reverse-mapping-section.patch maintainers-add-core-mm-section.patch maintainers-add-mm-thp-section.patch maintainers-add-mm-thp-section-fix.patch tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch mm-vma-fix-incorrectly-disallowed-anonymous-vma-merges.patch tools-testing-add-procmap_query-helper-functions-in-mm-self-tests.patch tools-testing-selftests-assert-that-anon-merge-cases-behave-as-expected.patch mm-move-mmap-vma-locking-logic-into-specific-files.patch

6 months, 3 weeks

1
0
0 0

[PATCH v3] KVM: SVM: forcibly leave SMM mode on vCPU reset

by Mikhail Lobanov

Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when a vCPU reset occurs while still in SMM mode, due to the check in kvm_vcpu_reset(). This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, hardware CPUs exit SMM upon receiving a triple fault as part of a hardware reset. To reflect this behavior and avoid triggering the WARN, this patch explicitly calls kvm_smm_changed(vcpu, false) in the SVM-specific shutdown_interception() handler prior to resetting the vCPU. The initial version of this patch attempted to address the issue by calling kvm_smm_changed() inside kvm_vcpu_reset(). However, this approach was not architecturally accurate, as INIT is blocked during SMM and SMM should not be exited implicitly during a generic vCPU reset. This version moves the fix into shutdown_interception() for SVM, where the triple fault is actually handled, and where exiting SMM explicitly is appropriate. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> --- v2: Move SMM exit from kvm_vcpu_reset() to SVM's shutdown_interception(), per suggestion from Sean Christopherson <seanjc(a)google.com>. v3: -Export kvm_smm_changed() using EXPORT_SYMBOL_GPL. -Wrap the call to kvm_smm_changed() in svm.c with #ifdef CONFIG_KVM_SMM to avoid build errors when SMM support is disabled. arch/x86/kvm/smm.c | 1 + arch/x86/kvm/svm/svm.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c index 699e551ec93b..9864c057187d 100644 --- a/arch/x86/kvm/smm.c +++ b/arch/x86/kvm/smm.c @@ -131,6 +131,7 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm) kvm_mmu_reset_context(vcpu); } +EXPORT_SYMBOL_GPL(kvm_smm_changed); void process_smi(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5d0c5c3300b..c5470d842aed 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2231,6 +2231,10 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) */ if (!sev_es_guest(vcpu->kvm)) { clear_page(svm->vmcb); +#ifdef CONFIG_KVM_SMM + if (is_smm(vcpu)) + kvm_smm_changed(vcpu, false); +#endif kvm_vcpu_reset(vcpu, true); } -- 2.47.2

6 months, 3 weeks

2
1
0 0

[PATCH] arm64: dts: ti: k3-j784s4-j742s2-main-common: fix length of serdes_ln_ctrl

by Siddharth Vadapalli

Commit under Fixes corrected the "mux-reg-masks" property but did not update the "length" field of the "reg" property to account for the newly added register offsets which extend the region. Fix this. Fixes: 38e7f9092efb ("arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks") Cc: stable(a)vger.kernel.org Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit bc3372351d0c Merge tag 'for-6.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux of Mainline Linux. Regards, Siddharth. arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi index 1944616ab357..1fc0a11c5ab4 100644 --- a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi @@ -77,7 +77,7 @@ pcie1_ctrl: pcie1-ctrl@4074 { serdes_ln_ctrl: mux-controller@4080 { compatible = "reg-mux"; - reg = <0x00004080 0x30>; + reg = <0x00004080 0x50>; #mux-control-cells = <1>; mux-reg-masks = <0x0 0x3>, <0x4 0x3>, /* SERDES0 lane0/1 select */ <0x8 0x3>, <0xc 0x3>, /* SERDES0 lane2/3 select */ -- 2.34.1

6 months, 3 weeks

3
2
0 0

[PATCH 1/2] mm/userfaultfd: Fix uninitialized output field for -EAGAIN race

by Peter Xu

While discussing some userfaultfd relevant issues recently, Andrea noticed a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s. Quote from Andrea, explaining how -EAGAIN was processed, and how this should fix it (taking example of UFFDIO_COPY ioctl): The "mmap_changing" and "stale pmd" conditions are already reported as -EAGAIN written in the copy field, this does not change it. This change removes the subnormal case that left copy.copy uninitialized and required apps to explicitly set the copy field to get deterministic behavior (which is a requirement contrary to the documentation in both the manpage and source code). In turn there's no alteration to backwards compatibility as result of this change because userland will find the copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN and sometime uninitialized. Even then the change only can make a difference to non cooperative users of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not true for the vast majority of apps using userfaultfd or this unintended uninitialized field may have been noticed sooner. Meanwhile, since this bug existed for years, it also almost affects all ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also get affected in the same way: - UFFDIO_CONTINUE - UFFDIO_POISON - UFFDIO_MOVE This patch should have fixed all of them. Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races") Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl") Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Cc: linux-stable <stable(a)vger.kernel.org> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com> Signed-off-by: Peter Xu <peterx(a)redhat.com> --- fs/userfaultfd.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index d80f94346199..22f4bf956ba1 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, user_uffdio_copy = (struct uffdio_copy __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_copy, user_uffdio_copy, @@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx, user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, @@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg) user_uffdio_continue = (struct uffdio_continue __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_continue, user_uffdio_continue, @@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long user_uffdio_poison = (struct uffdio_poison __user *)arg; ret = -EAGAIN; - if (atomic_read(&ctx->mmap_changing)) + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) + return -EFAULT; goto out; + } ret = -EFAULT; if (copy_from_user(&uffdio_poison, user_uffdio_poison, @@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx, user_uffdio_move = (struct uffdio_move __user *) arg; - if (atomic_read(&ctx->mmap_changing)) - return -EAGAIN; + ret = -EAGAIN; + if (unlikely(atomic_read(&ctx->mmap_changing))) { + if (unlikely(put_user(ret, &user_uffdio_move->move))) + return -EFAULT; + goto out; + } if (copy_from_user(&uffdio_move, user_uffdio_move, /* don't copy "move" last field */ -- 2.48.1

6 months, 3 weeks

3
3
0 0

Potential Linux Crash: possible deadlock in udf_page_mkwrite in linux6.12.24(longterm maintenance)

by Jianzhou Zhao

Hello, I found a potential bug titled " possible deadlock in udf_page_mkwrite " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025). Unfortunately, I am unable to reproduce this bug. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com> The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132 compiler: gcc version 11.4.0 ------------[ cut here ]----------------------------------------- TITLE: possible deadlock in udf_page_mkwrite ------------[ cut here ]------------ ====================================================== WARNING: possible circular locking dependency detected 6.12.24 #3 Not tainted ------------------------------------------------------ syz.6.870/18445 is trying to acquire lock: ffff888053607700 (mapping.invalidate_lock#4){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:870 [inline] ffff888053607700 (mapping.invalidate_lock#4){++++}-{3:3}, at: udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50 but task is already holding lock: ffff888044124518 (sb_pagefaults#2){.+.+}-{0:0}, at: do_page_mkwrite+0x17d/0x390 mm/memory.c:3161 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #9 (sb_pagefaults#2){.+.+}-{0:0}: percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_pagefault include/linux/fs.h:1881 [inline] udf_page_mkwrite+0x18b/0xa20 fs/udf/file.c:48 do_page_mkwrite+0x17d/0x390 mm/memory.c:3161 wp_page_shared mm/memory.c:3562 [inline] do_wp_page+0x1291/0x4860 mm/memory.c:3712 handle_pte_fault mm/memory.c:5786 [inline] __handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913 handle_mm_fault+0x404/0xab0 mm/memory.c:6081 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 -> #8 (&vma->vm_lock->lock){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 vma_start_write include/linux/mm.h:757 [inline] vma_link+0x268/0x490 mm/vma.c:1604 insert_vm_struct+0x197/0x3f0 mm/mmap.c:2011 __bprm_mm_init fs/exec.c:289 [inline] bprm_mm_init fs/exec.c:393 [inline] alloc_bprm+0x6d1/0xd30 fs/exec.c:1578 kernel_execve+0xb0/0x3d0 fs/exec.c:2010 try_to_run_init_process init/main.c:1397 [inline] kernel_init+0x154/0x2d0 init/main.c:1525 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #7 (&mm->mmap_lock){++++}-{3:3}: __might_fault mm/memory.c:6719 [inline] __might_fault+0x118/0x190 mm/memory.c:6713 _inline_copy_from_user include/linux/uaccess.h:162 [inline] _copy_from_user+0x2b/0xd0 lib/usercopy.c:18 copy_from_user include/linux/uaccess.h:212 [inline] __blk_trace_setup+0x96/0x180 kernel/trace/blktrace.c:626 blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648 sg_ioctl_common drivers/scsi/sg.c:1114 [inline] sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #6 (&q->debugfs_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 blk_mq_init_sched+0x436/0x650 block/blk-mq-sched.c:473 elevator_init_mq+0x2cc/0x420 block/elevator.c:610 device_add_disk+0x10e/0x12f0 block/genhd.c:411 sd_probe+0xa0e/0xf80 drivers/scsi/sd.c:4024 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #5 (&q->q_usage_counter(queue)#51){++++}-{0:0}: blk_queue_enter+0x4d0/0x600 block/blk-core.c:328 blk_mq_alloc_request+0x422/0x9c0 block/blk-mq.c:680 scsi_alloc_request drivers/scsi/scsi_lib.c:1227 [inline] scsi_execute_cmd+0x1fe/0xf20 drivers/scsi/scsi_lib.c:304 read_capacity_16+0x1f2/0xe60 drivers/scsi/sd.c:2655 sd_read_capacity drivers/scsi/sd.c:2824 [inline] sd_revalidate_disk.isra.0+0x1989/0xa440 drivers/scsi/sd.c:3734 sd_probe+0x887/0xf80 drivers/scsi/sd.c:4010 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x24f/0xa90 drivers/base/dd.c:658 __driver_probe_device+0x1df/0x450 drivers/base/dd.c:800 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830 __device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459 __device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987 async_run_entry_fn+0x9c/0x530 kernel/async.c:129 process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232 process_scheduled_works kernel/workqueue.c:3314 [inline] worker_thread+0x677/0xe90 kernel/workqueue.c:3395 kthread+0x2c7/0x3b0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #4 (&q->limits_lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 queue_limits_start_update include/linux/blkdev.h:935 [inline] loop_reconfigure_limits+0x1f2/0x960 drivers/block/loop.c:1004 loop_set_block_size drivers/block/loop.c:1474 [inline] lo_simple_ioctl drivers/block/loop.c:1497 [inline] lo_ioctl+0xb92/0x1870 drivers/block/loop.c:1560 blkdev_ioctl+0x27b/0x6c0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}: bio_queue_enter block/blk.h:76 [inline] blk_mq_submit_bio+0x2167/0x2b70 block/blk-mq.c:3090 __submit_bio+0x399/0x630 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:716 [inline] submit_bio_noacct_nocheck+0x6c3/0xd00 block/blk-core.c:745 submit_bio_noacct+0x57a/0x1fa0 block/blk-core.c:868 submit_bh fs/buffer.c:2824 [inline] __bread_slow fs/buffer.c:1270 [inline] __bread_gfp+0x189/0x340 fs/buffer.c:1494 sb_bread include/linux/buffer_head.h:346 [inline] read_block_bitmap fs/udf/balloc.c:43 [inline] load_block_bitmap+0x1ff/0x570 fs/udf/balloc.c:99 udf_bitmap_free_blocks fs/udf/balloc.c:150 [inline] udf_free_blocks+0x57c/0x10a0 fs/udf/balloc.c:674 udf_evict_inode+0x34c/0x590 fs/udf/inode.c:163 evict+0x3ef/0x940 fs/inode.c:725 iput_final fs/inode.c:1877 [inline] iput fs/inode.c:1903 [inline] iput+0x511/0x7f0 fs/inode.c:1889 do_unlinkat+0x58f/0x710 fs/namei.c:4540 __do_sys_unlink fs/namei.c:4581 [inline] __se_sys_unlink fs/namei.c:4579 [inline] __x64_sys_unlink+0xc7/0x110 fs/namei.c:4579 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (&sbi->s_alloc_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x147/0x930 kernel/locking/mutex.c:752 udf_bitmap_new_block fs/udf/balloc.c:236 [inline] udf_new_block+0x7e2/0x1750 fs/udf/balloc.c:721 inode_getblk+0xe88/0x3bb0 fs/udf/inode.c:895 udf_map_block+0x2e3/0x5a0 fs/udf/inode.c:447 __udf_get_block+0x9c/0x340 fs/udf/inode.c:461 __block_write_begin_int+0x4e5/0x1670 fs/buffer.c:2121 block_write_begin+0x9a/0x1d0 fs/buffer.c:2231 udf_write_begin+0x1bc/0x280 fs/udf/inode.c:256 generic_perform_write+0x2bd/0x900 mm/filemap.c:4065 __generic_file_write_iter+0x1f6/0x240 mm/filemap.c:4166 udf_file_write_iter+0x233/0x740 fs/udf/file.c:111 new_sync_write fs/read_write.c:590 [inline] vfs_write+0xbfc/0x10d0 fs/read_write.c:683 ksys_write+0x122/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&ei->i_data_sem#2){++++}-{3:3}: down_write+0x92/0x200 kernel/locking/rwsem.c:1577 udf_expand_file_adinicb+0x174/0x970 fs/udf/inode.c:363 udf_setsize+0x4b2/0x10f0 fs/udf/inode.c:1289 udf_setattr+0x523/0x6c0 fs/udf/file.c:236 notify_change+0x6d3/0x1280 fs/attr.c:503 do_truncate+0x143/0x200 fs/open.c:65 vfs_truncate+0x3e3/0x4c0 fs/open.c:111 do_sys_truncate.part.0+0xf7/0x140 fs/open.c:134 do_sys_truncate fs/open.c:128 [inline] __do_sys_truncate fs/open.c:146 [inline] __se_sys_truncate fs/open.c:144 [inline] __x64_sys_truncate+0x6d/0xa0 fs/open.c:144 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (mapping.invalidate_lock#4){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 down_read+0x9a/0x330 kernel/locking/rwsem.c:1524 filemap_invalidate_lock_shared include/linux/fs.h:870 [inline] udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50 do_page_mkwrite+0x17d/0x390 mm/memory.c:3161 wp_page_shared mm/memory.c:3562 [inline] do_wp_page+0x1291/0x4860 mm/memory.c:3712 handle_pte_fault mm/memory.c:5786 [inline] __handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913 handle_mm_fault+0x404/0xab0 mm/memory.c:6081 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 other info that might help us debug this: Chain exists of: mapping.invalidate_lock#4 --> &vma->vm_lock->lock --> sb_pagefaults#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(sb_pagefaults#2); lock(&vma->vm_lock->lock); lock(sb_pagefaults#2); rlock(mapping.invalidate_lock#4); *** DEADLOCK *** 2 locks held by syz.6.870/18445: #0: ffff888050dbed18 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ffff888050dbed18 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x141/0x9a0 mm/memory.c:6247 #1: ffff888044124518 (sb_pagefaults#2){.+.+}-{0:0}, at: do_page_mkwrite+0x17d/0x390 mm/memory.c:3161 stack backtrace: CPU: 0 UID: 0 PID: 18445 Comm: syz.6.870 Not tainted 6.12.24 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120 print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074 check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202 lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825 down_read+0x9a/0x330 kernel/locking/rwsem.c:1524 filemap_invalidate_lock_shared include/linux/fs.h:870 [inline] udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50 do_page_mkwrite+0x17d/0x390 mm/memory.c:3161 wp_page_shared mm/memory.c:3562 [inline] do_wp_page+0x1291/0x4860 mm/memory.c:3712 handle_pte_fault mm/memory.c:5786 [inline] __handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913 handle_mm_fault+0x404/0xab0 mm/memory.c:6081 do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338 handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7fc9b0c4f002 Code: f0 48 8b 54 24 f0 8b 8a 80 00 00 00 8b 82 04 01 00 00 21 c8 83 c1 01 c1 e0 04 48 8b b4 02 40 01 00 00 48 8b 84 02 48 01 00 00 <89> 8a 80 00 00 00 48 81 fe 45 23 01 00 74 09 48 81 fe 56 34 02 00 RSP: 002b:00007fc9b1c9af88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00007fc9b0fe6080 RCX: 0000000000000001 RDX: 0000200000ff9000 RSI: 0000000000000000 RDI: 0000200000ff9000 RBP: 00007fc9b0e46d56 R08: 0000000000000000 R09: 0000000000000000 R10: 0000200000ff9000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fc9b0fe6080 R15: 00007fc9b1c7b000 </TASK> ================================================================== I hope it helps. Best regards Jianzhou Zhao

6 months, 3 weeks

1
0
0 0

[PATCH] usb: uhci-platform: Make the clock really optional

by Alexey Charkov

Device tree bindings state that the clock is optional for UHCI platform controllers, and some existing device trees don't provide those - such as those for VIA/WonderMedia devices. The driver however fails to probe now if no clock is provided, because devm_clk_get returns an error pointer in such case. Switch to devm_clk_get_optional instead, so that it could probe again on those platforms where no clocks are given. Cc: stable(a)vger.kernel.org Fixes: 26c502701c52 ("usb: uhci: Add clk support to uhci-platform") Signed-off-by: Alexey Charkov <alchark(a)gmail.com> --- drivers/usb/host/uhci-platform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/uhci-platform.c b/drivers/usb/host/uhci-platform.c index a7c934404ebc7ed74f64265fafa7830809979ba5..62318291f5664c9ec94f24535c71d962e28354f3 100644 --- a/drivers/usb/host/uhci-platform.c +++ b/drivers/usb/host/uhci-platform.c @@ -121,7 +121,7 @@ static int uhci_hcd_platform_probe(struct platform_device *pdev) } /* Get and enable clock if any specified */ - uhci->clk = devm_clk_get(&pdev->dev, NULL); + uhci->clk = devm_clk_get_optional(&pdev->dev, NULL); if (IS_ERR(uhci->clk)) { ret = PTR_ERR(uhci->clk); goto err_rmr; --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250425-uhci-clock-optional-9a9d09560e17 Best regards, -- Alexey Charkov <alchark(a)gmail.com>

6 months, 3 weeks

2
2
0 0

[PATCH RESEND v3 0/3] Add ti,suppress-v1p8-ena

by Judith Mendez

Resend patch series to fix cc list There are MMC boot failures seen with V1P8_SIGNAL_ENA on Kingston eMMC and Microcenter/Patriot SD cards on Sitara K3 boards due to the HS200 initialization sequence involving V1P8_SIGNAL_ENA. Since V1P8_SIGNAL_ENA is optional for eMMC, do not set V1P8_SIGNAL_ENA by default for eMMC. For SD cards we shall parse DT for ti,suppress-v1p8-ena property to determine whether to suppress V1P8_SIGNAL_ENA. Add new ti,suppress-v1p8-ena to am62x, am62ax, and am62px SoC dtsi files since there is no internal LDO tied to sdhci1 interface so V1P8_SIGNAL_ENA only affects timing. This fix was previously merged in the kernel, but was reverted due to the "heuristics for enabling the quirk"[0]. This issue is adressed in this patch series by adding optional ti,suppress-v1p8-ena DT property which determines whether to apply the quirk for SD. Changes since v2: - Include patch 3/3 - Reword cover letter - Reword binding patch description - Add fixes/cc tags to driver patch - Reorder patches according to binding patch first - Resend to fix cc list in original v3 series Link to v2: https://lore.kernel.org/linux-mmc/20250417182652.3521104-1-jm@ti.com/ Link to v1: https://lore.kernel.org/linux-mmc/20250407222702.2199047-1-jm@ti.com/ [0] https://lore.kernel.org/linux-mmc/20250127-am654-mmc-regression-v2-1-9bb39f… Judith Mendez (3): dt-bindings: mmc: sdhci-am654: Add ti,suppress-v1p8-ena mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch arm64: dts: ti: k3-am62*: add ti,suppress-v1p8-ena .../devicetree/bindings/mmc/sdhci-am654.yaml | 5 +++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 + .../dts/ti/k3-am62p-j722s-common-main.dtsi | 1 + drivers/mmc/host/sdhci_am654.c | 32 +++++++++++++++++++ 5 files changed, 40 insertions(+) base-commit: 1be38f81251f6d276713c259ecf4414f82f22c29 -- 2.49.0

6 months, 3 weeks

4
8
0 0

[PATCH v2 1/4] firmware: arm_scmi: Ensure that the message-id supports fastchannel

by Cristian Marussi

From: Sibi Sankar <quic_sibis(a)quicinc.com> Currently the perf and powercap protocol relies on the protocol domain attributes, which just ensures that one fastchannel per domain, before instantiating fastchannels for all possible message-ids. Fix this by ensuring that each message-id supports fastchannel before initialization. Logs: scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:0] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:1] - ret:-95. Using regular messaging. scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:2] - ret:-95. Using regular messaging. CC: stable(a)vger.kernel.org Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoQjAWse2YxwyRJv@hovoldconsulting.com/ Fixes: 6f9ea4dabd2d ("firmware: arm_scmi: Generalize the fast channel support") Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com> [Cristian: Modified the condition checked to establish support or not] Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- RFC -> V1 - picked up a few tags Since PROTOCOL_MESSAGE_ATTRIBUTES, used to check if message_id is supported, is a mandatory command, it cannot fail so we must bail-out NOT only if FC was not supported for that command but also if the query fails as a whole; so the condition checked for bailing out is modified to: if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { --- drivers/firmware/arm_scmi/driver.c | 76 +++++++++++++++------------ drivers/firmware/arm_scmi/protocols.h | 2 + 2 files changed, 45 insertions(+), 33 deletions(-) diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c index 1cf18cc8e63f..0e281fca0a38 100644 --- a/drivers/firmware/arm_scmi/driver.c +++ b/drivers/firmware/arm_scmi/driver.c @@ -1738,6 +1738,39 @@ static int scmi_common_get_max_msg_size(const struct scmi_protocol_handle *ph) return info->desc->max_msg_size; } +/** + * scmi_protocol_msg_check - Check protocol message attributes + * + * @ph: A reference to the protocol handle. + * @message_id: The ID of the message to check. + * @attributes: A parameter to optionally return the retrieved message + * attributes, in case of Success. + * + * An helper to check protocol message attributes for a specific protocol + * and message pair. + * + * Return: 0 on SUCCESS + */ +static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, + u32 message_id, u32 *attributes) +{ + int ret; + struct scmi_xfer *t; + + ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, + sizeof(__le32), 0, &t); + if (ret) + return ret; + + put_unaligned_le32(message_id, t->tx.buf); + ret = do_xfer(ph, t); + if (!ret && attributes) + *attributes = get_unaligned_le32(t->rx.buf); + xfer_put(ph, t); + + return ret; +} + /** * struct scmi_iterator - Iterator descriptor * @msg: A reference to the message TX buffer; filled by @prepare_message with @@ -1879,6 +1912,7 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, int ret; u32 flags; u64 phys_addr; + u32 attributes; u8 size; void __iomem *addr; struct scmi_xfer *t; @@ -1887,6 +1921,15 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph, struct scmi_msg_resp_desc_fc *resp; const struct scmi_protocol_instance *pi = ph_to_pi(ph); + /* Check if the MSG_ID supports fastchannel */ + ret = scmi_protocol_msg_check(ph, message_id, &attributes); + if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) { + dev_dbg(ph->dev, + "Skip FC init for 0x%02X/%d domain:%d - ret:%d\n", + pi->proto->id, message_id, domain, ret); + return; + } + if (!p_addr) { ret = -EINVAL; goto err_out; @@ -2004,39 +2047,6 @@ static void scmi_common_fastchannel_db_ring(struct scmi_fc_db_info *db) SCMI_PROTO_FC_RING_DB(64); } -/** - * scmi_protocol_msg_check - Check protocol message attributes - * - * @ph: A reference to the protocol handle. - * @message_id: The ID of the message to check. - * @attributes: A parameter to optionally return the retrieved message - * attributes, in case of Success. - * - * An helper to check protocol message attributes for a specific protocol - * and message pair. - * - * Return: 0 on SUCCESS - */ -static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph, - u32 message_id, u32 *attributes) -{ - int ret; - struct scmi_xfer *t; - - ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES, - sizeof(__le32), 0, &t); - if (ret) - return ret; - - put_unaligned_le32(message_id, t->tx.buf); - ret = do_xfer(ph, t); - if (!ret && attributes) - *attributes = get_unaligned_le32(t->rx.buf); - xfer_put(ph, t); - - return ret; -} - static const struct scmi_proto_helpers_ops helpers_ops = { .extended_name_get = scmi_common_extended_name_get, .get_max_msg_size = scmi_common_get_max_msg_size, diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h index aaee57cdcd55..d62c4469d1fd 100644 --- a/drivers/firmware/arm_scmi/protocols.h +++ b/drivers/firmware/arm_scmi/protocols.h @@ -31,6 +31,8 @@ #define SCMI_PROTOCOL_VENDOR_BASE 0x80 +#define MSG_SUPPORTS_FASTCHANNEL(x) ((x) & BIT(0)) + enum scmi_common_cmd { PROTOCOL_VERSION = 0x0, PROTOCOL_ATTRIBUTES = 0x1, -- 2.47.0

6 months, 3 weeks

1
0
0 0

[PATCH] ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> In the latest kernel versions system crashes were noticed occasionally during suspend/resume. This occurs because the RZ SSI suspend trigger (called from snd_soc_suspend()) is executed after rz_ssi_pm_ops->suspend() and it accesses IP registers. After the rz_ssi_pm_ops->suspend() is executed the IP clocks are disabled and its reset line is asserted. Since snd_soc_suspend() is invoked through snd_soc_pm_ops->suspend(), snd_soc_pm_ops is associated with soc_driver (defined in sound/soc/soc-core.c), and there is no parent-child relationship between soc_driver and rz_ssi_driver the power management subsystem does not enforce a specific suspend/resume order between the RZ SSI platform driver and soc_driver. To ensure that the suspend/resume function of rz-ssi is executed after snd_soc_suspend(), use NOIRQ_SYSTEM_SLEEP_PM_OPS(). Fixes: 1fc778f7c833 ("ASoC: renesas: rz-ssi: Add suspend to RAM support") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- sound/soc/renesas/rz-ssi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index 3a0af4ca7ab6..0f7458a43901 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -1244,7 +1244,7 @@ static int rz_ssi_runtime_resume(struct device *dev) static const struct dev_pm_ops rz_ssi_pm_ops = { RUNTIME_PM_OPS(rz_ssi_runtime_suspend, rz_ssi_runtime_resume, NULL) - SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume) + NOIRQ_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume) }; static struct platform_driver rz_ssi_driver = { -- 2.43.0

6 months, 3 weeks

2
1
0 0

[PATCH] ASoC: meson: meson-card-utils: use of_property_present() for DT parsing

by Martin Blumenstingl

Commit c141ecc3cecd ("of: Warn when of_property_read_bool() is used on non-boolean properties") added a warning when trying to parse a property with a value (boolean properties are defined as: absent = false, present without any value = true). This causes a warning from meson-card-utils. meson-card-utils needs to know about the existence of the "audio-routing" and/or "audio-widgets" properties in order to properly parse them. Switch to of_property_present() in order to silence the following warning messages during boot: OF: /sound: Read of boolean property 'audio-routing' with a value. OF: /sound: Read of boolean property 'audio-widgets' with a value. Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Tested-by: Christian Hewitt <christianshewitt(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> --- sound/soc/meson/meson-card-utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/meson/meson-card-utils.c b/sound/soc/meson/meson-card-utils.c index cfc7f6e41ab5..68531183fb60 100644 --- a/sound/soc/meson/meson-card-utils.c +++ b/sound/soc/meson/meson-card-utils.c @@ -231,7 +231,7 @@ static int meson_card_parse_of_optional(struct snd_soc_card *card, const char *p)) { /* If property is not provided, don't fail ... */ - if (!of_property_read_bool(card->dev->of_node, propname)) + if (!of_property_present(card->dev->of_node, propname)) return 0; /* ... but do fail if it is provided and the parsing fails */ -- 2.49.0

6 months, 3 weeks

2
1
0 0

[PATCH RESEND] usb: renesas_usbhs: Add error handling for usbhsf_fifo_select()

by Wentao Liang

In usbhsf_dcp_data_stage_prepare_pop(), the return value of usbhsf_fifo_select() needs to be checked. A proper implementation can be found in usbhsf_dma_try_pop_with_rx_irq(). Add an error check and jump to PIO pop when FIFO selection fails. Fixes: 9e74d601de8a ("usb: gadget: renesas_usbhs: add data/status stage handler") Cc: stable(a)vger.kernel.org # v3.2+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/renesas_usbhs/fifo.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index 10607e273879..6cc07ab4782d 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -466,6 +466,7 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, struct usbhs_pipe *pipe = pkt->pipe; struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe); struct usbhs_fifo *fifo = usbhsf_get_cfifo(priv); + int ret; if (usbhs_pipe_is_busy(pipe)) return 0; @@ -480,10 +481,14 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt, usbhs_pipe_sequence_data1(pipe); /* DATA1 */ - usbhsf_fifo_select(pipe, fifo, 0); + ret = usbhsf_fifo_select(pipe, fifo, 0); + if (ret < 0) + goto usbhsf_pio_prepare_pop; + usbhsf_fifo_clear(pipe, fifo); usbhsf_fifo_unselect(pipe, fifo); +usbhsf_pio_prepare_pop: /* * change handler to PIO pop */ -- 2.42.0.windows.2

6 months, 3 weeks

2
1
0 0

[PATCH v2 1/2] platform/x86: int3472: add hpd pin support

by Dongcheng Yan

Typically HDMI to MIPI CSI-2 bridges have a pin to signal image data is being received. On the host side this is wired to a GPIO for polling or interrupts. This includes the Lontium HDMI to MIPI CSI-2 bridges lt6911uxe and lt6911uxc. The GPIO "hpd" is used already by other HDMI to CSI-2 bridges, use it here as well. Signed-off-by: Dongcheng Yan <dongcheng.yan(a)intel.com> --- drivers/platform/x86/intel/int3472/common.h | 1 + drivers/platform/x86/intel/int3472/discrete.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/drivers/platform/x86/intel/int3472/common.h b/drivers/platform/x86/intel/int3472/common.h index 145dec66df64..db4cd3720e24 100644 --- a/drivers/platform/x86/intel/int3472/common.h +++ b/drivers/platform/x86/intel/int3472/common.h @@ -22,6 +22,7 @@ #define INT3472_GPIO_TYPE_POWER_ENABLE 0x0b #define INT3472_GPIO_TYPE_CLK_ENABLE 0x0c #define INT3472_GPIO_TYPE_PRIVACY_LED 0x0d +#define INT3472_GPIO_TYPE_HOTPLUG_DETECT 0x13 #define INT3472_PDEV_MAX_NAME_LEN 23 #define INT3472_MAX_SENSOR_GPIOS 3 diff --git a/drivers/platform/x86/intel/int3472/discrete.c b/drivers/platform/x86/intel/int3472/discrete.c index 30ff8f3ea1f5..26215d1b63a2 100644 --- a/drivers/platform/x86/intel/int3472/discrete.c +++ b/drivers/platform/x86/intel/int3472/discrete.c @@ -186,6 +186,10 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type, *con_id = "privacy-led"; *gpio_flags = GPIO_ACTIVE_HIGH; break; + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: + *con_id = "hpd"; + *gpio_flags = GPIO_ACTIVE_HIGH; + break; case INT3472_GPIO_TYPE_POWER_ENABLE: *con_id = "power-enable"; *gpio_flags = GPIO_ACTIVE_HIGH; @@ -212,6 +216,7 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type, * 0x0b Power enable * 0x0c Clock enable * 0x0d Privacy LED + * 0x13 Hotplug detect * * There are some known platform specific quirks where that does not quite * hold up; for example where a pin with type 0x01 (Power down) is mapped to @@ -281,6 +286,7 @@ static int skl_int3472_handle_gpio_resources(struct acpi_resource *ares, switch (type) { case INT3472_GPIO_TYPE_RESET: case INT3472_GPIO_TYPE_POWERDOWN: + case INT3472_GPIO_TYPE_HOTPLUG_DETECT: ret = skl_int3472_map_gpio_to_sensor(int3472, agpio, con_id, gpio_flags); if (ret) err_msg = "Failed to map GPIO pin to sensor\n"; base-commit: 01c6df60d5d4ae00cd5c1648818744838bba7763 -- 2.34.1

6 months, 3 weeks

4
4
0 0

Linux 6.14.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.4 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/booting.rst | 22 + Documentation/devicetree/bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2 Documentation/netlink/specs/ovs_vport.yaml | 4 Documentation/netlink/specs/rt_link.yaml | 20 - Documentation/netlink/specs/rt_neigh.yaml | 14 Documentation/wmi/devices/msi-wmi-platform.rst | 4 Makefile | 3 arch/arm64/include/asm/el2_setup.h | 25 + arch/arm64/tools/sysreg | 103 ++++++ arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/kernel/cevt-ds1287.c | 1 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/riscv/kernel/module-sections.c | 13 arch/riscv/kernel/module.c | 11 arch/riscv/kernel/setup.c | 36 ++ arch/x86/boot/compressed/mem.c | 5 arch/x86/boot/compressed/sev.c | 67 ---- arch/x86/boot/compressed/sev.h | 2 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 107 ------ arch/x86/kernel/cpu/amd.c | 19 - arch/x86/kernel/cpu/microcode/amd.c | 9 arch/x86/xen/multicalls.c | 26 - arch/x86/xen/smp_pv.c | 1 arch/x86/xen/xen-ops.h | 3 block/bio-integrity.c | 17 - block/blk-sysfs.c | 2 drivers/accel/ivpu/ivpu_drv.c | 4 drivers/accel/ivpu/ivpu_fw.c | 3 drivers/accel/ivpu/ivpu_hw.h | 11 drivers/accel/ivpu/ivpu_hw_btrs.c | 126 +++----- drivers/accel/ivpu/ivpu_hw_btrs.h | 6 drivers/ata/libata-sata.c | 15 drivers/block/loop.c | 121 +------ drivers/bluetooth/btqca.c | 2 drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_vhci.c | 10 drivers/cpufreq/cpufreq.c | 8 drivers/crypto/caam/qi.c | 6 drivers/crypto/tegra/tegra-se-aes.c | 5 drivers/dma-buf/sw_sync.c | 19 - drivers/firmware/cirrus/test/cs_dsp_mock_mem_maps.c | 30 - drivers/firmware/cirrus/test/cs_dsp_test_bin.c | 2 drivers/firmware/cirrus/test/cs_dsp_test_bin_error.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 +++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 28 + drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 15 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7 drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 55 +++ drivers/gpu/drm/ast/ast_dp.c | 6 drivers/gpu/drm/i915/display/intel_bw.c | 14 drivers/gpu/drm/i915/display/intel_display.c | 4 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_dp.c | 56 ++- drivers/gpu/drm/i915/display/intel_vblank.c | 4 drivers/gpu/drm/i915/gvt/opregion.c | 7 drivers/gpu/drm/i915/i915_drv.h | 1 drivers/gpu/drm/i915/soc/intel_dram.c | 4 drivers/gpu/drm/imagination/pvr_fw.c | 27 + drivers/gpu/drm/imagination/pvr_job.c | 7 drivers/gpu/drm/imagination/pvr_queue.c | 4 drivers/gpu/drm/mgag200/mgag200_mode.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 ++-- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 3 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_7_msm8996.h | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_2_sdm660.h | 3 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_3_sdm630.h | 2 drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 9 drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/gpu/drm/v3d/v3d_sched.c | 16 - drivers/gpu/drm/virtio/virtgpu_gem.c | 11 drivers/gpu/drm/virtio/virtgpu_plane.c | 20 - drivers/gpu/drm/xe/xe_device_types.h | 1 drivers/gpu/drm/xe/xe_dma_buf.c | 5 drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12 drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++-- drivers/gpu/drm/xe/xe_hmm.c | 24 - drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i2c/i2c-atr.c | 2 drivers/infiniband/core/cma.c | 4 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 10 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 drivers/md/md-bitmap.c | 5 drivers/md/raid10.c | 1 drivers/net/can/rockchip/rockchip_canfd-core.c | 7 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 13 drivers/net/dsa/mv88e6xxx/devlink.c | 3 drivers/net/ethernet/amd/pds_core/debugfs.c | 5 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 3 drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 7 drivers/net/ethernet/hisilicon/hibmcge/hbg_main.c | 6 drivers/net/ethernet/hisilicon/hibmcge/hbg_reg.h | 3 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_defines.h | 6 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++--- drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 2 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 +-- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15 drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++++---- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3 drivers/net/wireless/ath/ath12k/dp_mon.c | 4 drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/nvme/target/fc.c | 14 drivers/nvme/target/pci-epf.c | 74 +++- drivers/pci/pci.c | 4 drivers/platform/mellanox/mlxbf-bootctl.c | 4 drivers/platform/x86/amd/pmf/auto-mode.c | 4 drivers/platform/x86/amd/pmf/cnqf.c | 8 drivers/platform/x86/amd/pmf/core.c | 14 drivers/platform/x86/amd/pmf/pmf.h | 1 drivers/platform/x86/amd/pmf/sps.c | 12 drivers/platform/x86/amd/pmf/tee-if.c | 6 drivers/platform/x86/asus-laptop.c | 9 drivers/platform/x86/dell/alienware-wmi.c | 56 +++ drivers/platform/x86/msi-wmi-platform.c | 99 ++++-- drivers/ptp/ptp_ocp.c | 1 drivers/ras/amd/atl/internal.h | 3 drivers/ras/amd/atl/umc.c | 19 + drivers/ras/amd/fmpm.c | 9 drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 drivers/scsi/megaraid/megaraid_sas_base.c | 9 drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/smartpqi/smartpqi_init.c | 13 drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c | 33 +- drivers/ufs/host/ufs-exynos.c | 41 ++ drivers/ufs/host/ufs-exynos.h | 5 fs/Kconfig | 1 fs/btrfs/ioctl.c | 2 fs/btrfs/super.c | 3 fs/eventpoll.c | 38 +- fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 7 fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/overlayfs/overlayfs.h | 2 fs/overlayfs/super.c | 5 fs/smb/client/cifsproto.h | 2 fs/smb/client/connect.c | 34 -- fs/smb/client/file.c | 28 + fs/smb/server/connection.c | 4 fs/smb/server/oplock.c | 29 - fs/smb/server/oplock.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 7 fs/smb/server/transport_tcp.c | 14 fs/smb/server/transport_tcp.h | 1 fs/smb/server/vfs.c | 3 include/drm/intel/pciids.h | 1 include/linux/backing-dev.h | 1 include/linux/firmware/cirrus/cs_dsp_test_utils.h | 1 include/linux/nfs.h | 7 include/uapi/drm/ivpu_accel.h | 4 io_uring/rsrc.c | 17 + kernel/sched/cpufreq_schedutil.c | 46 ++ kernel/trace/ftrace.c | 7 kernel/trace/trace_events_filter.c | 4 lib/alloc_tag.c | 15 lib/iov_iter.c | 2 lib/string.c | 13 mm/compaction.c | 6 mm/filemap.c | 1 mm/gup.c | 4 mm/memory.c | 4 mm/slub.c | 10 mm/userfaultfd.c | 13 mm/vma.c | 38 ++ mm/vma.h | 9 net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_core.c | 21 + net/bridge/br_vlan.c | 4 net/dsa/dsa.c | 59 +++ net/dsa/tag_8021q.c | 2 net/ethtool/cmis_cdb.c | 2 net/ipv6/route.c | 1 net/mac80211/iface.c | 3 net/mctp/af_mctp.c | 3 net/netfilter/nf_flow_table_core.c | 10 net/openvswitch/flow_netlink.c | 3 net/smc/af_smc.c | 5 rust/Makefile | 2 rust/helpers/io.c | 34 +- scripts/Makefile.compiler | 4 scripts/generate_rust_analyzer.py | 12 sound/pci/hda/Kconfig | 4 sound/pci/hda/patch_realtek.c | 23 - sound/soc/codecs/cs42l43-jack.c | 3 sound/soc/codecs/lpass-wsa-macro.c | 117 +++++-- sound/soc/dwc/dwc-i2s.c | 13 sound/soc/fsl/fsl_qmc_audio.c | 3 sound/soc/intel/avs/pcm.c | 3 sound/soc/intel/boards/sof_sdw.c | 1 sound/soc/qcom/lpass.h | 3 tools/objtool/check.c | 1 tools/perf/util/evsel.c | 22 - tools/testing/kunit/qemu_configs/sh.py | 4 tools/testing/selftests/mincore/mincore_selftest.c | 16 - tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2 tools/testing/shared/linux.c | 4 246 files changed, 2157 insertions(+), 1271 deletions(-) Abdun Nihaal (7): wifi: at76c50x: fix use after free access in at76_disconnect wifi: brcmfmac: fix memory leak in brcmf_get_module_param wifi: wl1251: fix memory leak in wl1251_tx_work pds_core: fix memory leak in pdsc_debugfs_add_qcq() net: ngbe: fix memory leak in ngbe_probe() error path cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path net: txgbe: fix memory leak in txgbe_probe() error path Akhil P Oommen (1): drm/msm/a6xx: Fix stale rpmh votes from GPU Akhil R (1): crypto: tegra - Fix IV usage for AES ECB Alex Deucher (3): drm/amdgpu/mes12: optimize MES pipe FW version fetching drm/amdgpu/mes11: optimize MES pipe FW version fetching drm/amd/display/dml2: use vzalloc rather than kzalloc Alex Williamson (1): Revert "PCI: Avoid reset when disabled via sysfs" Alexander Tsoy (1): Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrzej Kacprowski (1): accel/ivpu: Fix the NPU's DPU frequency calculation Andy Shevchenko (1): i2c: atr: Fix wrong include Ankit Nautiyal (3): drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed drm/i915/display: Add macro for checking 3 DSC engines drm/i915/dp: Check for HAS_DSC_3ENGINES while configuring DSC slices Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Ard Biesheuvel (1): x86/boot/sev: Avoid shared GHCB page for early memory acceptance Armin Wolf (2): platform/x86: msi-wmi-platform: Rename "data" variable platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug Aurabindo Pillai (1): drm/amd/display: Temporarily disable hostvm on DCN31 Baolin Wang (1): selftests: mincore: fix tmpfs mincore test failure Baoquan He (1): mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Björn Töpel (1): riscv: Properly export reserved regions in /proc/iomem Bo-Cun Chen (3): net: ethernet: mtk_eth_soc: reapply mdc divider on reset net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Borislav Petkov (AMD) (1): x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Brady Norander (1): ASoC: dwc: always enable/disable i2s irqs Brendan King (2): drm/imagination: fix firmware memory leaks drm/imagination: take paired job reference Brendan Tam (1): drm/amd/display: prevent hang on link training fail Chandrakanth Patil (1): scsi: megaraid_sas: Block zero-length ATA VPD inquiry Charles Keepax (1): ASoC: cs42l43: Reset clamp override on jack removal Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chenyuan Yang (2): octeontx2-pf: handle otx2_mbox_get_rsp errors drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Christian König (1): drm/amdgpu: immediately use GTT for new allocations Christoph Hellwig (1): loop: stop using vfs_iter_{read,write} for buffered I/O Christopher S M Hall (6): igc: fix PTM cycle trigger logic igc: increase wait time before retrying PTM igc: move ktime snapshot into PTM retry loop igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails igc: add lock preventing multiple simultaneous PTM transactions Chunjie Zhu (1): smb3 client: fix open hardlink on deferred close file error Damien Le Moal (2): nvmet: pci-epf: always fully initialize completion entries nvmet: pci-epf: clear CC and CSTS when disabling the controller Damodharam Ammepalli (1): ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() Dan Carpenter (2): Bluetooth: btrtl: Prevent potential NULL dereference dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records David Thompson (1): mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() Denis Arefev (8): asus-laptop: Fix an uninitialized variable ksmbd: Prevent integer overflow in calculation of deadtime drm/amd/pm: Prevent division by zero drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/smu11: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Dmitry Baryshkov (2): Bluetooth: qca: fix NV variant for one of WCN3950 SoCs drm/msm/dpu: drop rogue intr_tear_rd_ptr values Dmitry Osipenko (2): drm/virtio: Don't attach GEM to a non-created context in gem_object_open() drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Edward Adam Davis (1): isofs: Prevent the use of too small fid Eric Biggers (1): nfs: add missing selections of CONFIG_CRC32 Evgeny Pimenov (1): ASoC: qcom: Fix sc7280 lpass potential buffer overflow FUJITA Tomonori (1): rust: helpers: Remove volatile qualifier from io helpers Florian Westphal (1): netfilter: conntrack: fix erronous removal of offload bit Frédéric Danis (2): Bluetooth: l2cap: Check encryption key size on incoming connection Bluetooth: l2cap: Process valid commands in too long frame Geert Uytterhoeven (1): dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry Giuseppe Scrivano (1): ovl: remove unused forward declaration Greg Kroah-Hartman (1): Linux 6.14.4 Haoxiang Li (1): drm/msm/dsi: Add check for devm_kstrdup() Henry Martin (1): ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Herbert Xu (1): crypto: caam/qi - Fix drv_ctx refcount bug Herve Codina (1): ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event Huacai Chen (3): drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() drm/amd/display: Protect FPU in dml21_copy() drm/amd/display: Protect FPU in dml2_init()/dml21_init() Ilya Maximets (1): net: openvswitch: fix nested key length validation in the set() action Jakub Kicinski (6): netlink: specs: ovs_vport: align with C codegen capabilities eth: bnxt: fix missing ring index trim on error path netlink: specs: rt-link: add an attr layer around alt-ifname netlink: specs: rtnetlink: attribute naming corrections netlink: specs: rt-link: adjust mctp attribute naming netlink: specs: rt-neigh: prefix struct nfmsg members with ndm Jani Nikula (1): drm/i915/gvt: fix unterminated-string-initialization warning Jens Axboe (1): eventpoll: abstract out ep_try_send_events() helper Jijie Shao (4): net: hibmcge: fix incorrect pause frame statistics issue net: hibmcge: fix incorrect multicast filtering issue net: hibmcge: fix wrong mtu log issue net: hibmcge: fix not restore rx pause mac addr after reset issue Jocelyn Falempe (1): drm/ast: Fix ast_dp connection status Joe Damato (1): eventpoll: Set epoll timeout if it's in the future Johannes Berg (2): wifi: iwlwifi: pcie: set state to no-FW before reset handshake Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Jonas Gorski (2): net: b53: enable BPDU reception for management port net: bridge: switchdev: do not notify new brentries as changed Juergen Gross (1): xen: fix multicall debug feature Kailang Yang (1): ALSA: hda/realtek - Fixed ASUS platform headset Mic issue Kan Liang (3): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kashyap Desai (1): RDMA/bnxt_re: Fix budget handling of notification queue Kees Cook (1): Bluetooth: vhci: Avoid needless snprintf() calls Kirill A. Shutemov (1): mm: fix apply_to_existing_page_range() Kuniyuki Iwashima (3): smc: Fix lockdep false-positive for IPPROTO_SMC. Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Revert "smb: client: fix TCP timers deadlock after rmmod" Kurt Borja (2): platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1 platform/x86: alienware-wmi-wmax: Extend support to more laptops Leo Li (2): drm/amd/display: Actually do immediate vblank disable drm/amd/display: Increase vblank offdelay for PSR panels Leon Romanovsky (1): RDMA/bnxt_re: Remove unusable nq variable Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Lijo Lazar (1): drm/amdgpu: Prefer shadow rom when available Lorenzo Stoakes (1): mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Lucas De Marchi (1): drm/xe: Set LRC addresses before guc load Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Lukas Fischer (1): scripts: generate_rust_analyzer: Add ffi crate Mario Limonciello (4): platform/x86: amd: pmf: Fix STT limits drm/amd: Handle being compiled without SI or CIK support better drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 Mark Brown (1): selftests/mm: generate a temporary mountpoint for cgroup filesystem Martin K. Petersen (1): block: integrity: Do not call set_page_dirty_lock() Martin Wilck (1): scsi: smartpqi: Use is_kdump_kernel() to check for kdump Matt Johnston (1): net: mctp: Set SOCK_RCU_FREE Matt Roper (1): drm/xe/bmg: Add one additional PCI ID Matthew Auld (3): drm/amdgpu/dma_buf: fix page_link check drm/xe/dma_buf: stop relying on placement in unmap drm/xe/userptr: fix notifier vs folio deadlock Matthew Brost (1): drm/xe: Use local fence in error path of xe_migrate_clear Matthew Wilcox (Oracle) (1): test suite: use %zu to print size_t Maíra Canal (1): drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later Meghana Malladi (3): net: ti: icss-iep: Add pwidth configuration for perout signal net: ti: icss-iep: Add phase offset configuration for perout signal net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Menglong Dong (1): ftrace: fix incorrect hash size in register_ftrace_direct() Miaoqian Lin (1): scsi: iscsi: Fix missing scsi_host_put() in error path Michael Walle (1): net: ethernet: ti: am65-cpsw: fix port_np reference counting Miguel Ojeda (4): objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0 rust: kasan/kbuild: fix missing flags on first build rust: disable `clippy::needless_continue` rust: kbuild: use `pound` to support GNU Make < 4.3 Miklos Szeredi (1): ovl: don't allow datadir only Namhyung Kim (1): perf tools: Remove evsel__handle_error_quirks() Namjae Jeon (3): ksmbd: fix use-after-free in __smb2_lease_break_noti() ksmbd: fix use-after-free in smb_break_all_levII_oplock() ksmbd: fix the warning from __kernel_write_iter Nathan Chancellor (1): riscv: Avoid fortify warning in syscall_get_arguments() Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-sata: Save all fields from sense data descriptor P Praneesh (1): wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Pavel Begunkov (1): io_uring: don't post tag CQEs on file/buffer registration failure Peter Collingbourne (1): string: Add load_unaligned_zeropad() code path to sized_strscpy() Peter Griffin (3): scsi: ufs: exynos: Move UFS shareability value to drvdata scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set scsi: ufs: exynos: Ensure consistent phy reference counts Peter Ujfalusi (1): ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 Rafael J. Wysocki (3): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq/sched: Explicitly synchronize limits_changed flag handling cpufreq: Reference count policy in cpufreq_update_limits() Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Richard Fitzgerald (2): ALSA: hda/cirrus_scodec_test: Don't select dependencies firmware: cs_dsp: test_bin_error: Fix uninitialized data used as fw version Rob Clark (1): drm/msm/a6xx+: Don't let IB_SIZE overflow Rolf Eike Beer (1): drm/sti: remove duplicate object names Sagi Maimon (1): ptp: ocp: fix start time alignment in ptp_ocp_signal_set Sami Tolvanen (1): rust: kbuild: Don't export __pfx symbols Samuel Holland (2): riscv: module: Fix out-of-bounds relocation access riscv: module: Allocate PLT entries for R_RISCV_PLT32 Sandipan Das (1): x86/cpu/amd: Fix workaround for erratum 1054 Sean Heelan (1): ksmbd: Fix dangling pointer in krb_authenticate Sharath Srinivasan (1): RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Sheng Yong (1): lib/iov_iter: fix to increase non slab folio refcount Sidong Yang (1): btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN Srinivas Kandagatla (2): ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Pandruvada (1): thermal: intel: int340x: Fix Panther Lake DLVR support Steven Rostedt (1): tracing: Fix filter string testing Suren Baghdasaryan (1): slab: ensure slab->obj_exts is clear in a newly allocated slab page T.J. Mercier (1): alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Thomas Hellström (1): drm/xe: Fix an out-of-bounds shift when invalidating TLB Thomas Weißschuh (3): kunit: qemu_configs: SH: Respect kunit cmdline loop: properly send KOBJ_CHANGED uevent for disk device loop: LOOP_SET_FD: send uevents for partitions Thomas Zimmermann (1): drm/mgag200: Fix value in <VBLKSTR> register Tom Chung (1): drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() Tomasz Pakuła (1): drm/amd/pm: Add zero RPM enabled OD setting support for SMU14.0.2 Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Ville Syrjälä (2): drm/i915: Fix scanline_offset for LNL+ and BMG+ drm/i915/dp: Reject HBR3 when sink doesn't support TPS4 Vishal Moola (Oracle) (2): mm/compaction: fix bug in hugetlb handling pathway mm: fix filemap_get_folios_contig returning batches of identical folios Vivek Kasireddy (1): drm/i915/xe2hpd: Identify the memory type for SKUs with GDDR + ECC Vladimir Oltean (5): net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported net: dsa: clean up FDB, MDB, VLAN entries on unbind net: dsa: free routing table on probe failure net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Weizhao Ouyang (1): can: rockchip_canfd: fix broken quirks checks Will Pierce (1): riscv: Use kvmalloc_array on relocation_hashtable Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xin Long (1): ipv6: add exception routes to GC list in rt6_insert_exception Xingui Yang (1): scsi: hisi_sas: Enable force phy when SATA disk directly connected Yazen Ghannam (2): RAS/AMD/ATL: Include row[13] bit in row retirement RAS/AMD/FMPM: Get masked address Yu Kuai (1): md/raid10: fix missing discard IO accounting Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yunlong Xing (1): loop: aio inherit the ioprio of original request ZhenGuo Yin (1): drm/amdgpu: fix warning of drm_mm_clean Zheng Qixing (2): md/md-bitmap: fix stats collection for external bitmaps block: fix resource leak in blk_register_queue() error path

6 months, 3 weeks

1
1
0 0

Linux 6.12.25

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.25 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arch/arm64/booting.rst | 22 + Documentation/devicetree/bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2 Documentation/netlink/specs/ovs_vport.yaml | 4 Documentation/netlink/specs/rt_link.yaml | 14 Documentation/wmi/devices/msi-wmi-platform.rst | 4 Makefile | 6 arch/arm64/include/asm/el2_setup.h | 25 + arch/arm64/tools/sysreg | 104 ++++++ arch/loongarch/kernel/acpi.c | 12 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/kernel/cevt-ds1287.c | 1 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/riscv/kernel/module-sections.c | 13 arch/riscv/kernel/module.c | 11 arch/riscv/kernel/setup.c | 36 ++ arch/x86/boot/compressed/mem.c | 5 arch/x86/boot/compressed/sev.c | 67 ---- arch/x86/boot/compressed/sev.h | 2 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 107 ------ arch/x86/kernel/cpu/amd.c | 19 - arch/x86/kernel/cpu/microcode/amd.c | 9 arch/x86/xen/multicalls.c | 26 - arch/x86/xen/smp_pv.c | 1 arch/x86/xen/xen-ops.h | 3 block/bio-integrity.c | 17 - block/blk-core.c | 6 block/blk-merge.c | 2 block/blk-mq-cpumap.c | 37 ++ block/blk-mq.c | 42 +- block/blk-mq.h | 2 block/blk-sysfs.c | 2 drivers/ata/libata-sata.c | 15 drivers/block/loop.c | 121 +------ drivers/block/null_blk/main.c | 9 drivers/block/virtio_blk.c | 13 drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_vhci.c | 10 drivers/cpufreq/cpufreq.c | 8 drivers/crypto/caam/qi.c | 6 drivers/crypto/tegra/tegra-se-aes.c | 131 ++++---- drivers/crypto/tegra/tegra-se-hash.c | 38 +- drivers/crypto/tegra/tegra-se.h | 2 drivers/dma-buf/sw_sync.c | 19 - drivers/firmware/efi/libstub/efistub.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 +++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 17 - drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 9 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7 drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 drivers/gpu/drm/ast/ast_dp.c | 6 drivers/gpu/drm/i915/display/intel_display.c | 4 drivers/gpu/drm/i915/gvt/opregion.c | 7 drivers/gpu/drm/imagination/pvr_fw.c | 27 + drivers/gpu/drm/imagination/pvr_job.c | 7 drivers/gpu/drm/imagination/pvr_queue.c | 4 drivers/gpu/drm/mgag200/mgag200_mode.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 ++-- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 drivers/gpu/drm/msm/dsi/dsi_host.c | 9 drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/gpu/drm/v3d/v3d_sched.c | 16 - drivers/gpu/drm/xe/xe_dma_buf.c | 5 drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12 drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++-- drivers/gpu/drm/xe/xe_hmm.c | 24 - drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i2c/i2c-atr.c | 2 drivers/infiniband/core/cma.c | 4 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 drivers/md/md-bitmap.c | 5 drivers/md/md.c | 22 - drivers/md/raid10.c | 1 drivers/misc/pci_endpoint_test.c | 4 drivers/net/can/rockchip/rockchip_canfd-core.c | 7 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 13 drivers/net/dsa/mv88e6xxx/devlink.c | 3 drivers/net/ethernet/amd/pds_core/debugfs.c | 5 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_defines.h | 6 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++--- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 +-- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15 drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++++---- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3 drivers/net/wireless/ath/ath12k/dp_mon.c | 4 drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/nvme/host/apple.c | 2 drivers/nvme/host/pci.c | 15 drivers/nvme/target/fc.c | 14 drivers/pci/pci.c | 4 drivers/platform/x86/amd/pmf/auto-mode.c | 4 drivers/platform/x86/amd/pmf/cnqf.c | 8 drivers/platform/x86/amd/pmf/core.c | 14 drivers/platform/x86/amd/pmf/pmf.h | 1 drivers/platform/x86/amd/pmf/sps.c | 12 drivers/platform/x86/amd/pmf/tee-if.c | 6 drivers/platform/x86/asus-laptop.c | 9 drivers/platform/x86/msi-wmi-platform.c | 99 ++++-- drivers/ptp/ptp_ocp.c | 1 drivers/ras/amd/atl/internal.h | 3 drivers/ras/amd/atl/umc.c | 19 + drivers/ras/amd/fmpm.c | 9 drivers/scsi/fnic/fnic_main.c | 3 drivers/scsi/hisi_sas/hisi_sas.h | 1 drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 18 - drivers/scsi/megaraid/megaraid_sas_base.c | 12 drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 drivers/scsi/mpi3mr/mpi3mr.h | 1 drivers/scsi/mpi3mr/mpi3mr_os.c | 2 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3 drivers/scsi/pm8001/pm8001_init.c | 2 drivers/scsi/pm8001/pm8001_sas.h | 1 drivers/scsi/qla2xxx/qla_nvme.c | 3 drivers/scsi/qla2xxx/qla_os.c | 4 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/smartpqi/smartpqi_init.c | 20 - drivers/ufs/host/ufs-exynos.c | 6 fs/Kconfig | 1 fs/btrfs/super.c | 3 fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 7 fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/overlayfs/overlayfs.h | 2 fs/overlayfs/super.c | 5 fs/smb/client/cifsproto.h | 2 fs/smb/client/connect.c | 34 -- fs/smb/client/file.c | 28 + fs/smb/server/oplock.c | 29 - fs/smb/server/oplock.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 3 include/linux/backing-dev.h | 1 include/linux/blk-mq.h | 101 +++--- include/linux/blkdev.h | 11 include/linux/bpf.h | 1 include/linux/bpf_verifier.h | 1 include/linux/device/bus.h | 3 include/linux/nfs.h | 7 io_uring/rw.c | 4 kernel/bpf/verifier.c | 79 ++++- kernel/sched/cpufreq_schedutil.c | 46 ++ kernel/trace/ftrace.c | 7 kernel/trace/trace_events_filter.c | 4 lib/string.c | 13 mm/compaction.c | 6 mm/filemap.c | 1 mm/gup.c | 4 mm/memory.c | 4 mm/slub.c | 10 mm/userfaultfd.c | 13 mm/vma.c | 38 ++ mm/vma.h | 9 net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_core.c | 21 + net/bridge/br_vlan.c | 4 net/dsa/dsa.c | 59 +++ net/dsa/tag_8021q.c | 2 net/ethtool/cmis_cdb.c | 2 net/ipv6/route.c | 1 net/mac80211/iface.c | 3 net/mctp/af_mctp.c | 3 net/openvswitch/flow_netlink.c | 3 net/smc/af_smc.c | 5 scripts/Makefile.compiler | 4 scripts/generate_rust_analyzer.py | 12 sound/pci/hda/Kconfig | 4 sound/pci/hda/patch_realtek.c | 55 +++ sound/soc/codecs/cs42l43-jack.c | 3 sound/soc/codecs/lpass-wsa-macro.c | 117 +++++-- sound/soc/dwc/dwc-i2s.c | 13 sound/soc/fsl/fsl_qmc_audio.c | 3 sound/soc/intel/avs/pcm.c | 3 sound/soc/intel/boards/sof_sdw.c | 1 sound/soc/qcom/lpass.h | 3 tools/objtool/check.c | 1 tools/testing/kunit/qemu_configs/sh.py | 4 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++ tools/testing/selftests/bpf/progs/changes_pkt_data.c | 39 ++ tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c | 18 + tools/testing/selftests/bpf/progs/raw_tp_null.c | 19 - tools/testing/selftests/bpf/progs/verifier_sock.c | 56 +++ tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2 tools/testing/shared/linux.c | 4 226 files changed, 2243 insertions(+), 1187 deletions(-) Abdun Nihaal (6): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work pds_core: fix memory leak in pdsc_debugfs_add_qcq() net: ngbe: fix memory leak in ngbe_probe() error path cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path net: txgbe: fix memory leak in txgbe_probe() error path Akhil P Oommen (1): drm/msm/a6xx: Fix stale rpmh votes from GPU Akhil R (2): crypto: tegra - Do not use fixed size buffers crypto: tegra - Fix IV usage for AES ECB Alex Deucher (2): drm/amdgpu/mes12: optimize MES pipe FW version fetching drm/amdgpu/mes11: optimize MES pipe FW version fetching Alex Williamson (1): Revert "PCI: Avoid reset when disabled via sysfs" Alexander Tsoy (1): Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andy Shevchenko (1): i2c: atr: Fix wrong include Ankit Nautiyal (1): drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed Anshuman Khandual (7): arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 arm64/sysreg: Add register fields for HDFGRTR2_EL2 arm64/sysreg: Add register fields for HDFGWTR2_EL2 arm64/sysreg: Add register fields for HFGITR2_EL2 arm64/sysreg: Add register fields for HFGRTR2_EL2 arm64/sysreg: Add register fields for HFGWTR2_EL2 arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Ard Biesheuvel (1): x86/boot/sev: Avoid shared GHCB page for early memory acceptance Armin Wolf (2): platform/x86: msi-wmi-platform: Rename "data" variable platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug Aurabindo Pillai (1): drm/amd/display: Temporarily disable hostvm on DCN31 Baoquan He (1): mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Björn Töpel (1): riscv: Properly export reserved regions in /proc/iomem Bo-Cun Chen (3): net: ethernet: mtk_eth_soc: reapply mdc divider on reset net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Borislav Petkov (AMD) (1): x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Brady Norander (1): ASoC: dwc: always enable/disable i2s irqs Brendan King (2): drm/imagination: fix firmware memory leaks drm/imagination: take paired job reference Brendan Tam (1): drm/amd/display: prevent hang on link training fail Chandrakanth Patil (1): scsi: megaraid_sas: Block zero-length ATA VPD inquiry Charles Keepax (1): ASoC: cs42l43: Reset clamp override on jack removal Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Christian König (1): drm/amdgpu: immediately use GTT for new allocations Christoph Hellwig (4): loop: stop using vfs_iter_{read,write} for buffered I/O block: remove rq_list_move block: add a rq_list type block: don't reorder requests in blk_add_rq_to_plug Christopher S M Hall (6): igc: fix PTM cycle trigger logic igc: increase wait time before retrying PTM igc: move ktime snapshot into PTM retry loop igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails igc: add lock preventing multiple simultaneous PTM transactions Chunjie Zhu (1): smb3 client: fix open hardlink on deferred close file error Colin Ian King (1): crypto: tegra - remove redundant error check on ret Damodharam Ammepalli (1): ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() Dan Carpenter (2): Bluetooth: btrtl: Prevent potential NULL dereference dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() Daniel Wagner (3): driver core: bus: add irq_get_affinity callback to bus_type blk-mq: introduce blk_mq_map_hw_queues scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records Denis Arefev (8): asus-laptop: Fix an uninitialized variable ksmbd: Prevent integer overflow in calculation of deadtime drm/amd/pm: Prevent division by zero drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/smu11: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Eduard Zingerman (8): bpf: add find_containing_subprog() utility function bpf: track changes_pkt_data property for global functions selftests/bpf: test for changing packet data from global functions bpf: check changes_pkt_data property for extension programs selftests/bpf: freplace tests for tracking of changes_packet_data selftests/bpf: validate that tail call invalidates packet pointers bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs selftests/bpf: extend changes_pkt_data with cases w/o subprograms Edward Adam Davis (1): isofs: Prevent the use of too small fid Eric Biggers (1): nfs: add missing selections of CONFIG_CRC32 Evgeny Pimenov (1): ASoC: qcom: Fix sc7280 lpass potential buffer overflow Frédéric Danis (2): Bluetooth: l2cap: Check encryption key size on incoming connection Bluetooth: l2cap: Process valid commands in too long frame Geert Uytterhoeven (1): dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry Giuseppe Scrivano (1): ovl: remove unused forward declaration Greg Kroah-Hartman (1): Linux 6.12.25 Hamza Mahfooz (1): efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 Haoxiang Li (1): drm/msm/dsi: Add check for devm_kstrdup() Henry Martin (1): ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Herbert Xu (1): crypto: caam/qi - Fix drv_ctx refcount bug Herve Codina (1): ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event Huacai Chen (3): drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() drm/amd/display: Protect FPU in dml21_copy() drm/amd/display: Protect FPU in dml2_init()/dml21_init() Ilya Maximets (1): net: openvswitch: fix nested key length validation in the set() action Jakub Kicinski (4): netlink: specs: ovs_vport: align with C codegen capabilities eth: bnxt: fix missing ring index trim on error path netlink: specs: rt-link: add an attr layer around alt-ifname netlink: specs: rt-link: adjust mctp attribute naming Jani Nikula (1): drm/i915/gvt: fix unterminated-string-initialization warning Jaroslav Kysela (1): ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA Jens Axboe (1): block: make struct rq_list available for !CONFIG_BLOCK Jocelyn Falempe (1): drm/ast: Fix ast_dp connection status Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Jonas Gorski (2): net: b53: enable BPDU reception for management port net: bridge: switchdev: do not notify new brentries as changed Juergen Gross (1): xen: fix multicall debug feature Kailang Yang (1): ALSA: hda/realtek - Fixed ASUS platform headset Mic issue Kan Liang (3): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kees Cook (1): Bluetooth: vhci: Avoid needless snprintf() calls Kirill A. Shutemov (1): mm: fix apply_to_existing_page_range() Kunihiko Hayashi (2): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kuniyuki Iwashima (3): smc: Fix lockdep false-positive for IPPROTO_SMC. Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Revert "smb: client: fix TCP timers deadlock after rmmod" Leo Li (2): drm/amd/display: Actually do immediate vblank disable drm/amd/display: Increase vblank offdelay for PSR panels Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Lijo Lazar (1): drm/amdgpu: Prefer shadow rom when available Lorenzo Stoakes (1): mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Lucas De Marchi (1): drm/xe: Set LRC addresses before guc load Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Lukas Fischer (1): scripts: generate_rust_analyzer: Add ffi crate Mario Limonciello (4): platform/x86: amd: pmf: Fix STT limits drm/amd: Handle being compiled without SI or CIK support better drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 Mark Brown (1): selftests/mm: generate a temporary mountpoint for cgroup filesystem Martin K. Petersen (1): block: integrity: Do not call set_page_dirty_lock() Martin Wilck (1): scsi: smartpqi: Use is_kdump_kernel() to check for kdump Matt Johnston (1): net: mctp: Set SOCK_RCU_FREE Matthew Auld (3): drm/amdgpu/dma_buf: fix page_link check drm/xe/dma_buf: stop relying on placement in unmap drm/xe/userptr: fix notifier vs folio deadlock Matthew Brost (1): drm/xe: Use local fence in error path of xe_migrate_clear Matthew Wilcox (Oracle) (1): test suite: use %zu to print size_t Maíra Canal (1): drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later Meghana Malladi (3): net: ti: icss-iep: Add pwidth configuration for perout signal net: ti: icss-iep: Add phase offset configuration for perout signal net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Menglong Dong (1): ftrace: fix incorrect hash size in register_ftrace_direct() Miaoqian Lin (1): scsi: iscsi: Fix missing scsi_host_put() in error path Michael Walle (1): net: ethernet: ti: am65-cpsw: fix port_np reference counting Miguel Ojeda (4): objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0 rust: kasan/kbuild: fix missing flags on first build rust: disable `clippy::needless_continue` rust: kbuild: use `pound` to support GNU Make < 4.3 Miklos Szeredi (1): ovl: don't allow datadir only Namjae Jeon (2): ksmbd: fix use-after-free in smb_break_all_levII_oplock() ksmbd: fix the warning from __kernel_write_iter Nathan Chancellor (2): riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-sata: Save all fields from sense data descriptor P Praneesh (1): wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Peter Collingbourne (1): string: Add load_unaligned_zeropad() code path to sized_strscpy() Peter Griffin (1): scsi: ufs: exynos: Ensure consistent phy reference counts Peter Ujfalusi (1): ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 Rafael J. Wysocki (3): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq/sched: Explicitly synchronize limits_changed flag handling cpufreq: Reference count policy in cpufreq_update_limits() Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Richard Fitzgerald (1): ALSA: hda/cirrus_scodec_test: Don't select dependencies Rob Clark (1): drm/msm/a6xx+: Don't let IB_SIZE overflow Rolf Eike Beer (1): drm/sti: remove duplicate object names Sagi Maimon (1): ptp: ocp: fix start time alignment in ptp_ocp_signal_set Samuel Holland (2): riscv: module: Fix out-of-bounds relocation access riscv: module: Allocate PLT entries for R_RISCV_PLT32 Sandipan Das (1): x86/cpu/amd: Fix workaround for erratum 1054 Sean Heelan (1): ksmbd: Fix dangling pointer in krb_authenticate Sharath Srinivasan (1): RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Shung-Hsi Yu (1): selftests/bpf: Fix raw_tp null handling test Srinivas Kandagatla (2): ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Steven Rostedt (1): tracing: Fix filter string testing Suren Baghdasaryan (1): slab: ensure slab->obj_exts is clear in a newly allocated slab page Takashi Iwai (1): ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Thomas Hellström (1): drm/xe: Fix an out-of-bounds shift when invalidating TLB Thomas Weißschuh (3): kunit: qemu_configs: SH: Respect kunit cmdline loop: properly send KOBJ_CHANGED uevent for disk device loop: LOOP_SET_FD: send uevents for partitions Thomas Zimmermann (1): drm/mgag200: Fix value in <VBLKSTR> register Tom Chung (1): drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Vishal Moola (Oracle) (2): mm/compaction: fix bug in hugetlb handling pathway mm: fix filemap_get_folios_contig returning batches of identical folios Vladimir Oltean (5): net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported net: dsa: clean up FDB, MDB, VLAN entries on unbind net: dsa: free routing table on probe failure net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Weizhao Ouyang (1): can: rockchip_canfd: fix broken quirks checks Will Pierce (1): riscv: Use kvmalloc_array on relocation_hashtable Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xin Long (1): ipv6: add exception routes to GC list in rt6_insert_exception Xingui Yang (1): scsi: hisi_sas: Enable force phy when SATA disk directly connected Yazen Ghannam (2): RAS/AMD/ATL: Include row[13] bit in row retirement RAS/AMD/FMPM: Get masked address Yu Kuai (2): md/raid10: fix missing discard IO accounting md: fix mddev uaf while iterating all_mddevs list Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yuli Wang (1): LoongArch: Eliminate superfluous get_numa_distances_cnt() Yunlong Xing (1): loop: aio inherit the ioprio of original request ZhenGuo Yin (1): drm/amdgpu: fix warning of drm_mm_clean Zheng Qixing (2): md/md-bitmap: fix stats collection for external bitmaps block: fix resource leak in blk_register_queue() error path

6 months, 3 weeks

1
1
0 0

Linux 6.6.88

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.88 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml | 3 Documentation/devicetree/bindings/arm/qcom,coresight-tpdm.yaml | 3 Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml | 2 Documentation/netlink/specs/rt_link.yaml | 14 MAINTAINERS | 1 Makefile | 5 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/include/asm/cputype.h | 4 arch/arm64/include/asm/spectre.h | 1 arch/arm64/include/asm/tlbflush.h | 22 - arch/arm64/kernel/proton-pack.c | 218 +++++----- arch/arm64/kvm/arm.c | 6 arch/arm64/mm/mmu.c | 3 arch/loongarch/kernel/acpi.c | 12 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/kernel/cevt-ds1287.c | 1 arch/powerpc/kernel/rtas.c | 4 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/riscv/kernel/setup.c | 36 + arch/sparc/include/asm/pgtable_64.h | 2 arch/sparc/mm/tlb.c | 5 arch/x86/Kconfig | 1 arch/x86/boot/compressed/mem.c | 5 arch/x86/boot/compressed/sev.c | 67 --- arch/x86/boot/compressed/sev.h | 2 arch/x86/coco/tdx/tdx.c | 26 + arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 107 ---- arch/x86/include/asm/irqflags.h | 40 + arch/x86/include/asm/paravirt.h | 20 arch/x86/include/asm/paravirt_types.h | 3 arch/x86/include/asm/tdx.h | 4 arch/x86/include/asm/xen/hypervisor.h | 5 arch/x86/kernel/cpu/amd.c | 21 arch/x86/kernel/cpu/intel.c | 20 arch/x86/kernel/cpu/microcode/amd.c | 9 arch/x86/kernel/e820.c | 17 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/process.c | 2 arch/x86/kernel/signal_32.c | 62 +- arch/x86/kvm/cpuid.c | 8 arch/x86/kvm/x86.c | 4 arch/x86/mm/pat/set_memory.c | 6 arch/x86/platform/pvh/enlighten.c | 3 arch/x86/xen/enlighten.c | 10 arch/x86/xen/enlighten_pvh.c | 93 ++-- arch/x86/xen/setup.c | 3 block/blk-sysfs.c | 2 certs/Makefile | 2 certs/extract-cert.c | 138 +++--- drivers/acpi/platform_profile.c | 20 drivers/ata/ahci.c | 2 drivers/ata/libata-eh.c | 11 drivers/ata/libata-sata.c | 15 drivers/ata/pata_pxa.c | 6 drivers/ata/sata_sx4.c | 13 drivers/base/devres.c | 7 drivers/block/loop.c | 7 drivers/bluetooth/btqca.c | 13 drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_ldisc.c | 19 drivers/bluetooth/hci_uart.h | 1 drivers/bluetooth/hci_vhci.c | 10 drivers/bus/mhi/host/main.c | 16 drivers/char/tpm/tpm-chip.c | 5 drivers/char/tpm/tpm-interface.c | 7 drivers/char/tpm/tpm_tis_core.c | 20 drivers/char/tpm/tpm_tis_core.h | 1 drivers/clk/qcom/clk-branch.c | 4 drivers/clk/qcom/gdsc.c | 61 +- drivers/clocksource/timer-stm32-lp.c | 4 drivers/cpufreq/cpufreq.c | 8 drivers/crypto/caam/qi.c | 6 drivers/crypto/ccp/sp-pci.c | 15 drivers/firmware/efi/libstub/efistub.h | 2 drivers/gpio/gpio-tegra186.c | 27 - drivers/gpio/gpio-zynq.c | 1 drivers/gpu/drm/Kconfig | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 drivers/gpu/drm/amd/display/dc/dc.h | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 - drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 2 drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 drivers/gpu/drm/drm_atomic_helper.c | 2 drivers/gpu/drm/drm_panel.c | 5 drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++ drivers/gpu/drm/i915/gt/intel_engine_cs.c | 3 drivers/gpu/drm/i915/gt/intel_mocs.c | 4 drivers/gpu/drm/i915/gt/intel_rc6.c | 19 drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 drivers/gpu/drm/i915/gvt/opregion.c | 7 drivers/gpu/drm/i915/i915_debugfs.c | 2 drivers/gpu/drm/i915/selftests/i915_selftest.c | 54 ++ drivers/gpu/drm/mediatek/mtk_dpi.c | 23 - drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 +-- drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 drivers/gpu/drm/tests/drm_kunit_helpers.c | 213 +++++++++ drivers/gpu/drm/tests/drm_modes_test.c | 22 + drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 drivers/gpu/drm/tiny/repaper.c | 4 drivers/hid/Kconfig | 14 drivers/hid/Makefile | 1 drivers/hid/hid-ids.h | 31 + drivers/hid/hid-universal-pidff.c | 197 +++++++++ drivers/hid/usbhid/hid-pidff.c | 173 +++++-- drivers/hsi/clients/ssi_protocol.c | 1 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i2c/i2c-atr.c | 2 drivers/i3c/master.c | 3 drivers/i3c/master/svc-i3c-master.c | 2 drivers/infiniband/core/cma.c | 4 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 drivers/iommu/iommufd/device.c | 18 drivers/iommu/mtk_iommu.c | 26 - drivers/leds/rgb/leds-qcom-lpg.c | 8 drivers/mailbox/tegra-hsp.c | 72 ++- drivers/md/dm-ebs-target.c | 7 drivers/md/dm-integrity.c | 3 drivers/md/dm-verity-target.c | 8 drivers/md/md-bitmap.c | 5 drivers/md/md.c | 22 - drivers/md/raid10.c | 1 drivers/media/common/siano/smsdvb-main.c | 2 drivers/media/i2c/adv748x/adv748x.h | 2 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/imx219.c | 13 drivers/media/i2c/ov7251.c | 4 drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp9_req_lat_if.c | 3 drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 drivers/media/rc/streamzap.c | 68 +-- drivers/media/test-drivers/vim2m.c | 6 drivers/media/test-drivers/visl/visl-core.c | 12 drivers/media/usb/uvc/uvc_driver.c | 9 drivers/media/v4l2-core/v4l2-dv-timings.c | 4 drivers/mfd/ene-kb3930.c | 2 drivers/misc/pci_endpoint_test.c | 6 drivers/mmc/host/dw_mmc.c | 94 ++++ drivers/mmc/host/dw_mmc.h | 27 + drivers/mtd/inftlcore.c | 9 drivers/mtd/mtdpstore.c | 12 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 drivers/mtd/nand/raw/r852.c | 3 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 30 + drivers/net/dsa/mv88e6xxx/devlink.c | 3 drivers/net/ethernet/amd/pds_core/debugfs.c | 5 drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/google/gve/gve_ethtool.c | 4 drivers/net/ethernet/intel/igc/igc.h | 1 drivers/net/ethernet/intel/igc/igc_defines.h | 6 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 113 +++-- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 19 drivers/net/ethernet/ti/am65-cpsw-nuss.h | 2 drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++--- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 drivers/net/phy/sfp.c | 2 drivers/net/ppp/ppp_synctty.c | 5 drivers/net/usb/asix_devices.c | 17 drivers/net/usb/cdc_ether.c | 7 drivers/net/usb/r8152.c | 6 drivers/net/usb/r8153_ecm.c | 6 drivers/net/wireless/ath/ath12k/dp_mon.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 42 + drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/mediatek/mt76/eeprom.c | 4 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 drivers/net/wireless/realtek/rtw89/core.c | 2 drivers/net/wireless/realtek/rtw89/core.h | 6 drivers/net/wireless/realtek/rtw89/pci.c | 10 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/ntb/ntb_transport.c | 2 drivers/nvme/host/rdma.c | 8 drivers/nvme/target/fc.c | 14 drivers/nvme/target/fcloop.c | 2 drivers/of/irq.c | 80 ++- drivers/pci/controller/pcie-brcmstb.c | 13 drivers/pci/controller/vmd.c | 12 drivers/pci/pci.c | 4 drivers/pci/probe.c | 5 drivers/perf/arm_pmu.c | 8 drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 drivers/pinctrl/qcom/pinctrl-msm.c | 12 drivers/platform/x86/asus-laptop.c | 9 drivers/ptp/ptp_ocp.c | 1 drivers/pwm/pwm-fsl-ftm.c | 6 drivers/pwm/pwm-mediatek.c | 8 drivers/pwm/pwm-rcar.c | 24 - drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 drivers/scsi/megaraid/megaraid_sas_base.c | 9 drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/st.c | 2 drivers/soc/samsung/exynos-chipid.c | 2 drivers/spi/spi-cadence-quadspi.c | 6 drivers/target/target_core_spc.c | 2 drivers/thermal/rockchip_thermal.c | 1 drivers/ufs/host/ufs-exynos.c | 6 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/vdpa/mlx5/core/mr.c | 7 drivers/video/backlight/led_bl.c | 5 drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 drivers/xen/balloon.c | 34 + drivers/xen/xenfs/xensyms.c | 4 fs/Kconfig | 1 fs/btrfs/disk-io.c | 12 fs/btrfs/inode.c | 6 fs/btrfs/super.c | 3 fs/btrfs/zoned.c | 6 fs/ext4/inode.c | 68 ++- fs/ext4/namei.c | 2 fs/ext4/super.c | 17 fs/ext4/xattr.c | 11 fs/f2fs/checkpoint.c | 21 fs/f2fs/f2fs.h | 32 + fs/f2fs/inode.c | 8 fs/f2fs/node.c | 110 +---- fs/f2fs/super.c | 4 fs/file.c | 26 - fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/jbd2/journal.c | 1 fs/jfs/jfs_dmap.c | 10 fs/jfs/jfs_imap.c | 4 fs/namespace.c | 3 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 7 fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/overlayfs/overlayfs.h | 2 fs/overlayfs/super.c | 5 fs/smb/client/cifsproto.h | 2 fs/smb/client/connect.c | 36 - fs/smb/client/file.c | 28 + fs/smb/client/fs_context.c | 5 fs/smb/client/inode.c | 10 fs/smb/client/reparse.c | 4 fs/smb/client/smb2misc.c | 9 fs/smb/server/oplock.c | 29 - fs/smb/server/oplock.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 3 fs/udf/inode.c | 1 fs/userfaultfd.c | 51 +- include/drm/drm_kunit_helpers.h | 28 + include/linux/backing-dev.h | 1 include/linux/hid.h | 9 include/linux/nfs.h | 7 include/linux/pgtable.h | 14 include/linux/rtnetlink.h | 22 + include/linux/tpm.h | 1 include/net/sctp/structs.h | 3 include/net/xdp.h | 9 include/uapi/linux/kfd_ioctl.h | 2 include/uapi/linux/landlock.h | 2 include/xen/interface/xen-mca.h | 2 io_uring/kbuf.c | 2 io_uring/net.c | 2 kernel/locking/lockdep.c | 3 kernel/sched/cpufreq_schedutil.c | 18 kernel/trace/ftrace.c | 8 kernel/trace/trace_events.c | 4 kernel/trace/trace_events_filter.c | 4 kernel/trace/trace_events_synth.c | 1 kernel/trace/trace_probe.c | 28 + lib/sg_split.c | 2 lib/string.c | 13 lib/zstd/common/portability_macros.h | 2 mm/filemap.c | 1 mm/gup.c | 4 mm/hugetlb.c | 2 mm/memory-failure.c | 11 mm/memory.c | 4 mm/mremap.c | 10 mm/page_vma_mapped.c | 13 mm/rmap.c | 2 mm/vmscan.c | 2 net/8021q/vlan_dev.c | 31 - net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_core.c | 21 net/bridge/br_vlan.c | 4 net/core/filter.c | 80 ++- net/core/page_pool.c | 8 net/dsa/dsa.c | 59 ++ net/dsa/tag_8021q.c | 2 net/ethtool/netlink.c | 8 net/ipv6/route.c | 8 net/mac80211/iface.c | 3 net/mac80211/mesh_hwmp.c | 14 net/mctp/af_mctp.c | 3 net/mptcp/sockopt.c | 28 + net/mptcp/subflow.c | 19 net/netfilter/nft_set_pipapo_avx2.c | 3 net/openvswitch/flow_netlink.c | 3 net/sched/cls_api.c | 74 ++- net/sched/sch_codel.c | 5 net/sched/sch_fq_codel.c | 6 net/sched/sch_sfq.c | 66 ++- net/sctp/socket.c | 22 - net/sctp/transport.c | 2 net/tipc/link.c | 1 net/tls/tls_main.c | 6 scripts/sign-file.c | 132 +++--- scripts/ssl-common.h | 32 + security/landlock/errata.h | 87 +++ security/landlock/setup.c | 30 + security/landlock/setup.h | 3 security/landlock/syscalls.c | 22 - sound/pci/hda/hda_intel.c | 44 +- sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 14 sound/soc/codecs/cs42l43-jack.c | 3 sound/soc/codecs/lpass-wsa-macro.c | 117 +++-- sound/soc/dwc/dwc-i2s.c | 13 sound/soc/fsl/fsl_audmix.c | 16 sound/soc/intel/avs/pcm.c | 3 sound/soc/qcom/lpass.h | 3 sound/soc/qcom/qdsp6/q6apm-dai.c | 9 sound/soc/qcom/qdsp6/q6apm.c | 18 sound/soc/qcom/qdsp6/q6apm.h | 3 sound/soc/qcom/qdsp6/q6asm-dai.c | 19 sound/soc/sof/topology.c | 4 sound/usb/midi.c | 80 +++ tools/objtool/check.c | 5 tools/power/cpupower/bench/parse.c | 4 tools/testing/ktest/ktest.pl | 8 tools/testing/kunit/qemu_configs/sh.py | 4 tools/testing/radix-tree/linux.c | 4 tools/testing/selftests/futex/functional/futex_wait_wouldblock.c | 2 tools/testing/selftests/landlock/base_test.c | 46 ++ tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2 tools/testing/selftests/net/mptcp/diag.sh | 23 - tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 19 tools/testing/selftests/net/mptcp/mptcp_join.sh | 20 tools/testing/selftests/net/mptcp/mptcp_lib.sh | 18 tools/testing/selftests/net/mptcp/simult_flows.sh | 19 376 files changed, 4203 insertions(+), 1859 deletions(-) Abdun Nihaal (5): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work pds_core: fix memory leak in pdsc_debugfs_add_qcq() net: ngbe: fix memory leak in ngbe_probe() error path cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Abel Vesa (2): leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abhinav Kumar (1): drm: allow encoder mode_set even when connectors change for crtc Ajit Pandey (1): clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Akhil P Oommen (1): drm/msm/a6xx: Fix stale rpmh votes from GPU Alain Volmat (1): dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Alex Williamson (1): Revert "PCI: Avoid reset when disabled via sysfs" Alexander Sverdlin (1): net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np Alexandra Diupina (1): cifs: avoid NULL pointer dereference in dbg call Alexandre Torgue (1): clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Alexey Klimov (1): ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrew Wyatt (5): drm: panel-orientation-quirks: Add support for AYANEO 2S drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB drm: panel-orientation-quirks: Add quirk for AYA NEO Slide drm: panel-orientation-quirks: Add new quirk for GPD Win 2 drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andy Shevchenko (1): i2c: atr: Fix wrong include AngeloGioacchino Del Regno (2): drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Ard Biesheuvel (1): x86/boot/sev: Avoid shared GHCB page for early memory acceptance Arnaud Lecomte (1): net: ppp: Add bound checking for skb data on ppp_sync_txmung Arnd Bergmann (2): media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline Arseniy Krasnov (2): Bluetooth: hci_uart: fix race during initialization Bluetooth: hci_uart: Fix another race during initialization Artem Sadovnikov (1): ext4: fix off-by-one error in do_split Ayush Jain (1): ktest: Fix Test Failures Due to Missing LOG_FILE Directories Badal Nilawar (1): drm/i915: Disable RPG during live selftest Baoquan He (1): mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Bhupesh (1): ext4: ignore xattrs past end Birger Koblitz (1): net: sfp: add quirk for 2.5G OEM BX SFP Björn Töpel (1): riscv: Properly export reserved regions in /proc/iomem Bo-Cun Chen (2): net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Boqun Feng (1): locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Boris Burkov (1): btrfs: fix qgroup reserve leaks in cow_file_range Borislav Petkov (AMD) (1): x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Brady Norander (1): ASoC: dwc: always enable/disable i2s irqs Brendan Tam (1): drm/amd/display: add workaround flag to link to force FFE preset Bryan O'Donoghue (2): clk: qcom: gdsc: Release pm subdomains in reverse add order clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Chandrakanth Patil (1): scsi: megaraid_sas: Block zero-length ATA VPD inquiry Chao Yu (3): f2fs: don't retry IO for corrupted data scenario f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Revert "f2fs: rebuild nat_bits during umount" Chaohai Chen (1): scsi: target: spc: Fix RSOC parameter data header size Charles Keepax (1): ASoC: cs42l43: Reset clamp override on jack removal Chen-Yu Tsai (1): arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chenyuan Yang (3): net: libwx: handle page_pool_dev_alloc_pages error soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() mfd: ene-kb3930: Fix a potential NULL pointer dereference Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Christian König (1): drm/amdgpu: grab an additional reference on the gang fence v2 Christopher S M Hall (6): igc: fix PTM cycle trigger logic igc: increase wait time before retrying PTM igc: move ktime snapshot into PTM retry loop igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails igc: add lock preventing multiple simultaneous PTM transactions Chunguang.xu (1): nvme-rdma: unquiesce admin_q before destroy it Chunjie Zhu (1): smb3 client: fix open hardlink on deferred close file error Cong Liu (1): selftests: mptcp: fix incorrect fd checks in main_loop Cong Wang (1): codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Dan Carpenter (2): Bluetooth: btrtl: Prevent potential NULL dereference usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Daniel Kral (1): ahci: add PCI ID for Marvell 88SE9215 SATA Controller Daniel Wagner (1): nvmet-fcloop: swap list_add_tail arguments Daniele Ceraolo Spurio (1): drm/i915/dg2: wait for HuC load completion before running selftests Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records David Hildenbrand (1): mm/rmap: reject hugetlb folios in folio_make_device_exclusive() David Yat Sin (1): drm/amdkfd: clamp queue size to minimum Denis Arefev (8): asus-laptop: Fix an uninitialized variable ksmbd: Prevent integer overflow in calculation of deadtime drm/amd/pm: Prevent division by zero drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/smu11: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Dmitry Baryshkov (1): Bluetooth: qca: simplify WCN399x NVM loading Douglas Anderson (6): arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD arm64: cputype: Add MIDR_CORTEX_A76AE arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Edward Adam Davis (3): jfs: Prevent copying of nlink with value 0 from disk inode jfs: add sanity check for agwidth in dbMount isofs: Prevent the use of too small fid Edward Liaw (1): selftests/futex: futex_waitv wouldblock test should fail Eric Biggers (1): nfs: add missing selections of CONFIG_CRC32 Evgeny Pimenov (1): ASoC: qcom: Fix sc7280 lpass potential buffer overflow Fedor Pchelkin (1): ntb: use 64-bit arithmetic for the MSI doorbell mask Filipe Manana (1): btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Florian Westphal (1): nft_set_pipapo: fix incorrect avx2 match of 5th field octet Frédéric Danis (2): Bluetooth: l2cap: Check encryption key size on incoming connection Bluetooth: l2cap: Process valid commands in too long frame GONG Ruiqi (1): usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Gabriele Paoloni (1): tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Gang Yan (1): mptcp: fix NULL pointer in can_accept_new_subflow Gavrilov Ilia (1): wifi: mac80211: fix integer overflow in hwmp_route_info_get() Geliang Tang (2): selftests: mptcp: close fd_in before returning in main_loop selftests: mptcp: add mptcp_lib_wait_local_port_listen Giuseppe Scrivano (1): ovl: remove unused forward declaration Greg Kroah-Hartman (1): Linux 6.6.88 Guixin Liu (1): gpio: tegra186: fix resource handling in ACPI probe path Haisu Wang (1): btrfs: fix the length of reserved qgroup to free Hamza Mahfooz (1): efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 Haoxiang Li (1): wifi: mt76: Add check for devm_kstrdup() Hariprasad Kelam (1): octeontx2-pf: qos: fix VF root node parent queue index Harish Chegondi (1): drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ Henry Martin (2): ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Herbert Xu (1): crypto: caam/qi - Fix drv_ctx refcount bug Hersen Wu (1): drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Herve Codina (1): backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Icenowy Zheng (1): wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Ido Schimmel (1): ipv6: Align behavior across nexthops during path selection Ilya Maximets (1): net: openvswitch: fix nested key length validation in the set() action Ingo Molnar (1): zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Jakub Kicinski (3): net: tls: explicitly disallow disconnect netlink: specs: rt-link: add an attr layer around alt-ifname netlink: specs: rt-link: adjust mctp attribute naming Jamal Hadi Salim (1): rtnl: add helper to check if rtnl group has listeners Jan Beulich (1): xenfs/xensyms: respect hypervisor's "next" indication Jan Kara (2): udf: Fix inode_getblk() return value jbd2: remove wrong sb->s_sequence check Jan Stancek (3): sign-file,extract-cert: move common SSL helper functions to a header sign-file,extract-cert: avoid using deprecated ERR_get_error_line() sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jane Chu (1): mm: make page_mapped_in_vma() hugetlb walk aware Jani Nikula (2): drm/i915/mocs: use to_gt() instead of direct &i915->gt drm/i915/gvt: fix unterminated-string-initialization warning Jann Horn (1): ext4: don't treat fhandle lookup of ea_inode as FS corruption Janusz Krzysztofik (1): drm/i915/huc: Fix fence not released on early probe errors Jason Xing (1): page_pool: avoid infinite loop to schedule delayed worker Jeff Hugo (1): bus: mhi: host: Fix race between unprepare and queue_buf Jens Axboe (1): io_uring/kbuf: reject zero sized provided buffers Jiasheng Jiang (4): media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization media: platform: stm32: Add check for clk_enable() mtd: Add check for devm_kcalloc() mtd: Replace kcalloc() with devm_kcalloc() Jinjie Ruan (1): drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Johannes Thumshirn (2): btrfs: zoned: fix zone activation with missing devices btrfs: zoned: fix zone finishing with missing devices Jonas Gorski (2): net: b53: enable BPDU reception for management port net: bridge: switchdev: do not notify new brentries as changed Jonathan McDowell (2): tpm, tpm_tis: Workaround failed command reception on Infineon devices tpm, tpm_tis: Fix timeout handling when waiting for TPM status Josh Poimboeuf (2): objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Joshua Washington (1): gve: handle overflow when reporting TX consumed descriptors Kai Mäkisara (1): scsi: st: Fix array overflow in st_setup() Kaixin Wang (1): HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Kamal Dasu (1): mtd: rawnand: brcmnand: fix PM resume warning Kan Liang (3): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Karina Yankevich (1): media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Karolina Stolarek (1): drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled Kartik Rajput (1): mailbox: tegra-hsp: Define dimensioning masks in SoC data Kaustabh Chakraborty (1): mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Kees Cook (2): xen/mcelog: Add __nonstring annotations for unterminated strings Bluetooth: vhci: Avoid needless snprintf() calls Kirill A. Shutemov (2): x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT mm: fix apply_to_existing_page_range() Krzysztof Kozlowski (3): dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' gpio: zynq: Fix wakeup source leaks on device unbind Kunihiko Hayashi (3): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kuniyuki Iwashima (2): Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Revert "smb: client: fix TCP timers deadlock after rmmod" Leonid Arapov (1): fbdev: omapfb: Add 'plane' value check Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Lorenzo Stoakes (1): mm/mremap: correctly handle partial mremap() of VMA starting at 0 Louis-Alexis Eyraud (1): iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Luca Ceresoli (1): drm/bridge: panel: forbid initializing a panel with unknown connector type Lucas De Marchi (1): drivers: base: devres: Allow to release group on device release Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Ma Ke (1): PCI: Fix reference leak in pci_alloc_child_bus() Maksim Davydov (1): x86/split_lock: Fix the delayed detection logic Manish Dharanenthiran (1): wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Manjunatha Venkatesh (1): i3c: Add NULL pointer check in i3c_master_queue_ibi() Marc Herbert (1): mm/hugetlb: move hugetlb_sysctl_init() to the __init section Marek Behún (1): net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Mario Limonciello (1): drm/amd: Handle being compiled without SI or CIK support better Mark Brown (1): selftests/mm: generate a temporary mountpoint for cgroup filesystem Mark Rutland (1): perf: arm_pmu: Don't disable counter in armpmu_add() Masami Hiramatsu (Google) (1): tracing: probe-events: Add comments about entry data storing code Mateusz Guzik (1): fs: consistently deref the files table with rcu_dereference_raw() Mathieu Desnoyers (1): mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Matt Johnston (1): net: mctp: Set SOCK_RCU_FREE Matthew Auld (1): drm/amdgpu/dma_buf: fix page_link check Matthew Majewski (1): media: vim2m: print device name after registering device Matthew Wilcox (Oracle) (2): x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW test suite: use %zu to print size_t Matthieu Baerts (NGI0) (3): mptcp: sockopt: fix getting IPV6_V6ONLY mptcp: only inc MPJoinAckHMacFailure for HMAC failures mptcp: sockopt: fix getting freebind & transparent Max Grobecker (1): x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Max Schulze (1): net: usb: asix_devices: add FiberGecko DeviceID Maxim Mikityanskiy (2): ALSA: hda: intel: Fix Optimus when GPU has no sound ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxime Chevallier (1): net: ethtool: Don't call .cleanup_data when prepare_data fails Maxime Ripard (8): drm/tests: modeset: Fix drm_display_mode memory leak drm/tests: helpers: Add atomic helpers drm/tests: Add helper to create mock plane drm/tests: Add helper to create mock crtc drm/tests: helpers: Create kunit helper to destroy a drm_display_mode drm/tests: cmdline: Fix drm_display_mode memory leak drm/tests: modes: Fix drm_display_mode memory leak drm/tests: probe-helper: Fix drm_display_mode memory leak Meghana Malladi (3): net: ti: icss-iep: Add pwidth configuration for perout signal net: ti: icss-iep: Add phase offset configuration for perout signal net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Menglong Dong (1): ftrace: fix incorrect hash size in register_ftrace_direct() Miaoqian Lin (1): scsi: iscsi: Fix missing scsi_host_put() in error path Michael Walle (1): net: ethernet: ti: am65-cpsw: fix port_np reference counting Mickaël Salaün (1): landlock: Add the errata interface Miklos Szeredi (1): ovl: don't allow datadir only Mikulas Patocka (3): dm-ebs: fix prefetch-vs-suspend race dm-integrity: set ti->error on memory allocation failure dm-verity: fix prefetch-vs-suspend race Miquel Raynal (1): spi: cadence-qspi: Fix probe on AM62A LP SK Murad Masimov (1): media: streamzap: prevent processing IR data on URB failure Myrrh Periwinkle (1): x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Namjae Jeon (2): ksmbd: fix use-after-free in smb_break_all_levII_oplock() ksmbd: fix the warning from __kernel_write_iter Nathan Chancellor (3): ACPI: platform-profile: Fix CFI violation when accessing sysfs files riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' Nathan Lynch (1): powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Nicolas Dufresne (1): media: visl: Fix ERANGE error when setting enum controls Nicolin Chen (1): iommufd: Fix uninitialized rc in iommufd_access_rw() Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (2): ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode ata: libata-sata: Save all fields from sense data descriptor Niklas Söderlund (1): media: i2c: adv748x: Fix test pattern selection mask Octavian Purdila (2): net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation Ojaswin Mujoo (1): ext4: protect ext4_release_dquot against freezing P Praneesh (1): wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Pali Rohár (1): cifs: Ensure that all non-client-specific reparse points are processed by the server Pavel Begunkov (1): io_uring/net: fix accept multishot handling Pedro Tammela (1): net/sched: cls_api: conditional notification of events Peter Collingbourne (1): string: Add load_unaligned_zeropad() code path to sized_strscpy() Peter Griffin (1): scsi: ufs: exynos: Ensure consistent phy reference counts Peter Xu (1): mm/userfaultfd: fix release hang over concurrent GUP Philip Yang (3): drm/amdkfd: Fix mode1 reset crash issue drm/amdkfd: Fix pqm_destroy_queue race with GPU reset drm/amdkfd: debugfs hang_hws skip GPU with MES Philipp Hahn (1): cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Ping-Ke Shih (2): wifi: rtw89: pci: add pre_deinit to be called after probe complete wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Piotr Jaroszynski (1): Fix mmu notifiers for range-based invalidates Rafael J. Wysocki (2): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq: Reference count policy in cpufreq_update_limits() Rand Deeb (2): fs/jfs: cast inactags to s64 to prevent potential overflow fs/jfs: Prevent integer overflow in AG size calculation Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Ricard Wanderlof (1): ALSA: usb-audio: Fix CME quirk for UF series keyboards Ricardo Cañuelo Navarro (1): sctp: detect and prevent references to a freed transport in sendmsg Ricardo Ribalda (1): media: uvcvideo: Add quirk for Actions UVC05 Roger Pau Monne (3): x86/xen: fix balloon target initialization for PVH dom0 x86/xen: move xen_reserve_extra_memory() x86/xen: fix memblock_reserve() usage on PVH Rolf Eike Beer (1): drm/sti: remove duplicate object names Roman Smirnov (1): cifs: fix integer overflow in match_server() Ryan Roberts (3): sparc/mm: disable preemption in lazy mmu mode sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes mm: fix lazy mmu docs and usage Ryo Takakura (1): PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Sagi Maimon (1): ptp: ocp: fix start time alignment in ptp_ocp_signal_set Sakari Ailus (5): media: i2c: ccs: Set the device's runtime PM status correctly in remove media: i2c: ccs: Set the device's runtime PM status correctly in probe media: i2c: ov7251: Set enable GPIO low in probe media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO media: i2c: imx219: Rectify runtime PM handling in probe and remove Sandipan Das (1): x86/cpu/amd: Fix workaround for erratum 1054 Sean Christopherson (2): KVM: x86: Explicitly zero-initialize on-stack CPUID unions KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Heelan (1): ksmbd: Fix dangling pointer in krb_authenticate Sebastian Andrzej Siewior (1): xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Sharath Srinivasan (1): RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Shengjiu Wang (1): ASoC: fsl_audmix: register card device depends on 'dais' property Shuai Xue (1): mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Si-Wei Liu (1): vdpa/mlx5: Fix oversized null mkey longer than 32bit Srinivas Kandagatla (5): ASoC: q6apm: add q6apm_get_hw_pointer helper ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Stanimir Varbanov (1): PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Stanislav Fomichev (1): net: vlan: don't propagate flags on open Stanley Chu (1): i3c: master: svc: Use readsb helper for reading MDB Stefan Eichenberger (1): phy: freescale: imx8m-pcie: assert phy reset and perst in power off Stephan Gerhold (1): pinctrl: qcom: Clear latched interrupt status when changing IRQ type Steve French (1): smb311 client: fix missing tcon check when mounting with linux/posix extensions Steven Rostedt (2): tracing: Do not add length to print format in synthetic events tracing: Fix filter string testing Syed Saba kareem (1): ASoC: amd: yc: update quirk data for new Lenovo model T Pratham (1): lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Takashi Iwai (1): ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Taniya Das (1): clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Thadeu Lima de Souza Cascardo (2): tpm: do not start chip while suspended i2c: cros-ec-tunnel: defer probe if parent EC is not present Thomas Weißschuh (3): kunit: qemu_configs: SH: Respect kunit cmdline loop: properly send KOBJ_CHANGED uevent for disk device loop: LOOP_SET_FD: send uevents for partitions Toke Høiland-Jørgensen (1): tc: Ensure we have enough buffer space when sending filter netlink notifications Tom Lendacky (1): crypto: ccp - Fix check for the primary ASP device Tomasz Pakuła (10): HID: pidff: Convert infinite length from Linux API to PID standard HID: pidff: Do not send effect envelope if it's empty HID: pidff: Add MISSING_DELAY quirk and its detection HID: pidff: Add MISSING_PBO quirk and its detection HID: pidff: Add PERMISSIVE_CONTROL quirk HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol HID: pidff: Add FIX_WHEEL_DIRECTION quirk HID: Add hid-universal-pidff driver and supported device ids HID: pidff: Add PERIODIC_SINE_ONLY quirk HID: pidff: Fix null pointer dereference in pidff_find_fields Trevor Woerner (1): thermal/drivers/rockchip: Add missing rk3328 mapping entry Trond Myklebust (1): umount: Allow superblock owners to force umount Tung Nguyen (1): tipc: fix memory leak in tipc_link_xmit Uwe Kleine-König (2): pwm: rcar: Improve register calculation pwm: fsl-ftm: Handle clk_get_rate() returning 0 Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Victor Nogueira (1): rtnl: add helper to check if a notification is needed Vikash Garodia (4): media: venus: hfi: add a check to handle OOB in sfr region media: venus: hfi: add check to handle incorrect queue size media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic Vishal Annapurve (1): x86/tdx: Fix arch_safe_halt() execution for TDX VMs Vishal Moola (Oracle) (1): mm: fix filemap_get_folios_contig returning batches of identical folios Vladimir Oltean (5): net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported net: dsa: clean up FDB, MDB, VLAN entries on unbind net: dsa: free routing table on probe failure net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Wentao Liang (4): ata: sata_sx4: Add error handling in pdc20621_i2c_read() drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() mtd: inftlcore: Add error check for inftl_read_oob() mtd: rawnand: Add status chack in r852_ready() Will Deacon (1): KVM: arm64: Tear down vGIC on failed vCPU creation Willem de Bruijn (1): bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xin Li (Intel) (1): x86/ia32: Leave NULL selector values 0~3 unchanged Xingui Yang (1): scsi: hisi_sas: Enable force phy when SATA disk directly connected Yeongjin Gil (1): f2fs: fix to avoid atomicity corruption of atomic file Yi Liu (1): iommufd: Fail replace if device has not been attached Yu Kuai (2): md/raid10: fix missing discard IO accounting md: fix mddev uaf while iterating all_mddevs list Yu-Chun Lin (1): drm/tests: helpers: Fix compiler warning Yuan Can (1): media: siano: Fix error handling in smsdvb_module_init() Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yuli Wang (1): LoongArch: Eliminate superfluous get_numa_distances_cnt() Zhang Heng (1): ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Zheng Qixing (2): md/md-bitmap: fix stats collection for external bitmaps block: fix resource leak in blk_register_queue() error path Zhenhua Huang (1): arm64: mm: Correct the update of max_pfn Zhikai Zhai (1): drm/amd/display: Update Cursor request mode to the beginning prefetch always Zhongqiu Han (2): pm: cpupower: bench: Prevent NULL dereference on malloc failure jfs: Fix uninit-value access of imap allocated in the diMount() function Zijun Hu (5): of/irq: Fix device node refcount leakage in API of_irq_parse_one() of/irq: Fix device node refcount leakage in API of_irq_parse_raw() of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() keenplify (1): ASoC: amd: Add DMI quirk for ACP6X mic support zhoumin (1): ftrace: Add cond_resched() to ftrace_graph_set_hash()

6 months, 3 weeks

1
1
0 0

Linux 6.1.135

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.135 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 1 Makefile | 5 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/include/asm/cputype.h | 4 arch/arm64/include/asm/fpsimd.h | 4 arch/arm64/include/asm/kvm_host.h | 19 arch/arm64/include/asm/kvm_hyp.h | 1 arch/arm64/include/asm/processor.h | 7 arch/arm64/include/asm/spectre.h | 1 arch/arm64/kernel/fpsimd.c | 69 ++- arch/arm64/kernel/process.c | 2 arch/arm64/kernel/proton-pack.c | 218 +++++----- arch/arm64/kernel/ptrace.c | 3 arch/arm64/kernel/signal.c | 7 arch/arm64/kvm/arm.c | 7 arch/arm64/kvm/fpsimd.c | 92 +--- arch/arm64/kvm/hyp/entry.S | 5 arch/arm64/kvm/hyp/include/hyp/switch.h | 106 +++- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 arch/arm64/kvm/hyp/nvhe/pkvm.c | 17 arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++-- arch/arm64/kvm/hyp/vhe/switch.c | 12 arch/arm64/kvm/reset.c | 3 arch/arm64/mm/mmu.c | 3 arch/loongarch/kernel/acpi.c | 12 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/net/bpf_jit.h | 5 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/kernel/cevt-ds1287.c | 1 arch/powerpc/kernel/rtas.c | 4 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/riscv/kernel/setup.c | 36 + arch/sparc/mm/tlb.c | 5 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 107 ---- arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/intel.c | 20 arch/x86/kernel/e820.c | 17 arch/x86/kvm/x86.c | 4 arch/x86/platform/pvh/head.S | 7 block/blk-cgroup.c | 24 - block/blk-cgroup.h | 1 block/blk-iocost.c | 7 certs/Makefile | 2 certs/extract-cert.c | 138 +++--- drivers/acpi/platform_profile.c | 20 drivers/ata/ahci.c | 2 drivers/ata/libata-eh.c | 11 drivers/ata/pata_pxa.c | 6 drivers/ata/sata_sx4.c | 13 drivers/base/devres.c | 7 drivers/block/loop.c | 7 drivers/bluetooth/btqca.c | 13 drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_ldisc.c | 19 drivers/bluetooth/hci_uart.h | 1 drivers/bus/mhi/host/main.c | 16 drivers/char/tpm/tpm_tis_core.c | 20 drivers/char/tpm/tpm_tis_core.h | 1 drivers/clk/qcom/gdsc.c | 61 +- drivers/clocksource/timer-stm32-lp.c | 4 drivers/cpufreq/cpufreq.c | 8 drivers/crypto/caam/qi.c | 6 drivers/crypto/ccp/sp-pci.c | 15 drivers/gpio/gpio-tegra186.c | 27 - drivers/gpio/gpio-zynq.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 - drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 drivers/gpu/drm/drm_atomic_helper.c | 2 drivers/gpu/drm/drm_panel.c | 5 drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++ drivers/gpu/drm/i915/gvt/opregion.c | 7 drivers/gpu/drm/mediatek/mtk_dpi.c | 23 - drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 +-- drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/hid/usbhid/hid-pidff.c | 60 +- drivers/hsi/clients/ssi_protocol.c | 1 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i3c/master.c | 3 drivers/i3c/master/svc-i3c-master.c | 2 drivers/infiniband/core/cma.c | 4 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 drivers/iommu/mtk_iommu.c | 26 - drivers/md/dm-ebs-target.c | 7 drivers/md/dm-integrity.c | 3 drivers/md/dm-verity-target.c | 8 drivers/md/md-bitmap.c | 5 drivers/md/md.c | 50 +- drivers/md/raid10.c | 1 drivers/media/common/siano/smsdvb-main.c | 2 drivers/media/i2c/adv748x/adv748x.h | 2 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ov7251.c | 4 drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_req_lat_if.c | 3 drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 drivers/media/rc/streamzap.c | 68 +-- drivers/media/test-drivers/vim2m.c | 6 drivers/media/v4l2-core/v4l2-dv-timings.c | 4 drivers/mfd/ene-kb3930.c | 2 drivers/misc/pci_endpoint_test.c | 6 drivers/mmc/host/dw_mmc.c | 94 ++++ drivers/mmc/host/dw_mmc.h | 27 + drivers/mtd/inftlcore.c | 9 drivers/mtd/mtdpstore.c | 12 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 drivers/mtd/nand/raw/r852.c | 3 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 30 + drivers/net/dsa/mv88e6xxx/devlink.c | 3 drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/google/gve/gve_ethtool.c | 4 drivers/net/ethernet/intel/igc/igc_defines.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 93 ++-- drivers/net/ppp/ppp_synctty.c | 5 drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/mediatek/mt76/eeprom.c | 4 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/ntb/ntb_transport.c | 2 drivers/nvme/target/fc.c | 14 drivers/nvme/target/fcloop.c | 2 drivers/of/irq.c | 80 ++- drivers/pci/controller/pcie-brcmstb.c | 13 drivers/pci/controller/vmd.c | 12 drivers/pci/pci.c | 4 drivers/pci/probe.c | 5 drivers/perf/arm_pmu.c | 8 drivers/pinctrl/qcom/pinctrl-msm.c | 12 drivers/platform/x86/asus-laptop.c | 9 drivers/ptp/ptp_ocp.c | 1 drivers/pwm/pwm-fsl-ftm.c | 6 drivers/pwm/pwm-mediatek.c | 8 drivers/pwm/pwm-rcar.c | 24 - drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 drivers/scsi/megaraid/megaraid_sas_base.c | 9 drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/st.c | 2 drivers/soc/samsung/exynos-chipid.c | 2 drivers/spi/spi-cadence-quadspi.c | 6 drivers/thermal/rockchip_thermal.c | 1 drivers/ufs/host/ufs-exynos.c | 6 drivers/vdpa/mlx5/core/mr.c | 7 drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 drivers/xen/swiotlb-xen.c | 2 drivers/xen/xenfs/xensyms.c | 4 fs/Kconfig | 1 fs/btrfs/disk-io.c | 12 fs/btrfs/inode.c | 6 fs/btrfs/super.c | 3 fs/btrfs/zoned.c | 6 fs/ext4/inode.c | 68 ++- fs/ext4/namei.c | 2 fs/ext4/super.c | 17 fs/ext4/xattr.c | 11 fs/f2fs/inode.c | 4 fs/f2fs/node.c | 9 fs/file.c | 26 - fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/jbd2/journal.c | 1 fs/jfs/jfs_dmap.c | 10 fs/jfs/jfs_imap.c | 4 fs/namespace.c | 3 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 22 - fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/smb/client/cifs_dfs_ref.c | 34 + fs/smb/client/cifsproto.h | 23 + fs/smb/client/connect.c | 2 fs/smb/client/dir.c | 21 fs/smb/client/file.c | 28 + fs/smb/client/fs_context.c | 5 fs/smb/client/smb2misc.c | 9 fs/smb/server/oplock.c | 2 fs/smb/server/smb2pdu.c | 6 fs/smb/server/transport_ipc.c | 7 fs/smb/server/vfs.c | 3 include/linux/backing-dev.h | 1 include/linux/bpf.h | 1 include/linux/nfs.h | 13 include/linux/rtnetlink.h | 22 + include/linux/tpm.h | 1 include/net/sctp/structs.h | 3 include/uapi/linux/kfd_ioctl.h | 2 include/uapi/linux/landlock.h | 2 include/xen/interface/xen-mca.h | 2 io_uring/kbuf.c | 2 io_uring/net.c | 2 kernel/bpf/core.c | 19 kernel/bpf/syscall.c | 17 kernel/locking/lockdep.c | 3 kernel/sched/cpufreq_schedutil.c | 18 kernel/trace/ftrace.c | 1 kernel/trace/trace_events.c | 4 kernel/trace/trace_events_filter.c | 4 lib/sg_split.c | 2 lib/string.c | 13 mm/filemap.c | 1 mm/gup.c | 6 mm/memory-failure.c | 11 mm/memory.c | 4 mm/rmap.c | 2 mm/vmscan.c | 2 net/8021q/vlan_dev.c | 31 - net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_core.c | 3 net/bridge/br_vlan.c | 4 net/core/filter.c | 80 ++- net/core/page_pool.c | 8 net/dsa/tag_8021q.c | 2 net/ethtool/netlink.c | 8 net/ipv6/route.c | 8 net/mac80211/iface.c | 3 net/mac80211/mesh_hwmp.c | 14 net/mctp/af_mctp.c | 3 net/mptcp/sockopt.c | 28 + net/mptcp/subflow.c | 19 net/netfilter/nft_set_pipapo_avx2.c | 3 net/openvswitch/flow_netlink.c | 3 net/sched/cls_api.c | 74 ++- net/sched/sch_codel.c | 5 net/sched/sch_fq_codel.c | 6 net/sched/sch_sfq.c | 66 ++- net/sctp/socket.c | 22 - net/sctp/transport.c | 2 net/tipc/link.c | 1 net/tls/tls_main.c | 6 scripts/sign-file.c | 132 +++--- scripts/ssl-common.h | 32 + security/landlock/errata.h | 87 +++ security/landlock/setup.c | 30 + security/landlock/setup.h | 3 security/landlock/syscalls.c | 22 - sound/pci/hda/hda_intel.c | 44 +- sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/lpass-wsa-macro.c | 117 +++-- sound/soc/fsl/fsl_audmix.c | 16 sound/soc/qcom/qdsp6/q6apm-dai.c | 9 sound/soc/qcom/qdsp6/q6asm-dai.c | 19 sound/usb/midi.c | 80 +++ tools/power/cpupower/bench/parse.c | 4 tools/testing/ktest/ktest.pl | 8 tools/testing/radix-tree/linux.c | 4 tools/testing/selftests/futex/functional/futex_wait_wouldblock.c | 2 tools/testing/selftests/landlock/base_test.c | 46 ++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 7 279 files changed, 2897 insertions(+), 1409 deletions(-) Abdun Nihaal (3): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Abhinav Kumar (1): drm: allow encoder mode_set even when connectors change for crtc Akhil P Oommen (1): drm/msm/a6xx: Fix stale rpmh votes from GPU Alex Williamson (2): Revert "PCI: Avoid reset when disabled via sysfs" mm: Fix is_zero_page() usage in try_grab_page() Alexandra Diupina (1): cifs: avoid NULL pointer dereference in dbg call Alexandre Torgue (1): clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Alexey Klimov (1): ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrew Wyatt (5): drm: panel-orientation-quirks: Add support for AYANEO 2S drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB drm: panel-orientation-quirks: Add quirk for AYA NEO Slide drm: panel-orientation-quirks: Add new quirk for GPD Win 2 drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrii Nakryiko (1): bpf: avoid holding freeze_mutex during mmap operation AngeloGioacchino Del Regno (2): drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Arnaud Lecomte (1): net: ppp: Add bound checking for skb data on ppp_sync_txmung Arnd Bergmann (1): media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline Arseniy Krasnov (2): Bluetooth: hci_uart: fix race during initialization Bluetooth: hci_uart: Fix another race during initialization Artem Sadovnikov (1): ext4: fix off-by-one error in do_split Ayush Jain (1): ktest: Fix Test Failures Due to Missing LOG_FILE Directories Baoquan He (1): mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Bhupesh (1): ext4: ignore xattrs past end Björn Töpel (1): riscv: Properly export reserved regions in /proc/iomem Boqun Feng (1): locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Boris Burkov (1): btrfs: fix qgroup reserve leaks in cow_file_range Bryan O'Donoghue (2): clk: qcom: gdsc: Release pm subdomains in reverse add order clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Chandrakanth Patil (1): scsi: megaraid_sas: Block zero-length ATA VPD inquiry Chao Yu (2): f2fs: don't retry IO for corrupted data scenario f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Chen-Yu Tsai (1): arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string ChenXiaoSong (1): smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chenyuan Yang (2): soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() mfd: ene-kb3930: Fix a potential NULL pointer dereference Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Christian König (1): drm/amdgpu: grab an additional reference on the gang fence v2 Christopher S M Hall (4): igc: fix PTM cycle trigger logic igc: move ktime snapshot into PTM retry loop igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails Chunjie Zhu (1): smb3 client: fix open hardlink on deferred close file error Cong Wang (1): codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Dan Carpenter (1): Bluetooth: btrtl: Prevent potential NULL dereference Daniel Kral (1): ahci: add PCI ID for Marvell 88SE9215 SATA Controller Daniel Wagner (1): nvmet-fcloop: swap list_add_tail arguments Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records David Hildenbrand (1): mm/rmap: reject hugetlb folios in folio_make_device_exclusive() David Yat Sin (1): drm/amdkfd: clamp queue size to minimum Denis Arefev (8): asus-laptop: Fix an uninitialized variable ksmbd: Prevent integer overflow in calculation of deadtime drm/amd/pm: Prevent division by zero drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/smu11: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Dmitry Baryshkov (1): Bluetooth: qca: simplify WCN399x NVM loading Douglas Anderson (6): arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD arm64: cputype: Add MIDR_CORTEX_A76AE arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Edward Adam Davis (3): jfs: Prevent copying of nlink with value 0 from disk inode jfs: add sanity check for agwidth in dbMount isofs: Prevent the use of too small fid Edward Liaw (1): selftests/futex: futex_waitv wouldblock test should fail Eric Biggers (1): nfs: add missing selections of CONFIG_CRC32 Fedor Pchelkin (1): ntb: use 64-bit arithmetic for the MSI doorbell mask Filipe Manana (1): btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Florian Westphal (1): nft_set_pipapo: fix incorrect avx2 match of 5th field octet Frédéric Danis (1): Bluetooth: l2cap: Check encryption key size on incoming connection Fuad Tabba (1): KVM: arm64: Calculate cptr_el2 traps on activating traps Gabriele Paoloni (1): tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Gang Yan (1): mptcp: fix NULL pointer in can_accept_new_subflow Gavrilov Ilia (1): wifi: mac80211: fix integer overflow in hwmp_route_info_get() Geliang Tang (1): selftests: mptcp: close fd_in before returning in main_loop Greg Kroah-Hartman (3): Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init" Revert "LoongArch: BPF: Fix off-by-one error in build_prologue()" Linux 6.1.135 Guixin Liu (1): gpio: tegra186: fix resource handling in ACPI probe path Haisu Wang (1): btrfs: fix the length of reserved qgroup to free Haoxiang Li (1): wifi: mt76: Add check for devm_kstrdup() Henry Martin (1): ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Herbert Xu (1): crypto: caam/qi - Fix drv_ctx refcount bug Hersen Wu (1): drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Icenowy Zheng (1): wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Ido Schimmel (1): ipv6: Align behavior across nexthops during path selection Ilya Maximets (1): net: openvswitch: fix nested key length validation in the set() action Jakub Kicinski (1): net: tls: explicitly disallow disconnect Jamal Hadi Salim (1): rtnl: add helper to check if rtnl group has listeners Jan Beulich (1): xenfs/xensyms: respect hypervisor's "next" indication Jan Kara (1): jbd2: remove wrong sb->s_sequence check Jan Stancek (3): sign-file,extract-cert: move common SSL helper functions to a header sign-file,extract-cert: avoid using deprecated ERR_get_error_line() sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jani Nikula (1): drm/i915/gvt: fix unterminated-string-initialization warning Jann Horn (1): ext4: don't treat fhandle lookup of ea_inode as FS corruption Jason Xing (1): page_pool: avoid infinite loop to schedule delayed worker Jeff Hugo (1): bus: mhi: host: Fix race between unprepare and queue_buf Jeff Layton (1): nfs: move nfs_fhandle_hash to common include file Jens Axboe (1): io_uring/kbuf: reject zero sized provided buffers Jiasheng Jiang (3): media: platform: stm32: Add check for clk_enable() mtd: Add check for devm_kcalloc() mtd: Replace kcalloc() with devm_kcalloc() Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Johannes Thumshirn (2): btrfs: zoned: fix zone activation with missing devices btrfs: zoned: fix zone finishing with missing devices Jonas Gorski (2): net: b53: enable BPDU reception for management port net: bridge: switchdev: do not notify new brentries as changed Jonathan McDowell (2): tpm, tpm_tis: Workaround failed command reception on Infineon devices tpm, tpm_tis: Fix timeout handling when waiting for TPM status Josh Poimboeuf (1): pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Joshua Washington (1): gve: handle overflow when reporting TX consumed descriptors Kai Mäkisara (1): scsi: st: Fix array overflow in st_setup() Kaixin Wang (1): HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Kamal Dasu (1): mtd: rawnand: brcmnand: fix PM resume warning Kan Liang (3): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Karina Yankevich (1): media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Kaustabh Chakraborty (1): mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Kees Cook (1): xen/mcelog: Add __nonstring annotations for unterminated strings Kirill A. Shutemov (1): mm: fix apply_to_existing_page_range() Krzysztof Kozlowski (1): gpio: zynq: Fix wakeup source leaks on device unbind Kunihiko Hayashi (3): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Leonid Arapov (1): fbdev: omapfb: Add 'plane' value check Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Li Nan (1): blk-iocost: do not WARN if iocg was already offlined Louis-Alexis Eyraud (1): iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Luca Ceresoli (1): drm/bridge: panel: forbid initializing a panel with unknown connector type Lucas De Marchi (1): drivers: base: devres: Allow to release group on device release Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Ma Ke (1): PCI: Fix reference leak in pci_alloc_child_bus() Maksim Davydov (1): x86/split_lock: Fix the delayed detection logic Manjunatha Venkatesh (1): i3c: Add NULL pointer check in i3c_master_queue_ibi() Marek Behún (1): net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Mario Limonciello (1): drm/amd: Handle being compiled without SI or CIK support better Mark Brown (4): KVM: arm64: Discard any SVE state when entering KVM guests arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE arm64/fpsimd: Have KVM explicitly say which FP registers to save arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM Mark Rutland (8): perf: arm_pmu: Don't disable counter in armpmu_add() KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN KVM: arm64: Refactor exit handlers KVM: arm64: Mark some header functions as inline KVM: arm64: Eagerly switch ZCR_EL{1,2} Mateusz Guzik (1): fs: consistently deref the files table with rcu_dereference_raw() Mathieu Desnoyers (1): mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Matt Johnston (1): net: mctp: Set SOCK_RCU_FREE Matthew Auld (1): drm/amdgpu/dma_buf: fix page_link check Matthew Majewski (1): media: vim2m: print device name after registering device Matthew Wilcox (Oracle) (1): test suite: use %zu to print size_t Matthieu Baerts (NGI0) (3): mptcp: sockopt: fix getting IPV6_V6ONLY mptcp: only inc MPJoinAckHMacFailure for HMAC failures mptcp: sockopt: fix getting freebind & transparent Max Grobecker (1): x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Maxim Mikityanskiy (2): ALSA: hda: intel: Fix Optimus when GPU has no sound ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxime Chevallier (1): net: ethtool: Don't call .cleanup_data when prepare_data fails Miaoqian Lin (1): scsi: iscsi: Fix missing scsi_host_put() in error path Mickaël Salaün (1): landlock: Add the errata interface Mikulas Patocka (3): dm-ebs: fix prefetch-vs-suspend race dm-integrity: set ti->error on memory allocation failure dm-verity: fix prefetch-vs-suspend race Miquel Raynal (1): spi: cadence-qspi: Fix probe on AM62A LP SK Murad Masimov (1): media: streamzap: prevent processing IR data on URB failure Myrrh Periwinkle (1): x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Namjae Jeon (1): ksmbd: fix the warning from __kernel_write_iter Nathan Chancellor (3): ACPI: platform-profile: Fix CFI violation when accessing sysfs files riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' Nathan Lynch (1): powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Niklas Söderlund (1): media: i2c: adv748x: Fix test pattern selection mask Octavian Purdila (2): net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation Ojaswin Mujoo (1): ext4: protect ext4_release_dquot against freezing Paulo Alcantara (1): cifs: use origin fullpath for automounts Pavel Begunkov (1): io_uring/net: fix accept multishot handling Pedro Tammela (1): net/sched: cls_api: conditional notification of events Peter Collingbourne (1): string: Add load_unaligned_zeropad() code path to sized_strscpy() Peter Griffin (1): scsi: ufs: exynos: Ensure consistent phy reference counts Philip Yang (2): drm/amdkfd: Fix mode1 reset crash issue drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Rafael J. Wysocki (2): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq: Reference count policy in cpufreq_update_limits() Rand Deeb (2): fs/jfs: cast inactags to s64 to prevent potential overflow fs/jfs: Prevent integer overflow in AG size calculation Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Ricard Wanderlof (1): ALSA: usb-audio: Fix CME quirk for UF series keyboards Ricardo Cañuelo Navarro (1): sctp: detect and prevent references to a freed transport in sendmsg Rolf Eike Beer (1): drm/sti: remove duplicate object names Roman Smirnov (1): cifs: fix integer overflow in match_server() Ryan Roberts (1): sparc/mm: disable preemption in lazy mmu mode Ryo Takakura (1): PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Sagi Maimon (1): ptp: ocp: fix start time alignment in ptp_ocp_signal_set Sakari Ailus (4): media: i2c: ccs: Set the device's runtime PM status correctly in remove media: i2c: ccs: Set the device's runtime PM status correctly in probe media: i2c: ov7251: Set enable GPIO low in probe media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sean Christopherson (1): KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Heelan (1): ksmbd: Fix dangling pointer in krb_authenticate Sharath Srinivasan (1): RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Shengjiu Wang (1): ASoC: fsl_audmix: register card device depends on 'dais' property Shuai Xue (1): mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Si-Wei Liu (1): vdpa/mlx5: Fix oversized null mkey longer than 32bit Srinivas Kandagatla (4): ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Stanimir Varbanov (1): PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Stanislav Fomichev (1): net: vlan: don't propagate flags on open Stanley Chu (1): i3c: master: svc: Use readsb helper for reading MDB Stephan Gerhold (1): pinctrl: qcom: Clear latched interrupt status when changing IRQ type Steve French (1): smb311 client: fix missing tcon check when mounting with linux/posix extensions Steven Rostedt (1): tracing: Fix filter string testing T Pratham (1): lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Takashi Iwai (1): ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model Taniya Das (1): clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Thomas Weißschuh (2): loop: properly send KOBJ_CHANGED uevent for disk device loop: LOOP_SET_FD: send uevents for partitions Toke Høiland-Jørgensen (1): tc: Ensure we have enough buffer space when sending filter netlink notifications Tom Lendacky (1): crypto: ccp - Fix check for the primary ASP device Tomasz Pakuła (3): HID: pidff: Convert infinite length from Linux API to PID standard HID: pidff: Do not send effect envelope if it's empty HID: pidff: Fix null pointer dereference in pidff_find_fields Trevor Woerner (1): thermal/drivers/rockchip: Add missing rk3328 mapping entry Trond Myklebust (1): umount: Allow superblock owners to force umount Tung Nguyen (1): tipc: fix memory leak in tipc_link_xmit Uwe Kleine-König (2): pwm: rcar: Improve register calculation pwm: fsl-ftm: Handle clk_get_rate() returning 0 Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Victor Nogueira (1): rtnl: add helper to check if a notification is needed Vikash Garodia (4): media: venus: hfi: add a check to handle OOB in sfr region media: venus: hfi: add check to handle incorrect queue size media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic Vishal Moola (Oracle) (1): mm: fix filemap_get_folios_contig returning batches of identical folios Vladimir Oltean (3): net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Wentao Liang (4): ata: sata_sx4: Add error handling in pdc20621_i2c_read() drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() mtd: inftlcore: Add error check for inftl_read_oob() mtd: rawnand: Add status chack in r852_ready() Will Deacon (1): KVM: arm64: Tear down vGIC on failed vCPU creation Willem de Bruijn (1): bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xingui Yang (1): scsi: hisi_sas: Enable force phy when SATA disk directly connected Xu Kuohai (1): bpf: Prevent tail call between progs attached to different hooks Yu Kuai (4): md/raid10: fix missing discard IO accounting blk-cgroup: support to track if policy is online md: factor out a helper from mddev_put() md: fix mddev uaf while iterating all_mddevs list Yuan Can (1): media: siano: Fix error handling in smsdvb_module_init() Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yuli Wang (1): LoongArch: Eliminate superfluous get_numa_distances_cnt() Zheng Qixing (1): md/md-bitmap: fix stats collection for external bitmaps Zhenhua Huang (1): arm64: mm: Correct the update of max_pfn Zhikai Zhai (1): drm/amd/display: Update Cursor request mode to the beginning prefetch always Zhongqiu Han (2): pm: cpupower: bench: Prevent NULL dereference on malloc failure jfs: Fix uninit-value access of imap allocated in the diMount() function Zijun Hu (5): of/irq: Fix device node refcount leakage in API of_irq_parse_one() of/irq: Fix device node refcount leakage in API of_irq_parse_raw() of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() keenplify (1): ASoC: amd: Add DMI quirk for ACP6X mic support zhoumin (1): ftrace: Add cond_resched() to ftrace_graph_set_hash()

6 months, 3 weeks

1
1
0 0

[PATCH v4 1/2] serial: sifive: lock port in startup()/shutdown() callbacks

by Ryo Takakura

startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS. The register is also accessed from write() callback. If console were printing and startup()/shutdown() callback gets called, its access to the register could be overwritten. Add port->lock to startup()/shutdown() callbacks to make sure their access to SIFIVE_SERIAL_IE_OFFS is synchronized against write() callback. Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/tty/serial/sifive.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c index 5904a2d4c..054a8e630 100644 --- a/drivers/tty/serial/sifive.c +++ b/drivers/tty/serial/sifive.c @@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state) static int sifive_serial_startup(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_enable_rxwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); return 0; } @@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port) static void sifive_serial_shutdown(struct uart_port *port) { struct sifive_serial_port *ssp = port_to_sifive_serial_port(port); + unsigned long flags; + uart_port_lock_irqsave(&ssp->port, &flags); __ssp_disable_rxwm(ssp); __ssp_disable_txwm(ssp); + uart_port_unlock_irqrestore(&ssp->port, flags); } /** -- 2.34.1

6 months, 3 weeks

4
7
0 0

Re: [PATCH 1/3 v5.4.y] dmaengine: ti: edma: Add support for handling reserved channels

by Greg KH

On Tue, Apr 22, 2025 at 07:33:03PM +0530, Hardik Gohil wrote: > > > > > I'm sorry, I have no idea what to do here :( > > > > please add all the patches 1/3,2/3 and 3/3 to v5.4.y. Please do not post in html format :( Anyway, I do not see patches 2/3 or 3/3 at all. Please resend them all as a full patch series, don't just give links. thanks, greg k-h

6 months, 3 weeks

3
16
0 0

[PATCH v2] media: ov2740: Move pm-runtime cleanup on probe-errors to proper place

by Hans de Goede

When v4l2_subdev_init_finalize() fails no changes have been made to the runtime-pm device state yet, so the probe_error_media_entity_cleanup rollback path should not touch the runtime-pm device state. Instead this should be done from the probe_error_v4l2_subdev_cleanup rollback path. Note the pm_runtime_xxx() calls are put above the v4l2_subdev_cleanup() call to have the reverse call order of probe(). Fixes: 289c25923ecd ("media: ov2740: Use sub-device active state") Cc: stable(a)vger.kernel.org Reviewed-by: Bingbu Cao <bingbu.cao(a)intel.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Changes in v2: - Add Fixes: tag --- drivers/media/i2c/ov2740.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/i2c/ov2740.c b/drivers/media/i2c/ov2740.c index 80d151e8ae29..6cf461e3373c 100644 --- a/drivers/media/i2c/ov2740.c +++ b/drivers/media/i2c/ov2740.c @@ -1456,12 +1456,12 @@ static int ov2740_probe(struct i2c_client *client) return 0; probe_error_v4l2_subdev_cleanup: + pm_runtime_disable(&client->dev); + pm_runtime_set_suspended(&client->dev); v4l2_subdev_cleanup(&ov2740->sd); probe_error_media_entity_cleanup: media_entity_cleanup(&ov2740->sd.entity); - pm_runtime_disable(&client->dev); - pm_runtime_set_suspended(&client->dev); probe_error_v4l2_ctrl_handler_free: v4l2_ctrl_handler_free(ov2740->sd.ctrl_handler); -- 2.49.0

6 months, 3 weeks

2
1
0 0

[PATCH] wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

by Ladislav Michl

From: Ladislav Michl <ladis(a)triops.cz> corresponding upstream commit 3e5e4a801aaf4283390cc34959c6c48f910ca5ea When removing kernel modules driver uses skb_queue_purge() to purge TX skb, but not report tx status causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue() to correct this. As upstream commit mentioned above does not apply on linux-6.1.y tree it has been rewritten. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4072 at net/mac80211/main.c:1506 ieee80211_free_ack_frame+0x74/0xa0 [mac80211] Have pending ack frames! Modules linked in: rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core mac80211 libarc4 cfg80211 qmi_wwan usbnet mii cdc_acm [last unloaded: cfg80211] CPU: 0 PID: 4072 Comm: sh Not tainted 6.1.104 #2 Stack : 0000000000000000 000000000000068d 0000000000000008 000b24caa995d315 000b24caa995d315 0000000000000000 8000000002813958 ffffffff818f4a30 ffffffff81a673c8 0000000000000001 0000000000000001 0000000000000000 00000000000817bd 0000000000000010 ffffffff817f3720 0000000000000002 800000000281384f ffffffff81a20000 ffffffff818f4a30 0000000000000009 ffffffff81a20000 8000000003a41df8 ffffffff81a20000 0000000000000001 8000000002651570 8000000082813847 ffffffff8143a6c0 0000000000000000 ffffffff81b10000 8000000002810000 8000000002813950 0000000000000030 ffffffff817ca460 0000000000000000 ffffffff818f4a30 ffffffff817ca3e0 0000000000000001 ffffffff818f4a30 ffffffff811198b8 0000000000000000 ... Call Trace: [<ffffffff811198b8>] show_stack+0x38/0x118 [<ffffffff817ca460>] dump_stack_lvl+0x30/0x54 [<ffffffff81130f6c>] __warn+0x9c/0xe4 [<ffffffff81131054>] warn_slowpath_fmt+0xa0/0xd4 [<ffffffffc02770ec>] ieee80211_free_ack_frame+0x74/0xa0 [mac80211] [<ffffffff817ccfd8>] idr_for_each+0x88/0x150 [<ffffffffc0277538>] ieee80211_free_hw+0x48/0xf8 [mac80211] [<ffffffff813f2a54>] pci_device_remove+0x2c/0x78 [<ffffffff8144c7dc>] device_release_driver_internal+0x1e4/0x288 [<ffffffff813e8998>] pci_stop_bus_device+0x88/0xb8 [<ffffffff813e8a84>] pci_stop_and_remove_bus_device_locked+0x1c/0x38 [<ffffffff813f52d0>] remove_store+0xa0/0xb0 [<ffffffff81279be4>] kernfs_fop_write_iter+0x10c/0x230 [<ffffffff811fc49c>] vfs_write+0x1cc/0x388 [<ffffffff811fc7f8>] ksys_write+0x78/0x120 [<ffffffff81121420>] syscall_common+0x34/0x58 ---[ end trace 0000000000000000 ]--- Cc: stable(a)vger.kernel.org # 6.1.x: 53bc1b7: wifi: mac80211: export ieee80211_purge_tx_queue() for drivers Cc: stable(a)vger.kernel.org # 6.1.x Cc: Ping-Ke Shih <pkshih(a)realtek.com> Signed-off-by: Ladislav Michl <ladis(a)triops.cz> --- drivers/net/wireless/realtek/rtw88/main.c | 2 +- drivers/net/wireless/realtek/rtw88/tx.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw88/main.c b/drivers/net/wireless/realtek/rtw88/main.c index 4620a0d5c77b..7c390c2c608d 100644 --- a/drivers/net/wireless/realtek/rtw88/main.c +++ b/drivers/net/wireless/realtek/rtw88/main.c @@ -2146,7 +2146,7 @@ void rtw_core_deinit(struct rtw_dev *rtwdev) destroy_workqueue(rtwdev->tx_wq); spin_lock_irqsave(&rtwdev->tx_report.q_lock, flags); - skb_queue_purge(&rtwdev->tx_report.queue); + ieee80211_purge_tx_queue(rtwdev->hw, &rtwdev->tx_report.queue); skb_queue_purge(&rtwdev->coex.queue); spin_unlock_irqrestore(&rtwdev->tx_report.q_lock, flags); diff --git a/drivers/net/wireless/realtek/rtw88/tx.c b/drivers/net/wireless/realtek/rtw88/tx.c index ab39245e9c2f..05e6911a4044 100644 --- a/drivers/net/wireless/realtek/rtw88/tx.c +++ b/drivers/net/wireless/realtek/rtw88/tx.c @@ -169,7 +169,7 @@ void rtw_tx_report_purge_timer(struct timer_list *t) rtw_warn(rtwdev, "failed to get tx report from firmware\n"); spin_lock_irqsave(&tx_report->q_lock, flags); - skb_queue_purge(&tx_report->queue); + ieee80211_purge_tx_queue(rtwdev->hw, &tx_report->queue); spin_unlock_irqrestore(&tx_report->q_lock, flags); } -- 2.39.5

6 months, 3 weeks

2
2
0 0

[PATCH 6.14 000/241] 6.14.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.4 release. There are 241 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.4-rc1 P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Alexander Tsoy <alexander(a)tsoy.me> Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/vma: add give_up_on_oom option on modify/merge, use in uffd release WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Temporarily disable hostvm on DCN31 Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Rename "data" variable Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Extend support to more laptops Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1 Lukas Fischer <kernel(a)o1oo11oo.de> scripts: generate_rust_analyzer: Add ffi crate Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGWTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGRTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HFGITR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HDFGWTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Add register fields for HDFGRTR2_EL2 Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't post tag CQEs on file/buffer registration failure Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Fix value in <VBLKSTR> register ZhenGuo Yin <zhenguo.yin(a)amd.com> drm/amdgpu: fix warning of drm_mm_clean Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dml2: use vzalloc rather than kzalloc Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Check for HAS_DSC_3ENGINES while configuring DSC slices Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/display: Add macro for checking 3 DSC engines Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Set LRC addresses before guc load Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix notifier vs folio deadlock Matthew Auld <matthew.auld(a)intel.com> drm/xe/dma_buf: stop relying on placement in unmap Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml2_init()/dml21_init() Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() Christian König <christian.koenig(a)amd.com> drm/amdgpu: immediately use GTT for new allocations Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Reject HBR3 when sink doesn't support TPS4 Vivek Kasireddy <vivek.kasireddy(a)intel.com> drm/i915/xe2hpd: Identify the memory type for SKUs with GDDR + ECC Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Matt Roper <matthew.d.roper(a)intel.com> drm/xe/bmg: Add one additional PCI ID Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Fix an out-of-bounds shift when invalidating TLB Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix scanline_offset for LNL+ and BMG+ Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Brendan King <Brendan.King(a)imgtec.com> drm/imagination: take paired job reference Brendan King <Brendan.King(a)imgtec.com> drm/imagination: fix firmware memory leaks Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes11: optimize MES pipe FW version fetching Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml21_copy() Huacai Chen <chenhuacai(a)kernel.org> drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/virtio: Don't attach GEM to a non-created context in gem_object_open() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use local fence in error path of xe_migrate_clear Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes12: optimize MES pipe FW version fetching Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/smu11: Prevent division by zero Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> drm/amd/pm: Add zero RPM enabled OD setting support for SMU14.0.2 Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Increase vblank offdelay for PSR panels Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Actually do immediate vblank disable Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Handle being compiled without SI or CIK support better Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: prevent hang on link training fail Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Prefer shadow rom when available Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Haoxiang Li <haoxiang_li2024(a)163.com> drm/msm/dsi: Add check for devm_kstrdup() Jocelyn Falempe <jfalempe(a)redhat.com> drm/ast: Fix ast_dp connection status Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Mario Limonciello <mario.limonciello(a)amd.com> platform/x86: amd: pmf: Fix STT limits Yazen Ghannam <yazen.ghannam(a)amd.com> RAS/AMD/FMPM: Get masked address Yazen Ghannam <yazen.ghannam(a)amd.com> RAS/AMD/ATL: Include row[13] bit in row retirement Sharath Srinivasan <sharath.srinivasan(a)oracle.com> RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure consistent phy reference counts Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move UFS shareability value to drvdata Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Block zero-length ATA VPD inquiry Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Avoid shared GHCB page for early memory acceptance Sandipan Das <sandipan.das(a)amd.com> x86/cpu/amd: Fix workaround for erratum 1054 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Chunjie Zhu <chunjie.zhu(a)cloud.com> smb3 client: fix open hardlink on deferred close file error Suren Baghdasaryan <surenb(a)google.com> slab: ensure slab->obj_exts is clear in a newly allocated slab page Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: fix TCP timers deadlock after rmmod" Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix the warning from __kernel_write_iter Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb_break_all_levII_oplock() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in __smb2_lease_break_noti() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix dangling pointer in krb_authenticate Miklos Szeredi <mszeredi(a)redhat.com> ovl: don't allow datadir only Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: fix filemap_get_folios_contig returning batches of identical folios Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/compaction: fix bug in hugetlb handling pathway Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Sheng Yong <shengyong1(a)xiaomi.com> lib/iov_iter: fix to increase non slab folio refcount Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Explicitly synchronize limits_changed flag handling Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Sidong Yang <sidong.yang(a)furiosa.ai> btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN Kees Cook <kees(a)kernel.org> Bluetooth: vhci: Avoid needless snprintf() calls Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Process valid commands in too long frame Rob Clark <robdclark(a)chromium.org> drm/msm/a6xx+: Don't let IB_SIZE overflow Menglong Dong <menglong8.dong(a)gmail.com> ftrace: fix incorrect hash size in register_ftrace_direct() Christoph Hellwig <hch(a)lst.de> fs: move the bdex_statx call to vfs_getattr_nosec Joe Damato <jdamato(a)fastly.com> eventpoll: Set epoll timeout if it's in the future Jens Axboe <axboe(a)kernel.dk> eventpoll: abstract out ep_try_send_events() helper Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: atr: Fix wrong include Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Dan Carpenter <dan.carpenter(a)linaro.org> dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/dpu: drop rogue intr_tear_rd_ptr values Chenyuan Yang <chenyuan0y(a)gmail.com> drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check Maíra Canal <mcanal(a)igalia.com> drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later Martin K. Petersen <martin.petersen(a)oracle.com> block: integrity: Do not call set_page_dirty_lock() Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable T.J. Mercier <tjmercier(a)google.com> alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Fix the NPU's DPU frequency calculation Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Herve Codina <herve.codina(a)bootlin.com> ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: use `pound` to support GNU Make < 4.3 Sami Tolvanen <samitolvanen(a)google.com> rust: kbuild: Don't export __pfx symbols Miguel Ojeda <ojeda(a)kernel.org> rust: disable `clippy::needless_continue` Miguel Ojeda <ojeda(a)kernel.org> rust: kasan/kbuild: fix missing flags on first build FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: helpers: Remove volatile qualifier from io helpers Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: intel: int340x: Fix Panther Lake DLVR support Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: SH: Respect kunit cmdline Samuel Holland <samuel.holland(a)sifive.com> riscv: module: Allocate PLT entries for R_RISCV_PLT32 Samuel Holland <samuel.holland(a)sifive.com> riscv: module: Fix out-of-bounds relocation access Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Will Pierce <wgpierce17(a)gmail.com> riscv: Use kvmalloc_array on relocation_hashtable Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: reapply mdc divider on reset Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add phase offset configuration for perout signal Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add pwidth configuration for perout signal Florian Westphal <fw(a)strlen.de> netfilter: conntrack: fix erronous removal of offload bit Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: fix start time alignment in ptp_ocp_signal_set Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: free routing table on probe failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: clean up FDB, MDB, VLAN entries on unbind Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Abdun Nihaal <abdun.nihaal(a)gmail.com> net: txgbe: fix memory leak in txgbe_probe() error path Jonas Gorski <jonas.gorski(a)gmail.com> net: bridge: switchdev: do not notify new brentries as changed Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-neigh: prefix struct nfmsg members with ndm Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: adjust mctp attribute naming Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rtnetlink: attribute naming corrections Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: add an attr layer around alt-ifname Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: make sure we validate subtype of array-nest Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: individually free previous values on double set Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sata: Save all fields from sense data descriptor Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: clear CC and CSTS when disabling the controller Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: always fully initialize completion entries Christoph Hellwig <hch(a)lst.de> loop: stop using vfs_iter_{read,write} for buffered I/O Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix missing ring index trim on error path Michael Walle <mwalle(a)kernel.org> net: ethernet: ti: am65-cpsw: fix port_np reference counting Chenyuan Yang <chenyuan0y(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors Abdun Nihaal <abdun.nihaal(a)gmail.com> net: ngbe: fix memory leak in ngbe_probe() error path Weizhao Ouyang <o451686892(a)gmail.com> can: rockchip_canfd: fix broken quirks checks Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Jakub Kicinski <kuba(a)kernel.org> netlink: specs: ovs_vport: align with C codegen capabilities Zheng Qixing <zhengqixing(a)huawei.com> block: fix resource leak in blk_register_queue() error path Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix not restore rx pause mac addr after reset issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix wrong mtu log issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix incorrect multicast filtering issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix incorrect pause frame statistics issue Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Damodharam Ammepalli <damodharam.ammepalli(a)broadcom.com> ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() Abdun Nihaal <abdun.nihaal(a)gmail.com> pds_core: fix memory leak in pdsc_debugfs_add_qcq() Baolin Wang <baolin.wang(a)linux.alibaba.com> selftests: mincore: fix tmpfs mincore test failure Matthew Wilcox (Oracle) <willy(a)infradead.org> test suite: use %zu to print size_t Kuniyuki Iwashima <kuniyu(a)amazon.com> smc: Fix lockdep false-positive for IPPROTO_SMC. Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry Namhyung Kim <namhyung(a)kernel.org> perf tools: Remove evsel__handle_error_quirks() Christopher S M Hall <christopher.s.hall(a)intel.com> igc: add lock preventing multiple simultaneous PTM transactions Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: increase wait time before retrying PTM Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: set state to no-FW before reset handshake David Thompson <davthompson(a)nvidia.com> mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() Juergen Gross <jgross(a)suse.com> xen: fix multicall debug feature Xin Long <lucien.xin(a)gmail.com> ipv6: add exception routes to GC list in rt6_insert_exception Leon Romanovsky <leon(a)kernel.org> RDMA/bnxt_re: Remove unusable nq variable Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Bluetooth: qca: fix NV variant for one of WCN3950 SoCs Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: test_bin_error: Fix uninitialized data used as fw version Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Reset clamp override on jack removal Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ASUS platform headset Mic issue Richard Fitzgerald <rf(a)opensource.cirrus.com> ALSA: hda/cirrus_scodec_test: Don't select dependencies Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix budget handling of notification queue Giuseppe Scrivano <gscrivan(a)redhat.com> ovl: remove unused forward declaration Akhil R <akhilrajeev(a)nvidia.com> crypto: tegra - Fix IV usage for AES ECB Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Brady Norander <bradynorander(a)gmail.com> ASoC: dwc: always enable/disable i2s irqs Zheng Qixing <zhengqixing(a)huawei.com> md/md-bitmap: fix stats collection for external bitmaps Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Martin Wilck <mwilck(a)suse.com> scsi: smartpqi: Use is_kdump_kernel() to check for kdump Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: brcmfmac: fix memory leak in brcmf_get_module_param Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected ------------- Diffstat: Documentation/arch/arm64/booting.rst | 22 +++ .../bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2 +- Documentation/netlink/specs/ovs_vport.yaml | 4 +- Documentation/netlink/specs/rt_link.yaml | 20 ++- Documentation/netlink/specs/rt_neigh.yaml | 14 +- Documentation/wmi/devices/msi-wmi-platform.rst | 4 + Makefile | 5 +- arch/arm64/include/asm/el2_setup.h | 25 ++++ arch/arm64/tools/sysreg | 103 ++++++++++++++ arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/kernel/cevt-ds1287.c | 1 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/module-sections.c | 13 +- arch/riscv/kernel/module.c | 11 +- arch/riscv/kernel/setup.c | 36 ++++- arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 67 +++------ arch/x86/boot/compressed/sev.h | 2 + arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 ++------------- arch/x86/kernel/cpu/amd.c | 19 ++- arch/x86/kernel/cpu/microcode/amd.c | 9 +- arch/x86/xen/multicalls.c | 26 ++-- arch/x86/xen/smp_pv.c | 1 - arch/x86/xen/xen-ops.h | 3 - block/bdev.c | 3 +- block/bio-integrity.c | 17 +-- block/blk-sysfs.c | 2 + drivers/accel/ivpu/ivpu_drv.c | 4 +- drivers/accel/ivpu/ivpu_fw.c | 3 +- drivers/accel/ivpu/ivpu_hw.h | 11 +- drivers/accel/ivpu/ivpu_hw_btrs.c | 126 ++++++++--------- drivers/accel/ivpu/ivpu_hw_btrs.h | 6 +- drivers/ata/libata-sata.c | 15 +++ drivers/block/loop.c | 121 +++-------------- drivers/bluetooth/btqca.c | 2 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_vhci.c | 10 +- drivers/cpufreq/cpufreq.c | 40 +++++- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/tegra/tegra-se-aes.c | 5 +- drivers/dma-buf/sw_sync.c | 19 ++- .../firmware/cirrus/test/cs_dsp_mock_mem_maps.c | 30 ----- drivers/firmware/cirrus/test/cs_dsp_test_bin.c | 2 +- .../firmware/cirrus/test/cs_dsp_test_bin_error.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 62 ++++++++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6 +- .../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 28 +++- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 15 ++- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 55 +++++++- drivers/gpu/drm/ast/ast_dp.c | 6 + drivers/gpu/drm/i915/display/intel_bw.c | 14 +- drivers/gpu/drm/i915/display/intel_display.c | 4 +- .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 58 ++++++-- drivers/gpu/drm/i915/display/intel_vblank.c | 4 +- drivers/gpu/drm/i915/gvt/opregion.c | 7 +- drivers/gpu/drm/i915/i915_drv.h | 1 + drivers/gpu/drm/i915/soc/intel_dram.c | 4 + drivers/gpu/drm/imagination/pvr_fw.c | 27 +++- drivers/gpu/drm/imagination/pvr_job.c | 7 + drivers/gpu/drm/imagination/pvr_queue.c | 4 + drivers/gpu/drm/mgag200/mgag200_mode.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 +++++------ drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 - .../drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 - .../drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 3 - .../drm/msm/disp/dpu1/catalog/dpu_1_7_msm8996.h | 4 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_3_2_sdm660.h | 3 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_3_3_sdm630.h | 2 - drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 + drivers/gpu/drm/msm/dsi/dsi_host.c | 9 +- .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 + drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/gpu/drm/v3d/v3d_sched.c | 16 ++- drivers/gpu/drm/virtio/virtgpu_gem.c | 11 +- drivers/gpu/drm/virtio/virtgpu_plane.c | 20 ++- drivers/gpu/drm/xe/xe_device_types.h | 1 + drivers/gpu/drm/xe/xe_dma_buf.c | 5 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12 +- drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++++++----- drivers/gpu/drm/xe/xe_hmm.c | 24 ---- drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i2c/i2c-atr.c | 2 +- drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 10 -- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/md/md-bitmap.c | 5 +- drivers/md/raid10.c | 1 + drivers/net/can/rockchip/rockchip_canfd-core.c | 7 +- drivers/net/dsa/b53/b53_common.c | 10 ++ drivers/net/dsa/mv88e6xxx/chip.c | 13 +- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 3 + drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 7 + drivers/net/ethernet/hisilicon/hibmcge/hbg_main.c | 6 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_reg.h | 3 + drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 6 +- drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++++++++------ drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 2 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 ++++--- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 + drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15 ++- drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++++++------- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3 +- drivers/net/wireless/ath/ath12k/dp_mon.c | 4 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/common.c | 4 +- .../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 +- drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/pci-epf.c | 74 ++++++---- drivers/pci/pci.c | 4 - drivers/platform/mellanox/mlxbf-bootctl.c | 4 +- drivers/platform/x86/amd/pmf/auto-mode.c | 4 +- drivers/platform/x86/amd/pmf/cnqf.c | 8 +- drivers/platform/x86/amd/pmf/core.c | 14 ++ drivers/platform/x86/amd/pmf/pmf.h | 1 + drivers/platform/x86/amd/pmf/sps.c | 12 +- drivers/platform/x86/amd/pmf/tee-if.c | 6 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/platform/x86/dell/alienware-wmi.c | 56 +++++++- drivers/platform/x86/msi-wmi-platform.c | 99 +++++++++----- drivers/ptp/ptp_ocp.c | 1 + drivers/ras/amd/atl/internal.h | 3 + drivers/ras/amd/atl/umc.c | 19 ++- drivers/ras/amd/fmpm.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +- drivers/scsi/megaraid/megaraid_sas_base.c | 9 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/smartpqi/smartpqi_init.c | 13 +- .../intel/int340x_thermal/processor_thermal_rfim.c | 33 ++--- drivers/ufs/host/ufs-exynos.c | 41 ++++-- drivers/ufs/host/ufs-exynos.h | 5 +- fs/Kconfig | 1 + fs/btrfs/ioctl.c | 2 + fs/btrfs/super.c | 3 +- fs/eventpoll.c | 38 ++++-- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 7 - fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/overlayfs/overlayfs.h | 2 - fs/overlayfs/super.c | 5 + fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 34 ++--- fs/smb/client/file.c | 28 ++++ fs/smb/server/connection.c | 4 +- fs/smb/server/oplock.c | 29 ++-- fs/smb/server/oplock.h | 1 - fs/smb/server/smb2pdu.c | 4 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/transport_tcp.c | 14 +- fs/smb/server/transport_tcp.h | 1 + fs/smb/server/vfs.c | 3 +- fs/stat.c | 32 +++-- include/drm/intel/pciids.h | 1 + include/linux/backing-dev.h | 1 + include/linux/blkdev.h | 6 +- include/linux/firmware/cirrus/cs_dsp_test_utils.h | 1 - include/linux/nfs.h | 7 - include/uapi/drm/ivpu_accel.h | 4 +- io_uring/rsrc.c | 17 ++- kernel/sched/cpufreq_schedutil.c | 46 ++++++- kernel/trace/ftrace.c | 7 +- kernel/trace/trace_events_filter.c | 4 +- lib/alloc_tag.c | 15 ++- lib/iov_iter.c | 2 +- lib/string.c | 13 +- mm/compaction.c | 6 +- mm/filemap.c | 1 + mm/gup.c | 4 +- mm/memory.c | 4 +- mm/slub.c | 10 ++ mm/userfaultfd.c | 13 +- mm/vma.c | 38 +++++- mm/vma.h | 9 +- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 21 ++- net/bridge/br_vlan.c | 4 +- net/dsa/dsa.c | 59 ++++++-- net/dsa/tag_8021q.c | 2 +- net/ethtool/cmis_cdb.c | 2 +- net/ipv6/route.c | 1 + net/mac80211/iface.c | 3 + net/mctp/af_mctp.c | 3 + net/netfilter/nf_flow_table_core.c | 10 +- net/openvswitch/flow_netlink.c | 3 +- net/smc/af_smc.c | 5 + rust/Makefile | 2 +- rust/helpers/io.c | 34 ++--- scripts/Makefile.compiler | 4 +- scripts/generate_rust_analyzer.py | 12 +- sound/pci/hda/Kconfig | 4 +- sound/pci/hda/patch_realtek.c | 23 ++-- sound/soc/codecs/cs42l43-jack.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++++++------ sound/soc/dwc/dwc-i2s.c | 13 +- sound/soc/fsl/fsl_qmc_audio.c | 3 + sound/soc/intel/avs/pcm.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 1 + sound/soc/qcom/lpass.h | 3 +- tools/net/ynl/pyynl/ynl_gen_c.py | 69 +++++++--- tools/objtool/check.c | 1 + tools/perf/util/evsel.c | 22 --- tools/testing/kunit/qemu_configs/sh.py | 4 +- tools/testing/selftests/mincore/mincore_selftest.c | 16 +-- .../selftests/mm/charge_reserved_hugetlb.sh | 4 +- .../selftests/mm/hugetlb_reparenting_test.sh | 2 +- tools/testing/shared/linux.c | 4 +- 250 files changed, 2269 insertions(+), 1331 deletions(-)

6 months, 3 weeks

19
261
0 0

[PATCH v4 1/2] staging: iio: frequency: ad9832: Use SLEEP bit instead of RESET to disable output

by Gabriel Shahrouzi

According to the AD9832 datasheet (Table 10, D12 description), setting the RESET bit forces the phase accumulator to zero, which corresponds to a full-scale DC output, rather than disabling the output signal. The correct way to disable the output and enter a low-power state is to set the AD9832_SLEEP bit (Table 10, D13 description), which powers down the internal DAC current sources and disables internal clocks. Fixes: ea707584bac1 ("Staging: IIO: DDS: AD9832 / AD9835 driver") Cc: stable(a)vger.kernel.org Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com> --- v3 -> v4: - Rebase changes ontop of most recent changes. v2 -> v3: v1 -> v2: --- drivers/staging/iio/frequency/ad9832.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/frequency/ad9832.c b/drivers/staging/iio/frequency/ad9832.c index 49388da5a684a..2e555084ff98a 100644 --- a/drivers/staging/iio/frequency/ad9832.c +++ b/drivers/staging/iio/frequency/ad9832.c @@ -236,7 +236,7 @@ static ssize_t ad9832_write(struct device *dev, struct device_attribute *attr, if (val) st->ctrl_src &= ~(AD9832_RESET | AD9832_SLEEP | AD9832_CLR); else - st->ctrl_src |= FIELD_PREP(AD9832_RESET, 1); + st->ctrl_src |= FIELD_PREP(AD9832_SLEEP, 1); st->data = cpu_to_be16(FIELD_PREP(AD9832_CMD_MSK, AD9832_CMD_SLEEPRESCLR) | st->ctrl_src); -- 2.43.0

6 months, 3 weeks

2
1
0 0

[PATCH 6.6 000/393] 6.6.88-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.88 release. There are 393 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.88-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.88-rc1 Karolina Stolarek <karolina.stolarek(a)intel.com> drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled Haisu Wang <haisuwang(a)tencent.com> btrfs: fix the length of reserved qgroup to free WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: avoid using deprecated ERR_get_error_line() Jan Stancek <jstancek(a)redhat.com> sign-file,extract-cert: move common SSL helper functions to a header Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: add pre_deinit to be called after probe complete Boris Burkov <boris(a)bur.io> btrfs: fix qgroup reserve leaks in cow_file_range GONG Ruiqi <gongruiqi1(a)huawei.com> usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Eliminate superfluous get_numa_distances_cnt() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Chunguang.xu <chunguang.xu(a)shopee.com> nvme-rdma: unquiesce admin_q before destroy it Maksim Davydov <davydov-max(a)yandex-team.ru> x86/split_lock: Fix the delayed detection logic Vishal Annapurve <vannapurve(a)google.com> x86/tdx: Fix arch_safe_halt() execution for TDX VMs Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix memblock_reserve() usage on PVH Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: move xen_reserve_extra_memory() Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 Piotr Jaroszynski <pjaroszynski(a)nvidia.com> Fix mmu notifiers for range-based invalidates Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: add mptcp_lib_wait_local_port_listen Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting freebind & transparent Yu Kuai <yukuai3(a)huawei.com> md: fix mddev uaf while iterating all_mddevs list Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix accept multishot handling Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/smu11: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Handle being compiled without SI or CIK support better Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Sharath Srinivasan <sharath.srinivasan(a)oracle.com> RDMA/cma: Fix workqueue crash in cma_netevent_work_handler Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure consistent phy reference counts Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: megaraid_sas: Block zero-length ATA VPD inquiry Ard Biesheuvel <ardb(a)kernel.org> x86/boot/sev: Avoid shared GHCB page for early memory acceptance Sandipan Das <sandipan.das(a)amd.com> x86/cpu/amd: Fix workaround for erratum 1054 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Chunjie Zhu <chunjie.zhu(a)cloud.com> smb3 client: fix open hardlink on deferred close file error Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: fix TCP timers deadlock after rmmod" Kuniyuki Iwashima <kuniyu(a)amazon.com> Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix the warning from __kernel_write_iter Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in smb_break_all_levII_oplock() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix dangling pointer in krb_authenticate Miklos Szeredi <mszeredi(a)redhat.com> ovl: don't allow datadir only Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: fix filemap_get_folios_contig returning batches of identical folios Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid using inconsistent policy->min and policy->max Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Kees Cook <kees(a)kernel.org> Bluetooth: vhci: Avoid needless snprintf() calls Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Process valid commands in too long frame Menglong Dong <menglong8.dong(a)gmail.com> ftrace: fix incorrect hash size in register_ftrace_direct() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: atr: Fix wrong include Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: SH: Respect kunit cmdline Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Fix possible NULL pointer dereference for perout request Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add phase offset configuration for perout signal Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Add pwidth configuration for perout signal Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: fix start time alignment in ptp_ocp_signal_set Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: free routing table on probe failure Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: clean up FDB, MDB, VLAN entries on unbind Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Jonas Gorski <jonas.gorski(a)gmail.com> net: bridge: switchdev: do not notify new brentries as changed Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: adjust mctp attribute naming Jakub Kicinski <kuba(a)kernel.org> netlink: specs: rt-link: add an attr layer around alt-ifname Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: individually free previous values on double set Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: store recursive nests by a pointer Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: re-sort ignoring recursive nests Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: record information about recursive nests Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: track attribute use Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Niklas Cassel <cassel(a)kernel.org> ata: libata-sata: Save all fields from sense data descriptor Michael Walle <mwalle(a)kernel.org> net: ethernet: ti: am65-cpsw: fix port_np reference counting Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np Abdun Nihaal <abdun.nihaal(a)gmail.com> net: ngbe: fix memory leak in ngbe_probe() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Zheng Qixing <zhengqixing(a)huawei.com> block: fix resource leak in blk_register_queue() error path Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Abdun Nihaal <abdun.nihaal(a)gmail.com> pds_core: fix memory leak in pdsc_debugfs_add_qcq() Matthew Wilcox (Oracle) <willy(a)infradead.org> test suite: use %zu to print size_t Christopher S M Hall <christopher.s.hall(a)intel.com> igc: add lock preventing multiple simultaneous PTM transactions Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: increase wait time before retrying PTM Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Reset clamp override on jack removal Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Giuseppe Scrivano <gscrivan(a)redhat.com> ovl: remove unused forward declaration Henry Martin <bsdhenrymartin(a)gmail.com> ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() Brady Norander <bradynorander(a)gmail.com> ASoC: dwc: always enable/disable i2s irqs Zheng Qixing <zhengqixing(a)huawei.com> md/md-bitmap: fix stats collection for external bitmaps Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Arnd Bergmann <arnd(a)arndb.de> media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Yi Liu <yi.l.liu(a)intel.com> iommufd: Fail replace if device has not been attached Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Cong Liu <liucong2(a)kylinos.cn> selftests: mptcp: fix incorrect fd checks in main_loop Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: close fd_in before returning in main_loop Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_raw() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API of_irq_parse_one() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly zero-initialize on-stack CPUID unions Joshua Washington <joshwash(a)google.com> gve: handle overflow when reporting TX consumed descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix prefetch-vs-suspend race Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: fix prefetch-vs-suspend race Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gdsc: Set retain_ff before moving to HW CTRL Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gdsc: Release pm subdomains in reverse add order Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks Pali Rohár <pali(a)kernel.org> cifs: Ensure that all non-client-specific reparse points are processed by the server Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not add length to print format in synthetic events Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: fix balloon target initialization for PVH dom0 Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Marc Herbert <Marc.Herbert(a)linux.intel.com> mm/hugetlb: move hugetlb_sysctl_init() to the __init section Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix release hang over concurrent GUP Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly handle partial mremap() of VMA starting at 0 Ryan Roberts <ryan.roberts(a)arm.com> mm: fix lazy mmu docs and usage Jane Chu <jane.chu(a)oracle.com> mm: make page_mapped_in_vma() hugetlb walk aware David Hildenbrand <david(a)redhat.com> mm/rmap: reject hugetlb folios in folio_make_device_exclusive() Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix uninitialized rc in iommufd_access_rw() Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone finishing with missing devices Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: fix zone activation with missing devices Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Correct the update of max_pfn Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Kartik Rajput <kkartik(a)nvidia.com> mailbox: tegra-hsp: Define dimensioning masks in SoC data Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs Abel Vesa <abel.vesa(a)linaro.org> leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Steve French <stfrench(a)microsoft.com> smb311 client: fix missing tcon check when mounting with linux/posix extensions Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> tpm: do not start chip while suspended Jan Kara <jack(a)suse.cz> udf: Fix inode_getblk() return value Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: fix to avoid atomicity corruption of atomic file Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm: add q6apm_get_hw_pointer helper Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: reject zero sized provided buffers Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: imx219: Rectify runtime PM handling in probe and remove Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: platform: stm32: Add check for clk_enable() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: visl: Fix ERANGE error when setting enum controls Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Fix timeout handling when waiting for TPM status Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Will Deacon <will(a)kernel.org> KVM: arm64: Tear down vGIC on failed vCPU creation Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Arnd Bergmann <arnd(a)arndb.de> media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization Alain Volmat <alain.volmat(a)foss.st.com> dt-bindings: media: st,stmipid02: correct lane-polarities maxItems Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Jonathan McDowell <noodles(a)meta.com> tpm, tpm_tis: Workaround failed command reception on Infineon devices Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probe-events: Add comments about entry data storing code Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Christian König <christian.koenig(a)amd.com> drm/amdgpu: grab an additional reference on the gang fence v2 Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: debugfs hang_hws skip GPU with MES Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix mode1 reset crash issue David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirk for AYA NEO Slide Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Brendan Tam <Brendan.Tam(a)amd.com> drm/amd/display: add workaround flag to link to force FFE preset Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Bluetooth: qca: simplify WCN399x NVM loading Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Philipp Hahn <phahn-oss(a)avm.de> cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Chao Yu <chao(a)kernel.org> Revert "f2fs: rebuild nat_bits during umount" Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Manish Dharanenthiran <quic_mdharane(a)quicinc.com> wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi Birger Koblitz <mail(a)birger-koblitz.de> net: sfp: add quirk for 2.5G OEM BX SFP Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Max Schulze <max.schulze(a)online.de> net: usb: asix_devices: add FiberGecko DeviceID Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix RSOC parameter data header size Chao Yu <chao(a)kernel.org> f2fs: don't retry IO for corrupted data scenario P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Syed Saba kareem <syed.sabakareem(a)amd.com> ASoC: amd: yc: update quirk data for new Lenovo model keenplify <keenplify(a)gmail.com> ASoC: amd: Add DMI quirk for ACP6X mic support Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Actions UVC05 Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERIODIC_SINE_ONLY quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: Add hid-universal-pidff driver and supported device ids Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add FIX_WHEEL_DIRECTION quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add PERMISSIVE_CONTROL quirk Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_PBO quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Add MISSING_DELAY quirk and its detection Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Zhang Heng <zhangheng(a)kylinos.cn> ASoC: SOF: topology: Use krealloc_array() to replace krealloc() Ingo Molnar <mingo(a)kernel.org> zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Xin Li (Intel) <xin(a)zytor.com> x86/ia32: Leave NULL selector values 0~3 unchanged Matthew Wilcox (Oracle) <willy(a)infradead.org> x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Mateusz Guzik <mjguzik(a)gmail.com> fs: consistently deref the files table with rcu_dereference_raw() Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Ido Schimmel <idosch(a)nvidia.com> ipv6: Align behavior across nexthops during path selection Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/huc: Fix fence not released on early probe errors Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Chenyuan Yang <chenyuan0y(a)gmail.com> net: libwx: handle page_pool_dev_alloc_pages error Maxime Ripard <mripard(a)kernel.org> drm/tests: probe-helper: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: modes: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: cmdline: Fix drm_display_mode memory leak Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Create kunit helper to destroy a drm_display_mode Yu-Chun Lin <eleanor15x(a)gmail.com> drm/tests: helpers: Fix compiler warning Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() Maxime Ripard <mripard(a)kernel.org> drm/tests: Add helper to create mock crtc Maxime Ripard <mripard(a)kernel.org> drm/tests: Add helper to create mock plane Maxime Ripard <mripard(a)kernel.org> drm/tests: helpers: Add atomic helpers Maxime Ripard <mripard(a)kernel.org> drm/tests: modeset: Fix drm_display_mode memory leak Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Toke Høiland-Jørgensen <toke(a)redhat.com> tc: Ensure we have enough buffer space when sending filter netlink notifications Pedro Tammela <pctammela(a)mojatatu.com> net/sched: cls_api: conditional notification of events Victor Nogueira <victor(a)mojatatu.com> rtnl: add helper to check if a notification is needed Jamal Hadi Salim <jhs(a)mojatatu.com> rtnl: add helper to check if rtnl group has listeners Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: qos: fix VF root node parent queue index Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Badal Nilawar <badal.nilawar(a)intel.com> drm/i915: Disable RPG during live selftest Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915/dg2: wait for HuC load completion before running selftests Harish Chegondi <harish.chegondi(a)intel.com> drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ Jani Nikula <jani.nikula(a)intel.com> drm/i915/mocs: use to_gt() instead of direct &i915->gt Edward Liaw <edliaw(a)google.com> selftests/futex: futex_waitv wouldblock test should fail ------------- Diffstat: .../bindings/arm/qcom,coresight-tpda.yaml | 3 +- .../bindings/arm/qcom,coresight-tpdm.yaml | 3 +- .../bindings/media/i2c/st,st-mipid02.yaml | 2 +- Documentation/netlink/specs/rt_link.yaml | 14 +- MAINTAINERS | 1 + Makefile | 7 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/spectre.h | 1 - arch/arm64/include/asm/tlbflush.h | 22 ++- arch/arm64/kernel/proton-pack.c | 208 +++++++++++--------- arch/arm64/kvm/arm.c | 6 +- arch/arm64/mm/mmu.c | 3 +- arch/loongarch/kernel/acpi.c | 12 -- arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/kernel/cevt-ds1287.c | 1 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/setup.c | 36 +++- arch/sparc/include/asm/pgtable_64.h | 2 - arch/sparc/mm/tlb.c | 5 +- arch/x86/Kconfig | 1 + arch/x86/boot/compressed/mem.c | 5 +- arch/x86/boot/compressed/sev.c | 67 ++----- arch/x86/boot/compressed/sev.h | 2 + arch/x86/coco/tdx/tdx.c | 26 ++- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 +---------- arch/x86/include/asm/irqflags.h | 40 ++-- arch/x86/include/asm/paravirt.h | 20 +- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/xen/hypervisor.h | 5 - arch/x86/kernel/cpu/amd.c | 21 +- arch/x86/kernel/cpu/intel.c | 20 +- arch/x86/kernel/cpu/microcode/amd.c | 9 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/signal_32.c | 62 ++++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/x86.c | 4 + arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/platform/pvh/enlighten.c | 3 - arch/x86/xen/enlighten.c | 10 + arch/x86/xen/enlighten_pvh.c | 93 +++++---- arch/x86/xen/setup.c | 3 - block/blk-sysfs.c | 2 + certs/Makefile | 2 +- certs/extract-cert.c | 138 ++++++------- drivers/acpi/platform_profile.c | 20 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/libata-sata.c | 15 ++ drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 13 +- drivers/base/devres.c | 7 + drivers/block/loop.c | 7 +- drivers/bluetooth/btqca.c | 13 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bluetooth/hci_vhci.c | 10 +- drivers/bus/mhi/host/main.c | 16 +- drivers/char/tpm/tpm-chip.c | 5 + drivers/char/tpm/tpm-interface.c | 7 - drivers/char/tpm/tpm_tis_core.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/clk/qcom/clk-branch.c | 4 +- drivers/clk/qcom/gdsc.c | 61 +++--- drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/cpufreq.c | 40 +++- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/gpio/gpio-tegra186.c | 25 +-- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- drivers/gpu/drm/amd/display/dc/dc.h | 2 + .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 +-- drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 +- .../display/dc/link/protocols/link_dp_training.c | 2 + drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 + .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++++- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 3 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 4 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +- drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +- drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 + drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 + drivers/gpu/drm/i915/gvt/opregion.c | 7 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/selftests/i915_selftest.c | 54 +++++- drivers/gpu/drm/mediatek/mtk_dpi.c | 23 ++- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 ++++---- drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 + drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 213 +++++++++++++++++++++ drivers/gpu/drm/tests/drm_modes_test.c | 22 +++ drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +- drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/Kconfig | 14 ++ drivers/hid/Makefile | 1 + drivers/hid/hid-ids.h | 31 +++ drivers/hid/hid-universal-pidff.c | 197 +++++++++++++++++++ drivers/hid/usbhid/hid-pidff.c | 173 ++++++++++++----- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i2c/i2c-atr.c | 2 +- drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/iommufd/device.c | 18 +- drivers/iommu/mtk_iommu.c | 26 +-- drivers/leds/rgb/leds-qcom-lpg.c | 8 +- drivers/mailbox/tegra-hsp.c | 72 +++++-- drivers/md/dm-ebs-target.c | 7 + drivers/md/dm-integrity.c | 3 + drivers/md/dm-verity-target.c | 8 + drivers/md/md-bitmap.c | 5 +- drivers/md/md.c | 22 ++- drivers/md/raid10.c | 1 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/imx219.c | 13 +- drivers/media/i2c/ov7251.c | 4 +- .../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +- .../vcodec/decoder/vdec/vdec_vp9_req_lat_if.c | 3 +- .../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++++++--- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +- drivers/media/rc/streamzap.c | 68 ++++--- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/test-drivers/visl/visl-core.c | 12 ++ drivers/media/usb/uvc/uvc_driver.c | 9 + drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/pci_endpoint_test.c | 6 +- drivers/mmc/host/dw_mmc.c | 94 ++++++++- drivers/mmc/host/dw_mmc.h | 27 +++ drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 + drivers/net/dsa/mv88e6xxx/chip.c | 30 ++- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +- drivers/net/ethernet/intel/igc/igc.h | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 6 +- drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 113 +++++++---- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 19 +- drivers/net/ethernet/ti/am65-cpsw-nuss.h | 2 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++----- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +- drivers/net/phy/sfp.c | 2 + drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/usb/asix_devices.c | 17 ++ drivers/net/usb/cdc_ether.c | 7 + drivers/net/usb/r8152.c | 6 + drivers/net/usb/r8153_ecm.c | 6 + drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +++- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/realtek/rtw89/core.c | 2 + drivers/net/wireless/realtek/rtw89/core.h | 6 + drivers/net/wireless/realtek/rtw89/pci.c | 10 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/host/rdma.c | 8 +- drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 78 ++++---- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/vmd.c | 12 +- drivers/pci/pci.c | 4 - drivers/pci/probe.c | 5 +- drivers/perf/arm_pmu.c | 8 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 ++ drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/ptp/ptp_ocp.c | 1 + drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +-- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +- drivers/scsi/megaraid/megaraid_sas_base.c | 9 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/soc/samsung/exynos-chipid.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/target/target_core_spc.c | 2 +- drivers/thermal/rockchip_thermal.c | 1 + drivers/ufs/host/ufs-exynos.c | 6 + drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/balloon.c | 34 +++- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/disk-io.c | 12 ++ fs/btrfs/inode.c | 6 +- fs/btrfs/super.c | 3 +- fs/btrfs/zoned.c | 6 + fs/ext4/inode.c | 68 +++++-- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 17 ++ fs/ext4/xattr.c | 11 +- fs/f2fs/checkpoint.c | 21 +- fs/f2fs/f2fs.h | 32 +++- fs/f2fs/inode.c | 8 +- fs/f2fs/node.c | 110 +++-------- fs/f2fs/super.c | 4 + fs/file.c | 26 ++- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 4 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 7 - fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/overlayfs/overlayfs.h | 2 - fs/overlayfs/super.c | 5 + fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 36 ++-- fs/smb/client/file.c | 28 +++ fs/smb/client/fs_context.c | 5 + fs/smb/client/inode.c | 10 + fs/smb/client/reparse.c | 4 - fs/smb/client/smb2misc.c | 9 +- fs/smb/server/oplock.c | 29 +-- fs/smb/server/oplock.h | 1 - fs/smb/server/smb2pdu.c | 4 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 3 +- fs/udf/inode.c | 1 + fs/userfaultfd.c | 51 +++-- include/drm/drm_kunit_helpers.h | 28 +++ include/linux/backing-dev.h | 1 + include/linux/hid.h | 9 + include/linux/nfs.h | 7 - include/linux/pgtable.h | 14 +- include/linux/rtnetlink.h | 22 +++ include/linux/tpm.h | 1 + include/net/sctp/structs.h | 3 +- include/net/xdp.h | 9 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/xen/interface/xen-mca.h | 2 +- io_uring/kbuf.c | 2 + io_uring/net.c | 2 + kernel/locking/lockdep.c | 3 + kernel/sched/cpufreq_schedutil.c | 18 +- kernel/trace/ftrace.c | 8 +- kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- kernel/trace/trace_events_synth.c | 1 - kernel/trace/trace_probe.c | 28 +++ lib/sg_split.c | 2 - lib/string.c | 13 +- lib/zstd/common/portability_macros.h | 2 +- mm/filemap.c | 1 + mm/gup.c | 4 +- mm/hugetlb.c | 2 +- mm/memory-failure.c | 11 +- mm/memory.c | 4 +- mm/mremap.c | 10 +- mm/page_vma_mapped.c | 13 +- mm/rmap.c | 2 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +-- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 21 +- net/bridge/br_vlan.c | 4 +- net/core/filter.c | 80 ++++---- net/core/page_pool.c | 8 +- net/dsa/dsa.c | 59 +++++- net/dsa/tag_8021q.c | 2 +- net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 8 +- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mctp/af_mctp.c | 3 + net/mptcp/sockopt.c | 28 +++ net/mptcp/subflow.c | 19 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/cls_api.c | 74 +++++-- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_sfq.c | 66 +++++-- net/sctp/socket.c | 22 ++- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tls/tls_main.c | 6 + scripts/sign-file.c | 132 ++++++------- scripts/ssl-common.h | 32 ++++ security/landlock/errata.h | 87 +++++++++ security/landlock/setup.c | 30 +++ security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 ++- sound/pci/hda/hda_intel.c | 44 ++++- sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/cs42l43-jack.c | 3 + sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++----- sound/soc/dwc/dwc-i2s.c | 13 +- sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/intel/avs/pcm.c | 3 +- sound/soc/qcom/lpass.h | 3 +- sound/soc/qcom/qdsp6/q6apm-dai.c | 9 +- sound/soc/qcom/qdsp6/q6apm.c | 18 +- sound/soc/qcom/qdsp6/q6apm.h | 3 + sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/soc/sof/topology.c | 4 +- sound/usb/midi.c | 80 +++++++- tools/net/ynl/ynl-gen-c.py | 165 ++++++++++++---- tools/objtool/check.c | 5 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + tools/testing/kunit/qemu_configs/sh.py | 4 +- tools/testing/radix-tree/linux.c | 4 +- .../futex/functional/futex_wait_wouldblock.c | 2 +- tools/testing/selftests/landlock/base_test.c | 46 ++++- .../selftests/mm/charge_reserved_hugetlb.sh | 4 +- .../selftests/mm/hugetlb_reparenting_test.sh | 2 +- tools/testing/selftests/net/mptcp/diag.sh | 23 +-- tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 19 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 20 +- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 18 ++ tools/testing/selftests/net/mptcp/simult_flows.sh | 19 +- 376 files changed, 4360 insertions(+), 1914 deletions(-)

6 months, 3 weeks

9
400
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror